what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 389 RSS Feed

Files Date: 2017-05-01 to 2017-05-31

TiEmu 2.08 Buffer Overflow
Posted May 30, 2017
Authored by Juan Sacco

TiEmu versions 2.08 and below suffer from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | d7f63f6b109c64688cd679a3e23d920c4c59ac4ddeda65c96a0c42ccd281e329
Red Hat Security Advisory 2017-1382-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
SHA-256 | 4bfed0c75e7c025ce32520f5663dbc0de3d0ef88afa1aaa16196eab5dab9b4aa
Red Hat Security Advisory 2017-1381-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
SHA-256 | 72f511ffde80862ec8f67125ada6591bad83b2aaac109f5da2a4c4ccf814eed9
Ubuntu Security Notice USN-3304-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3304-1 - It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-1000367
SHA-256 | bde0e222f88f678398a9f46fc30b62d5feca8f52856f50ad72c463b9643345fb
Debian Security Advisory 3867-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.

tags | advisory, root
systems | linux, debian
advisories | CVE-2017-1000367
SHA-256 | 923fef1347ec646736c7f71cf0bec169c3fbd5045ba1dcad1c306f7f9bab4e59
Gentoo Linux Security Advisory 201705-15
Posted May 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000367
SHA-256 | 50553170e4ac24d9b95a7682d1a6accf3564f42794383c1bb9d50b93ff735bfe
Ubuntu Security Notice USN-3212-2
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3212-2 - USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
SHA-256 | ce55b77df5a9ebdd947e8b8315854972bb32225267968fde15170ea18997b6fa
Ubuntu Security Notice USN-3302-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3302-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-7606, CVE-2017-7619, CVE-2017-7941, CVE-2017-7942, CVE-2017-7943, CVE-2017-8343, CVE-2017-8344, CVE-2017-8345, CVE-2017-8346, CVE-2017-8347, CVE-2017-8348, CVE-2017-8349, CVE-2017-8350, CVE-2017-8351, CVE-2017-8352, CVE-2017-8353, CVE-2017-8354, CVE-2017-8355, CVE-2017-8356, CVE-2017-8357, CVE-2017-8765, CVE-2017-8830, CVE-2017-9098, CVE-2017-9141, CVE-2017-9142, CVE-2017-9143, CVE-2017-9144
SHA-256 | f065aa2d93ab8f719748b85c35a2d0b93dd11a8a965c4b540ae4b52e5c7568e2
Ubuntu Security Notice USN-3303-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3303-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-2496, CVE-2017-2510, CVE-2017-2539
SHA-256 | 2ad1438bf3be9f522e788a30b869a2a2ead1606496105fe04e5bd735a609ecab
Ubuntu Security Notice USN-3301-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3301-1 - It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-9022, CVE-2017-9023
SHA-256 | e908fe38ec2c00f57c43d5e90f17c1e0d4f22da2366f1f1fb98fbd6a4d93b915
Debian Security Advisory 3866-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3866-1 - Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-9022, CVE-2017-9023
SHA-256 | 9660ac76f6d140f0800e4c3f26cbe2a343f66c6f59b7291d794f1f9a15a19ac1
Red Hat Security Advisory 2017-1364-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1364-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7502
SHA-256 | 0bd9c0cb15c7d46b2c6a83f4bb82b1446e11e276f590b32967c7dddc33e3093f
Red Hat Security Advisory 2017-1365-03
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1365-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7502
SHA-256 | 94ede444f9d41f60514e1540d3ddedfff1ad01f42727f9ba0efa58ae36d94cbb
Debian Security Advisory 3865-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3865-1 - It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.

