accept no compromises
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-08-16

Microsoft Edge Chakra JavascriptArray::ConcatArgs Type Confusion
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a type confusion vulnerability in JavascriptArray::ConcatArgs.

tags | advisory
advisories | CVE-2017-8634
MD5 | 3eadfb4f26ae49414d9bbcd6ff420ab0
Microsoft Edge Chakra Incorrect Jit Optimization
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.

tags | exploit
advisories | CVE-2017-8548
MD5 | afbcee955491660e874dbdcf65f457b4
Microsoft Edge Chakra EmitAssignment Register Issue
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra has an issue where EmitAssignment uses the "this" register without initializing.

tags | advisory
MD5 | 46341894e6a60a6a21b912305869341d
Microsoft Edge Chakra TryUndeleteProperty Incorrect Usage
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an incorrect usage of TryUndeleteProperty.

tags | exploit
advisories | CVE-2017-8635
MD5 | 1f197a1d5f569cc871c7c7d4aebd5330
Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule.

tags | exploit
advisories | CVE-2017-8646
MD5 | acec101c7b823cc6f8e22b1fe6ec1f01
Microsoft Edge Charka Failed Re-Parse
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

InterpreterStackFrame::ProcessLinkFailedAsmJsModule in Microsoft Edge Chakra incorrectly re-parses.

tags | exploit
advisories | CVE-2017-8645
MD5 | 65e0073a3d3deddfb8c73ca0f7f0cf9a
Microsoft Edge Source Fetch Out-Of-Bounds Access
Posted Aug 16, 2017
Authored by Google Security Research, natashenka

Microsoft Edge suffers from an out-of-bounds access vulnerability when fetching source.

tags | exploit
advisories | CVE-2017-8657
MD5 | 701b7d08c5c0bd9f550ef032f9389f29
Microsoft Edge Charka PreVisitCatch Missing Call
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra does not call SetIsCatch for all cases in PreVisitCatch.

tags | exploit
advisories | CVE-2017-8656
MD5 | 46515fd1c1a80220b621f07b9b99321a
Red Hat Security Advisory 2017-2485-01
Posted Aug 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2485-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2017-1000117
MD5 | 8d8b9d876aaa88ab4284d91859ca2057
Red Hat Security Advisory 2017-2484-01
Posted Aug 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2484-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2017-1000117
MD5 | 82f2312ea9e77d11cf4566e9b0280769
Red Hat Security Advisory 2017-2483-01
Posted Aug 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2483-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679, CVE-2017-9788
MD5 | 75c53505b017a3d368303db45bf551a0
Microsoft Chakra JIT Server Out-Of-Bounds Write
Posted Aug 16, 2017
Authored by Ivan Fratric, Google Security Research

The Microsoft Chakra JIT server suffers from an out-of-bounds write when processing a Js::OpCode::ProfiledLoopStart opcode.

tags | advisory
advisories | CVE-2017-8659
MD5 | c8362b5a1c7c3dbeb8acb12f5b8d33af
Microsoft Chakra JIT Server IRBuilder::Build Integer Overflow
Posted Aug 16, 2017
Authored by Ivan Fratric, Google Security Research

The Microsoft Chakra JIT server suffers from an integer overflow in IRBuilder::Build.

tags | advisory, overflow
advisories | CVE-2017-8637
MD5 | a4a8941cfa0b53cfa91df56147d65240
Microsoft Edge CInputDateTimeScrollerElement::_SelectValueInternal Out-Of-Bounds Read
Posted Aug 16, 2017
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198) and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.

tags | exploit
systems | windows
advisories | CVE-2017-8644
MD5 | ae106588351f60c9e1078c6cf7ad219e
Philex CMS 0.2 Directory Traversal
Posted Aug 16, 2017
Authored by Renzi

Philex CMS version 0.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 2506b9c0aa524dc31cfbd3aa844da9b1
Ubuntu Security Notice USN-3391-2
Posted Aug 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3391-2 - USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809
MD5 | 9b90adffa1b28b038cd23f9999e61ff6
FreeBSD 10.3 Jail SHM Issue
Posted Aug 16, 2017
Authored by WhiteWinterWolf

FreeBSD jail incompletely protects the access to the IPC primitives. The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC objects unprotected, making them reachable system-wide independently of the system configuration. Versions 7.0 through 10.3 are affected. Proof of concept included.

tags | exploit, proof of concept
systems | freebsd, bsd
MD5 | e7bb338f4932b0dcb05045dbf728194c
Microsoft Resnet DNS Configuration Issue
Posted Aug 16, 2017
Authored by SaifAllah benMassaoud | Site vulnerability-lab.com

Microsoft Resnet suffered from an insecure DNS configuration vulnerability.

tags | advisory
MD5 | 7b768fb106a4eb7f6c4c990a464256ce
Page 1 of 1
Back1Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    17 Files
  • 19
    Aug 19th
    15 Files
  • 20
    Aug 20th
    11 Files
  • 21
    Aug 21st
    15 Files
  • 22
    Aug 22nd
    15 Files
  • 23
    Aug 23rd
    13 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close