what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-05-23

Red Hat Security Advisory 2017-1267-01
Posted May 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1267-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, remote, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
SHA-256 | be1bec16ec036a0c7830fe3c4598296e0dca514477d0acaa83c8975bede107bd
InvoicePlane 1.4.10 File Upload / Cross Site Scripting
Posted May 23, 2017
Authored by Jasveer Singh | Site sec-consult.com

InvoicePlane version 1.4.10 suffers from cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
SHA-256 | f9f183d34c1ada4b03e2201ee13c0c22983f6fc241dde0d1f28ffdf8da86a993
Simple ASC CMS 1.2 Cross Site Scripting
Posted May 23, 2017
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Simple ASC CMS version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ca4ddb7798dee2ffb269324504f52117e33584bdf4bd32a0c994b17007d0b4ae
Microsoft Windows LoadUvsTable() / LoadFont() Overflows
Posted May 23, 2017
Authored by Hossein Lotfi | Site secunia.com

Secunia Research has discovered multiple vulnerabilities in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. An error within the "LoadUvsTable()" function can be exploited to cause a heap-based buffer overflow via a font file containing specially crafted Unicode Variation Sequences tables. An integer overflow error within the "LoadFont()" function can be exploited to cause a heap-based buffer overflow via a font file containing specially crafted Unicode Variation Sequences tables. Successful exploitation of the vulnerabilities allows execution of arbitrary code.

tags | advisory, overflow, arbitrary, vulnerability
systems | windows
advisories | CVE-2017-0014
SHA-256 | 6171c4189358444433b6d183844713287c38ff36227d913c707846f7d310476c
KDE 4/5 KAuth Privilege Escalation
Posted May 23, 2017
Authored by stealth

KDE versions 4 and 5 suffer from a KAuth privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-8422, CVE-2017-8849
SHA-256 | c554a74a267c52aca3ad742178547b8d2a015c7f0cd8cbcdba5e0a178a1d4c91
HTTrack 3.x Stack Buffer Overflow
Posted May 23, 2017
Authored by Vulnerability Laboratory, Hosein Askari | Site vulnerability-lab.com

HTTrack version 3.x suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 2bcbb8ef516f46d2cef284aeb94ca91a4f7f07005d73d65830c62b8a987b454a
WordPress Newsletter Supsystic 1.1.7 Cross Site Scripting
Posted May 23, 2017
Authored by Vulnerability Laboratory, King Coder | Site vulnerability-lab.com

WordPress Newsletter Supsystic plugin version 1.1.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6ecae5adcbf95d5c69fe28fba37fe9ca3a5692158857b6244cf28b09cc5acde3
Microsoft Azure Cloud Audit Using Powershell
Posted May 23, 2017
Authored by Parag Kamra

This brief whitepaper discusses using Powershell to audit Microsoft Azure Cloud.

tags | paper
SHA-256 | 21b90899799a56e231053bc320dd4854fc4aaa08824b17602b35091584b50445
VX Search Enterprise GET Buffer Overflow
Posted May 23, 2017
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of VX Search Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, web, overflow, x86
systems | windows
SHA-256 | 5199a2e5cc5662ac54e66b7146c5c6b94ee41102ab904bac8eb917c52c3801dc
Sure Thing Disc Labeler 6.2.138.0 Buffer Overflow
Posted May 23, 2017
Authored by Chance Johnson

Sure Thing Disc Labeler version 6.2.138.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 8a2edb1c1c0c32c18f1e6f48be84549d2c5b62d50ede9d6deb02b44bd03e7f8d
Linux eBPF Verify Log Leak
Posted May 23, 2017
Authored by Jann Horn, Google Security Research

On Linux, the eBPF verifier log leaks the lower half of a map pointer.

tags | advisory
systems | linux
SHA-256 | ef14e5eae522759ea9bf260c2ff05b930f1f5f5dadc31821f6ec15b48675f085
MacOS Raw Frame Pointers In Stackshot
Posted May 23, 2017
Authored by Jann Horn, Google Security Research

This is an issue on MacOS that allows un-entitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug.

tags | exploit, kernel, root
advisories | CVE-2017-2516
SHA-256 | 63b9107547c0985f1def098507f1151fbb6c1ccacb4c0d361b420aa17ff32d51
LG OGMParser::VerifyVorbisHeader Uninitialized Pointer
Posted May 23, 2017
Authored by Google Security Research, Mark Brand

LG has an issue where a malformed OGM file can cause the use of an uninitialized pointer during Vorbis header verification - vorbis_info_clear is called on a vorbis_info structure that has not previously been initialised by a call to vorbis_info_init.

tags | exploit
SHA-256 | afdfbc4dd8683cc760fb99fd28315f8ac51c68ca61a0fb1a2f850952b9060614
MacOS 32-Bit Syscall Exit Kernel Register Leak
Posted May 23, 2017
Authored by Jann Horn, Google Security Research

MacOS suffers from a kernel register leak via 32-bit syscall exit.

tags | exploit, kernel
advisories | CVE-2017-2509
SHA-256 | 51f21ee396efaec54ab768abeb7493566d5a0076bced42dd49e3ff6f228e0a09
Broadcom wldev_ioctl Information Leak
Posted May 23, 2017
Authored by Google Security Research, laginimaineb

Broadcom suffers from a host to dongle information leak via wldev_ioctl.

tags | advisory
advisories | CVE-2017-0633
SHA-256 | 041b12daf028a74772de5874f4f3807b189eefcc5651de1a44fae1f291723a91
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close