This archive contains all of the 193 exploits added to Packet Storm in May, 2017.
26fc166294f508802d9d337041eea7e914e6da3ef5ab631fc1d0144d30fcb790Ubuntu Security Notice 3305-1 - It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.
5a4035534975370cde44d757670aec428e9fc47fd2fa11dc88db41feb6be6ac4Red Hat Security Advisory 2017-1367-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time, however if an attacker were able to man-in-the-middle an administrator while installing the new certificate the attacker could get a copy of the private key uploaded allowing for future attacks.
e3a4946886a23c02c2bddf4ad7aae93f8050a67aad92b2206614f0a720a56271Piwigo Facetag plugin version 0.0.3 suffers from a remote SQL injection vulnerability.
3f72fcb8ece0adc26b0ccbdbcfeb68fd34b23af7b91df6f5b9dc2fe3a3041a20Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
23ac653efca14dbb54a5bc40842a645086eb97d1c91aa81595b16d3498d4b544OV3 Online Administration version 3.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
f4e0ed42c7cdf22bd2a600ec5839995ad5649db85fc9209f988faf25d90d15e1OV3 Online Administration version 3.0 suffers from an authenticated remote code execution vulnerability.
9b12192c30c33bbae65bf04c6774a126a919f815212c82f293754d45342d964dOV3 Online Administration version 3.0 suffers from a traversal vulnerability that allows for arbitrary file access.
a392bf3b481a40ea58d1544ce2ba02f18757959c59d6184fa4e3fed5fdca7576WordPress Simple Slideshow Manager plugin versions 2.2 and below suffer from multiple cross site scripting vulnerabilities.
de8d084a354a9a22976a85a2b82537644cf6619fed4c57ece740d7a79e011e9dRed Hat Security Advisory 2017-1372-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely.
1048de110dd6490790a9aa7f54f6a7a37704f3ff959dd20b4aa404be8f5cd3e9This proof of concept code shows how manager functionality can be abused in ModX CMS to upload a shell.
716aad67ffbd1e03ee636500fb005acbd2d5d6ac6569cc879ee02aa5114964b1KEMP LoadMaster version 7.135.0.13245 suffers from persistent cross site scripting and remote code execution vulnerabilities.
40a63bf9cbf46ca01a18785c8a019b65341c0efbcd81542b5279e2a98b25ce9cIBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.
ac5d0ef0f10cad9d7b9a1524abc605c6815ee7dc5254833cf12c5cdbb411f95bTrend Micro Deep Security version 6.5 suffers from XML external entity injection, local privilege escalation, and remote code execution vulnerabilities.
7734e239114061512b4ac1ebb3b04a639de98f84e9b038a1c584b34f794fd8ceMicrosoft Windows MsMpEng suffers from a saved caller use-after-free vulnerability.
eb08a025f45ed24c82f64c6675c1bb35662e65430180b83f4bb679101ca6fdabTerraMaster F2-420 NAS TOS version 3.0.30 suffers from an unauthenticated remote root code execution vulnerability.
aec3efc9d8d66284f07bd071e69c63cdec654b577e52326543bbb519412ea907Microsoft Windows MsMpEng suffers from a remotely exploitable use-after-free vulnerability due to a design issue in the GC engine.
d279bd01ec69e2a865d0f1da9c97d28f84fd74c96f36a4000b1826c9ad115979uc-httpd suffers from local file inclusion and directory traversal vulnerabilities.
3a341738a708f989775254401f6a4b13470afc5a93121ecd88281080592e613aIntel SSD Toolbox version 3.4.3 suffers from a dll hijacking vulnerability.
bca118f21515d6e1ab924c929e6631ec6f06fdcdc4033d6b440b013abd6b8660
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed