Exploit the possiblities
Showing 1 - 25 of 50 RSS Feed

Files Date: 2017-06-21

Debian Security Advisory 3890-1
Posted Jun 21, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.

tags | advisory, remote, web, code execution
systems | linux, debian
advisories | CVE-2017-9736
MD5 | 82f7dc777ed288bd4614a107d13dbf01
Ubuntu Security Notice USN-3338-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3338-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4997, CVE-2017-1000364
MD5 | ff11a345e1bef3a88baf80b2a7e8c7b3
Ubuntu Security Notice USN-3335-2
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3335-2 - USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

tags | advisory, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000364
MD5 | 703176c01991d36308a0995357ad662b
Ubuntu Security Notice USN-3336-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3336-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-7502
MD5 | 7617cdd35e7baf76e62633c0fac373e3
Ubuntu Security Notice USN-3337-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | ea08dfb16ff10f314da98e02ad262c8a
Red Hat Security Advisory 2017-1558-01
Posted Jun 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1558-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. Security Fix: A cross-site scripting flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2017-7514
MD5 | 9c7079aa374cda833c93af1a1362e3a5
Red Hat Security Advisory 2017-1567-01
Posted Jun 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-1000364, CVE-2017-1000366, CVE-2017-7502
MD5 | db61fe9d6bab1e49dcbb4100de883474
Red Hat Security Advisory 2017-1561-01
Posted Jun 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1561-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
MD5 | 9ecf3cfebbd52e52ea331c397294a903
Sitecore 7.1 / 7.2 Cross Site Scripting
Posted Jun 21, 2017
Authored by Hamed Izadi

Sitecore versions 7.1 and 7.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cb795bf1e489fa1a617c17c78f025331
Microsoft Security Bulletin CVE Update For June, 2017
Posted Jun 21, 2017
Site microsoft.com

This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2017-0173, CVE-2017-0193, CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, CVE-2017-0219, CVE-2017-0282, CVE-2017-0283, CVE-2017-0284, CVE-2017-0285, CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-0291, CVE-2017-0292, CVE-2017-0294, CVE-2017-0295, CVE-2017-0296, CVE-2017-0297, CVE-2017-0298, CVE-2017-0299, CVE-2017-0300, CVE-2017-8460, CVE-2017-8462, CVE-2017-8464, CVE-2017-8465, CVE-2017-8466
MD5 | 2f521db00c77b8afce4ce5a83d2b9dcc
EMC Isilon OneFS Privilege Escalation
Posted Jun 21, 2017
Site emc.com

EMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 7.1.x, 7.2.0 through 7.2.1.4, 8.0.0 through 8.0.0.3, and 8.0.1.0.

tags | advisory
advisories | CVE-2017-4988
MD5 | dcec0366e7b2f13a458aa43dc5c62b1d
EMC Avamar File Upload / Authentication Bypass
Posted Jun 21, 2017
Site emc.com

EMC Avamar suffers from authentication bypass and remote file upload vulnerabilities.

tags | advisory, remote, vulnerability, file upload
advisories | CVE-2017-4989, CVE-2017-4990
MD5 | b4a0e80e752dee3e81b370f06160717e
WordPress Download Manager 2.9.46 / 2.9.51 Cross Site Scripting
Posted Jun 21, 2017
Authored by Tom Adams

WordPress Download Manager plugin versions 2.9.46 and 2.9.51 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cc34f3d12e5b6aa5bcb6bf198340ce34
WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal
Posted Jun 21, 2017
Authored by Tom Adams

WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | e233d580717e45da84a27f5bb6456e20
Unrar VMSF_DELTA Arbitrary Memory Write
Posted Jun 21, 2017
Authored by Thomas Dullien, Google Security Research

It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.

tags | exploit
MD5 | 6e7d3221140b207904849cfccb28ee2c
Bitdefender Malicious RAR Denial Of Service
Posted Jun 21, 2017
Authored by Thomas Dullien, Google Security Research

Bitdefender AV crashes when fed malicious RAR files from 2013.

tags | exploit
MD5 | 9b20a1bb1a5433bb84308fd032c8ec6c
Microsoft Windows Kernel nt!NtQueryInformationWorkerFactory Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0300
MD5 | b23542b84fc8d61d694be45f97c3e24f
Microsoft Windows Kernel ATMFD.DLL Malformed Index Out-Of-Bounds Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8483
MD5 | 7c585bfb15ecbd04c869fd0bab3f4c18
Microsoft Windows Kernel nt!NtQueryInformationResourceManager Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationResourceManager (information class 0).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8481
MD5 | 1c6c0db81091aedab0fc82d1ee665b44
Microsoft Windows Uniscribe USP10!otlReverseChainingLookup::apply Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlReverseChainingLookup::apply.

tags | exploit
systems | windows
advisories | CVE-2017-0288
MD5 | f54bb43b7e3d784d3293a2150ebbdd5e
Microsoft Windows Uniscribe USP10!otlValueRecord::adjustPos Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlValueRecord::adjustPos.

tags | exploit
systems | windows
advisories | CVE-2017-0289
MD5 | 2ff8367bd8ecac85002a6f0c6fb24843
Microsoft Windows Uniscribe USP10!otlSinglePosLookup::getCoverageTable Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlSinglePosLookup::getCoverageTable.

tags | exploit
systems | windows
advisories | CVE-2017-0287
MD5 | e6c4980f9c9f36d68caa9f166c1881e1
Microsoft Windows Uniscribe USP10!NextCharInLiga Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!NextCharInLiga.

tags | exploit
systems | windows
advisories | CVE-2017-0286
MD5 | dac31e7974d5da485568999ebe57b562
Microsoft Windows Uniscribe USP10!CreateIndexTable Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!CreateIndexTable.

tags | exploit
systems | windows
advisories | CVE-2017-0282
MD5 | 0825201091faf0fc3926a5c223a6080e
Microsoft Windows Uniscribe USP10!SubstituteNtoM Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!SubstituteNtoM.

tags | exploit
systems | windows
advisories | CVE-2017-0285
MD5 | 21501fb23f355d1b0e564c293e343a44
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close