ignore security and it'll go away
Showing 1 - 21 of 21 RSS Feed

Files Date: 2017-06-14

Camstudio 2.0 XSS / XSF / Content Forgery
Posted Jun 14, 2017
Authored by Project Insecurity, MLT | Site insecurity.zone

Camstudio version 2.0 suffers from cross site scripting and cross site flashing vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1b477ec34b0d82b7df190a79b624f9d1
Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure
Posted Jun 14, 2017
Authored by Project Insecurity, CDL, dkb | Site insecurity.zone

Invision Power Board version 4.1.19.2 suffers from reflective and stored cross site scripting, cross site request forgery, information disclosure, file upload, and shell access vulnerabilities.

tags | exploit, shell, vulnerability, xss, info disclosure, file upload, csrf
MD5 | a22518e9d6c3e73504202b0d32770349
Alio Applicant Portal 6.0 SQL Injection
Posted Jun 14, 2017
Authored by Project Insecurity, MLT | Site insecurity.zone

Alio Applicant Portal versions 6.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6d41e241a31095342486a5e551b4e449
Red Hat Security Advisory 2017-1440-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1440-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
MD5 | befdb805bd593715330fc3e5375b6d48
Debian Security Advisory 3880-1
Posted Jun 14, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3880-1 - It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2017-9526
MD5 | 8171c625f6e81ca504335f56b54b7a5b
Red Hat Security Advisory 2017-1464-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1464-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. Security Fix: An access-control flaw was found in the OpenStack Orchestration service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9185, CVE-2017-2621
MD5 | 0f68ac4f97fc7a417677d0acd3a0e2fa
Red Hat Security Advisory 2017-1456-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1456-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The following packages have been upgraded to a later upstream version: openstack-heat. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9185
MD5 | 043396c706c44c5c716f0a52f4eb4e0e
Red Hat Security Advisory 2017-1445-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1445-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.

tags | advisory, remote, web, python
systems | linux, redhat
advisories | CVE-2017-7233
MD5 | ee95043b161c3d469e8d1b4030074244
Red Hat Security Advisory 2017-1451-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1451-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.

tags | advisory, remote, web, python
systems | linux, redhat
advisories | CVE-2017-7233
MD5 | 083717fb873b4d38320f35caea07b0d9
Red Hat Security Advisory 2017-1470-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1470-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.

tags | advisory, remote, web, python
systems | linux, redhat
advisories | CVE-2017-7233
MD5 | 13eab2a901b56deb4f3684f96f6e7688
Red Hat Security Advisory 2017-1461-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1461-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-2673
MD5 | f4240e230cbc2af9c76af3a4943210a8
Red Hat Security Advisory 2017-1462-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1462-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.

tags | advisory, remote, web, python
systems | linux, redhat
advisories | CVE-2017-7233
MD5 | b7a08f658a09e533cde777fc0046c8d5
Red Hat Security Advisory 2017-1450-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1450-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. Security Fix: An information-leak vulnerability was found in the OpenStack Orchestration service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2016-9185
MD5 | 361128ff305053f3916f9bf4aa7fa625
Red Hat Security Advisory 2017-1441-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1441-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
MD5 | 85b80cc53097853f88e198a67f050a5b
WordPress Jobs 1.4 SQL Injection
Posted Jun 14, 2017
Authored by Dimitrios Tsagkarakis

WordPress Jobs plugin version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-9603
MD5 | faef10178334d5adfc13d10633e57a30
HP PageWide / OfficeJet Pro Printers Arbitrary Code Execution
Posted Jun 14, 2017
Authored by Jacob Baines

HP PageWide and OfficeJet Pro printers suffer from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2017-2741
MD5 | a8e3c5652705c68dd39f5cc06033ff1e
Google Chrome V8 Private Property Arbitrary Code Execution
Posted Jun 14, 2017
Authored by Qihoo360

Google Chrome V8 private property arbitrary code execution exploit.

tags | exploit, arbitrary, code execution
advisories | CVE-2016-9651
MD5 | 1e4aedd6967c580b0f8730f077203977
Nmap Port Scanner 7.50
Posted Jun 14, 2017
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Integrated all of the service/version detection fingerprints submitted from September to March (855 of them). The signature count went up 2.9% to 11,418. It now detects 1193 protocols from apachemq, bro, and clickhouse to jmon, slmp, and zookeeper. Added 14 NSE scripts from 12 authors, bringing the total up to 566! Various other updates.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
MD5 | 800a67cfe2b0fbbd159793467debd71a
libsndfile 1.0.28 aiff_read_chanmap() Information Disclosure
Posted Jun 14, 2017
Authored by Laurent Delosieres | Site secuniaresearch.flexerasoftware.com

A vulnerability in libsndfile 1.0.28, caused due to an error in the"aiff_read_chanmap()" function (src/aiff.c), can be exploited tocause an out-of-bounds read memory access via a specially crafted AIFFfile.

tags | advisory, info disclosure
advisories | CVE-2017-6892
MD5 | 7669a3bafb3caccacdea3abab9f24b61
Ubuntu Security Notice USN-3318-1
Posted Jun 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3318-1 - Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-7507, CVE-2017-7869
MD5 | 87efa0a053381130d3aeac91dabdc57c
Red Hat Security Advisory 2017-1439-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1439-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.126. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084
MD5 | fcd6536fa2fb2e55fe43ebc6b353fee4
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close