tags | advisory
systems | linux, debian
advisories | CVE-2017-7650
SHA-256 | b0ee54493db9d752898ab19cd019cec6efa0ed4e5efaa517975ebc1b9b259a3f
Red Hat Security Advisory 2017-1363-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1363-01 - In accordance with the Red Hat Directory Server Life Cycle policy, Red Hat Directory Server 9 will be retired as of June 10, 2017 and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
SHA-256 | 3ef53be8cde307c3ad719b1423ff8edc655d951510cab7236399349e7f801386
Ampache 3.8.2 Cross Site Scripting
Posted May 29, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Ampache version 3.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 840c447bd9f09e54a8a47c9e4812cbdacc54fed01861bcaa4abf20e47560f145
CERIO 11nbg 2.4Ghz High Power Wireless Router (pekcmd) Rootshell Backdoors
Posted May 29, 2017
Authored by LiquidWorm | Site zeroscience.mk

CERIO 11nbg 2.4Ghz high power wireless router (pekcmd) has multiple backdoor accounts that yield rootshells.

tags | exploit
SHA-256 | 2134455cc726f1991757dc7605c1ded2b3bb0b429b58b89ceaa328ddd71d91cc
RealPlayer 18.1.7.344 Memory Corruption
Posted May 29, 2017
Authored by Cody Sixteen

RealPlayer version 18.1.7.344 suffers from memory corruption vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 34735884e57bf041f2ef2d6a51aff4eac035924e94a271abafaa53b0e7f52ed3
Hacktivity 2017 Call For Papers
Posted May 29, 2017
Site hacktivity.com

The Hacktivity 2017 Call For Papers has been announced. It will be held from October 20th through the 21st, 2017 in Budapest, Hungary.

tags | paper, conference
SHA-256 | 07397fcebea555c248b18611220f81f63d91e071526bbeccebbe4a6b055edadf
Acunetix Web Vulnerability Scanner 11 Privilege Escalation
Posted May 29, 2017
Authored by Florian Bogner

Acunetix Web Vulnerability Scanner 11 suffers from multiple local privilege escalation vulnerabilities.

tags | advisory, web, local, vulnerability
SHA-256 | e74f87a5941a3a01b52ac4a134d5fc5786b156fcbaadebaa2320791bf4d68481
MailSecRep Email Analysis Tool For Outlook
Posted May 29, 2017
Authored by Mark Osborne

MailSecRep adds an Outlook button to analyze email for spoofing, hostile links, and malware attachments.

tags | tool, spoof
systems | unix
SHA-256 | ebf7adf8f19f92735060cb03fa16818cfec6fb47856cd6457d21837df76b598a
Joomla 3.x Proof Of Concept Shell Upload
Posted May 28, 2017
Authored by Cody Sixteen

This proof of concept code shows how administrator functionality can be abused in Joomla to upload a shell.

tags | exploit, shell, proof of concept, file upload
SHA-256 | 87a728b87ac587ae5b8e6ee3b500ceb0624fe986b8ed1bfd032bd116ff3c79a3
Microsoft Azure Recovery Services Agent DLL Hijacking
Posted May 28, 2017
Authored by Stefan Kanthak

MARSAgentInstaller.exe, the Microsoft Azure Recovery Services Agent, suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | c6cd0ae7d7fa40be499d1ccd81b8951142a42e44c1b2be56de288485c5f93f38
DokuWiki Proof Of Concept Shell Upload
Posted May 28, 2017
Authored by Cody Sixteen

This proof of concept code shows how administrative functionality can be abused in DokuWiki to upload a shell.

tags | exploit, shell, proof of concept
SHA-256 | 898865a317bcc77f576b4558759df3d84a4cbe466095de9d767b2e148a4909db
Concrete5 Proof Of Concept Shell Upload
Posted May 28, 2017
Authored by Cody Sixteen

This proof of concept code shows how functionality can be abused in Concrete5 to upload a shell.

tags | exploit, shell, proof of concept
SHA-256 | d3561f919f95a84828625cf5bd9e0f2bdfc5da586f3e00580cf1cd43a8d35f83
Page 1 of 16
Back12345Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close