accept no compromises
Showing 1 - 25 of 28 RSS Feed

Files Date: 2017-07-25

Ubuntu Security Notice USN-3365-1
Posted Jul 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3365-1 - It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2009-5147, CVE-2015-1855, CVE-2015-7551, CVE-2015-9096, CVE-2016-2337, CVE-2016-2339, CVE-2016-7798
MD5 | a6af5cc73212f069a7f0d48255978f2f
Red Hat Security Advisory 2017-1802-01
Posted Jul 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1802-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-5647, CVE-2017-5648, CVE-2017-5664
MD5 | 444f476818676f8d12410602ad0650ba
Red Hat Security Advisory 2017-1801-01
Posted Jul 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1801-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-5647, CVE-2017-5648, CVE-2017-5664
MD5 | 9ece8055e3774e6fdff9012183929f89
WordPress FormCraft Form Builder 3.2.31 Cross Site Scripting
Posted Jul 25, 2017
Authored by 8bitsec

WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2836e5dad51c51e3bb783c98e382066b
WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting
Posted Jul 25, 2017
Authored by 8bitsec

WordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | e78c775ae995bd10eec13327774bc13c
Slackware Security Advisory - tcpdump Updates
Posted Jul 25, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-11108
MD5 | f6a2dc6698f2576bcc7f6252bb1f58fb
Ubiquiti Networks Open Redirect
Posted Jul 25, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.

tags | exploit
MD5 | d8a96607ecdf34caf2ce76f9750a5348
Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting
Posted Jul 25, 2017
Authored by Rene Freingruber, T. Weber | Site sec-consult.com

Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9ea2bb02f107be6df0906b4c0a16edf9
Kernel Live Patch Security Notice LSN-0026-1
Posted Jul 25, 2017
Authored by Benjamin M. Romer

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux
advisories | CVE-2016-4558, CVE-2017-1000365, CVE-2017-7374, CVE-2017-7482, CVE-2017-9150
MD5 | cf9eb0b35f581391cfa449654007aaad
WebKit JSC ArgumentsEliminationPhase::transform Incorrect LoadVarargs Handling
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.

tags | exploit
advisories | CVE-2017-7056
MD5 | 3329e3b7383b6891153dfafff93bf8be
WebKit WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-7049
MD5 | 04b54b4fde19de5e3ff97538dc8015b4
WebKit WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.

tags | exploit
advisories | CVE-2017-7048
MD5 | 84e9da66fe8fee86e5c1ebabf24d65cc
WebKit WebCore::RenderObject Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.

tags | exploit
advisories | CVE-2017-7046
MD5 | a4dea82325ce2ff7147bae6f3044af5b
WebKit WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.

tags | exploit
advisories | CVE-2017-7043
MD5 | d5accb37ff0433ed20451be2bf8d0d2a
WebKit WebCore::InputType::element Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.

tags | exploit
advisories | CVE-2017-7042
MD5 | 84bb52539cff54ae0d806d9a294724dc
WebKit WebCore::Node::getFlag Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.

tags | exploit
advisories | CVE-2017-7041
MD5 | f406ef3e1b6958dc221da9cb7f623349
WebKit WebCore::getCachedWrapper Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.

tags | exploit
advisories | CVE-2017-7040
MD5 | 3a6a7d8569e29c1fb12610c995fbb00f
WebKit WebCore::Node::nextSibling Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.

tags | exploit
advisories | CVE-2017-7039
MD5 | c8f489da13b7b258afa1030ba904ea43
WebKit JSC JSObject::putInlineSlow / JSValue::putToPrimitive XSS
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-7037
MD5 | da248021643aa56bbe3143261555b3ce
WebKit JSC ObjectPatternNode::appendEntry Use-After-Free
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from an ObjectPatternNode::appendEntry stack use-after-free.

tags | advisory
MD5 | 312ee9e952cc9b3ae2170307e103b4cc
MEDHOST Connex Hard-Coded Credentials
Posted Jul 25, 2017
Authored by Allen Franks

MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.

tags | exploit
advisories | CVE-2017-11614
MD5 | 4060ece78c50b2cf07b1ff050beb19bd
WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.

tags | exploit
advisories | CVE-2017-7064
MD5 | fdfb04b663dc8d80c76b553252701587
WebKit JSC Incorrect Scope Register Handling
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).

tags | exploit
advisories | CVE-2017-7018
MD5 | 8ee249918143ed15fd4a0095efcb75b7
WebKit JSC arrayProtoFuncSplice Uninitiailzed Memory Reference
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.

tags | exploit
MD5 | 61302137db1706d8e9bb703e1fa8e6bb
REDDOXX Appliance Remote Command Execution
Posted Jul 25, 2017
Site redteam-pentesting.de

RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.

tags | exploit, remote, arbitrary, root
MD5 | f9322f1de37bb8d2ca55321984365985
Page 1 of 2
Back12Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    17 Files
  • 19
    Aug 19th
    15 Files
  • 20
    Aug 20th
    11 Files
  • 21
    Aug 21st
    15 Files
  • 22
    Aug 22nd
    15 Files
  • 23
    Aug 23rd
    13 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close