seeing is believing
Showing 1 - 24 of 24 RSS Feed

Files Date: 2017-07-31

Red Hat Security Advisory 2017-1839-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1839-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-7525
MD5 | 5cc448b43527b3900ed58e12d5861af8
Ubuntu Security Notice USN-3372-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3372-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-7502
MD5 | ab98a35fa8ae3d8507d56b71d1998766
Red Hat Security Advisory 2017-1834-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1834-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
MD5 | 22a0255bff9a6fd139fe7c5138dd8769
Red Hat Security Advisory 2017-1837-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1837-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.7.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
MD5 | 0c9ff400d91d6d1099ed1adc9a4d2115
Red Hat Security Advisory 2017-1838-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1838-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
MD5 | 0f2190fe29afc319e7619f1b0cd2b8eb
Ubuntu Security Notice USN-3373-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3373-1 - Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components function for use by third-party modules. Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection during an HTTP request to an HTTPS port. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679
MD5 | a4c4025dab59dae6931ec8faed33573f
Red Hat Security Advisory 2017-1835-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1835-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
MD5 | 57b5b4fda7c2330aef55b7230594da48
Ubuntu Security Notice USN-3374-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3374-1 - It was discovered that RabbitMQ incorrectly handled MQTT authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-9877
MD5 | 6685b33f1d0776f697501b2adfe43a88
Red Hat Security Advisory 2017-1840-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1840-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-7525
MD5 | ce831e15241f2e98fe5b3da5f4934071
libvorbis 1.3.5 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis version 1.3.5 can cause a denial of service (OOM) via a crafted wav file.

tags | exploit, denial of service
MD5 | 212113c7f6509975fca5d9fea7968ad6
Ubuntu Security Notice USN-3363-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3363-2 - USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | c0e883034c5e99b28eac5ed3d0e564c4
Sound eXchange (SoX) 14.4.2 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The startread function in wav.c in Sound eXchange(SoX) version 14.4.2 can cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

tags | exploit, denial of service
MD5 | 6ed0ed8bbee75b1252a2732208da1726
Salutation Responsive 3.0.15 Cross Site Scripting
Posted Jul 31, 2017
Authored by Tom Adams

Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | e2ceef7f36fb6d9e5648cbbf9614ec8b
TiMidity++ 2.14.0 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The insert_note_steps function in readmidi.c in TiMidity++ version 2.14.0 can cause a denial of service (divide-by-zero error and application crash) via a crafted mid file.

tags | exploit, denial of service
MD5 | 500db2a1c2eee4c18e7f04b90b398227
Libid3tag 0.15.1b Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The id3_ucs4_length function in ucs4.c in libid3tag version 0.15.1b can cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.

tags | exploit, denial of service
MD5 | d06e07126481b72d011bb07af7ecc100
MEDHOST Connex Hardcoded Password
Posted Jul 31, 2017
Authored by Allen Franks

MEDHOST Connex contains a hard-coded Mirth Connect administrative credential that is used for customer Mirth Connect management access.

tags | exploit
advisories | CVE-2017-11743
MD5 | 98dca02b13c0587283b1bd51d5cf1b91
libmad 0.15.1b Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The mad_decoder_run function in decoder.c in libmad version 0.15.1b can cause a denial of service (memory corruption) via a crafted mp3 file.

tags | exploit, denial of service
MD5 | 04817e9727f94d55a835f8470e82a683
Ubuntu Security Notice USN-3366-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3366-2 - USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
MD5 | 2a9baab186741fe731fd0793a6248350
libao 1.2.0 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The _tokenize_matrix function in audio_out.c in Xiph.Org libao version 1.2.0 can cause a denial of service (memory corruption) via a crafted mp3 file.

tags | exploit, denial of service
MD5 | 2828295813e51c31feec5b8086c453ca
ALZip 8.51 Buffer Overflow
Posted Jul 31, 2017
Authored by James Lee

ALZip version 8.51 suffers from buffer overflow and file creation vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | 7de6ec4e6beda80eab0907df5c875f58
vorbis-tools oggenc 1.4.0 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The wav_open function in oggenc/audio.c in vorbis-tools version 1.4.0 can cause a denial of service (memory allocation error) via a crafted wav file.

tags | exploit, denial of service
MD5 | d661e7d82af8754117bb797bd025572a
Red Hat Security Advisory 2017-1833-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1833-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.3112.78. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000
MD5 | 6f581973a0b25c1f61ceac994c4f5e46
DivFix++ 0.34 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

DivFix++ version 0.34 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 2a559bbf8de56528bf74218ee5adf0fb
Red Hat Security Advisory 2017-1833-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1833-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.3112.78. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000
MD5 | 8d1af10363015e60e6ec7083f2de8964
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close