accept no compromises
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-08-15

Ubuntu Security Notice USN-3392-2
Posted Aug 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3392-2 - USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533
MD5 | 71a7bad1735ab6a1d89a1c1236820999
Ubuntu Security Notice USN-3392-1
Posted Aug 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3392-1 - USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533
MD5 | ffd40fa2f174465003ab0558d699709a
Red Hat Security Advisory 2017-2480-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2480-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2017-9800
MD5 | 40bd7b9ff573bead4b0100c8bcbfa06a
Ubuntu Security Notice USN-3391-1
Posted Aug 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3391-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss
systems | linux, ubuntu
advisories | CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809
MD5 | 0e0b3847ada97d3cf507fe8f79bd9f3d
Red Hat Security Advisory 2017-2481-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2481-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243
MD5 | c687d2e57b90ad1767c3c63959bf5c1b
Red Hat Security Advisory 2017-2479-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2479-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679, CVE-2017-9788
MD5 | b0bdff2e95aa3028c006d41b4c8a56fb
Red Hat Security Advisory 2017-2478-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2478-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9788
MD5 | 64bb6394a313f57a7d0746d83a504bfb
Ubuntu Security Notice USN-3390-1
Posted Aug 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3390-1 - Ben de Graaff, Jelte Fennema, and Jeroen van der Ham discovered that PostgreSQL allowed the use of empty passwords in some authentication methods, contrary to expected behaviour. A remote attacker could use an empty password to authenticate to servers that were believed to have password login disabled. Jeff Janes discovered that PostgreSQL incorrectly handled the pg_user_mappings catalog view. A remote attacker without server privileges could possibly use this issue to obtain certain passwords. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-7546, CVE-2017-7547, CVE-2017-7548
MD5 | 3f5fc15039ff765d46f9123ed5e387b9
Red Hat Security Advisory 2017-2477-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2477-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3254, CVE-2017-5637, CVE-2017-7525
MD5 | 37d93b84d3edb7ddc8db9bcf386e93c5
AdvanDate iCupid Dating Software 12.2 SQL Injection
Posted Aug 15, 2017
Authored by Ihsan Sencan

AdvanDate iCupid Dating software version 12.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | df23b824132b0a3759517fb05491eebc
ALLPlayer 7.4 Buffer Overflow
Posted Aug 15, 2017
Authored by f3ci

ALLPlayer version 7.4 SEH unicode buffer overflow exploit.

tags | exploit, overflow
MD5 | fbf83500713698292d3e74054cd48306
ClipBucket 2.8.3 SQL Injection / Arbitrary File Read / Write
Posted Aug 15, 2017
Authored by bRpsd

ClipBucket version2.8.3 suffers from remote SQL injection, arbitrary file read/write, and default credential vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file inclusion
MD5 | ad009dbfbe414a249ac5f206ca71f955
Red Hat Security Advisory 2017-2473-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2473-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-7533
MD5 | 300a51c3b0bb68bdb691e21e4b603d92
Red Hat Security Advisory 2017-2472-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2472-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-7895
MD5 | 85197e3a27dd0afd28517a1be5f61b2d
Debian Security Advisory 3943-1
Posted Aug 15, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3943-1 - Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made opt-in via the 'remote_commands' option.

tags | advisory
systems | linux, debian
advisories | CVE-2016-10376
MD5 | aeb716720eb86a45d8df119616aeac12
Internet Download Manager 6.28 Build 17 Buffer Overflow
Posted Aug 15, 2017
Authored by f3ci

Internet Download Manager version 6.28 Build 17 SEH unicode buffer overflow exploit.

tags | exploit, overflow
MD5 | ce6a18c45d20459434fccbf0c40dc426
Page 1 of 1
Back1Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    17 Files
  • 19
    Aug 19th
    15 Files
  • 20
    Aug 20th
    11 Files
  • 21
    Aug 21st
    15 Files
  • 22
    Aug 22nd
    15 Files
  • 23
    Aug 23rd
    13 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close