Twenty Year Anniversary
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-09-25

FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera.

tags | exploit
systems | linux
MD5 | e592ff3872f75caea44a65c9cf351b4d
FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR suffers from an unauthenticated and unauthorized live stream disclosure.

tags | exploit
MD5 | e03a021e70dd4edfd74eb548605eefff
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIP Systems thermal cameras have an issues where Input passed through several parameters is not properly verified before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files from local resources.

tags | exploit, arbitrary, local
MD5 | 4332adce3a8ca1290398c21e9a461f0e
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.

tags | exploit, remote, arbitrary, root, php, vulnerability
MD5 | 5ddf109d3a422df75105565034f680b0
Gentoo Linux Security Advisory 201709-25
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-25 - Multiple vulnerabilities have been found in Chromium, the worst of which could result in the execution of arbitrary code. Versions less than 61.0.3163.100 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5121, CVE-2017-5122
MD5 | f80f94ad5d876eb0d68553260041a12e
Gentoo Linux Security Advisory 201709-24
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-24 - Multiple vulnerabilities have been found in RAR and UnRAR, the worst of which may allow attackers to execute arbitrary code. Versions less than 5.5.0_p20170811 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6706, CVE-2017-12940, CVE-2017-12941, CVE-2017-12942
MD5 | 744dcd51a8f0144278e893e8f3a2a61b
Ubuntu Security Notice USN-3429-1
Posted Sep 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3429-1 - Wang Junjie discovered that Libplist incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a crash or denial or service.

tags | advisory
systems | linux, ubuntu
MD5 | 3f7875fd0d82b91926603a8e065335f1
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.

tags | exploit, arbitrary, shell, root
MD5 | 636a089048b47449c889902485301766
Packet Fence 7.3.0
Posted Sep 25, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added a RADIUS only mode to PacketFence. Added the possibility to import switches from a CSV file. Added a cluster wide view of pfqueue statistics. Added the possibility of importing switches from a CSV file.
tags | tool, remote
systems | unix
MD5 | 324b19e3dcf03c3e29e6d0068093a250
Supervisor XML-RPC Authenticated Remote Code Execution
Posted Sep 25, 2017
Authored by Calum Hutton | Site metasploit.com

This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.

tags | exploit, web, arbitrary, shell, root
advisories | CVE-2017-11610
MD5 | 72e2b4eea477f27f5a652ee4327d9755
Gentoo Linux Security Advisory 201709-23
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-23 - Multiple vulnerabilities have been found in Tcpdump, the worst of which may allow execution of arbitrary code. Versions less than 4.9.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-11544, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995
MD5 | ff8a03c4dc3fd32708e44ae07f1a71a2
Red Hat Security Advisory 2017-2792-01
Posted Sep 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2792-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 61.0.3163.100. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5121, CVE-2017-5122
MD5 | af9a395b5c81640f5171a1af26e95dbf
Gentoo Linux Security Advisory 201709-22
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-22 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, and IcedTea, the worst of which may allow execution of arbitrary code. Versions less than 1.8.0.141 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135
MD5 | 702931abb96a5de04ac95434ba1896f0
Gentoo Linux Security Advisory 201709-21
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-21 - Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary code. Versions less than 5.6.31:5.6 are affected.

tags | advisory, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2017-11362, CVE-2017-11628, CVE-2017-12932
MD5 | e37ef91858dce51d5410cc67c898748f
Gentoo Linux Security Advisory 201709-20
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-20 - A vulnerability in Postfix may allow local users to gain root privileges. Versions less than 3.1.6 are affected.

tags | advisory, local, root
systems | linux, gentoo
MD5 | 52755bd8a08016b2a85cec49eaaf5015
Gentoo Linux Security Advisory 201709-19
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-19 - A vulnerability in Exim may allow local users to gain root privileges. Versions less than 4.89-r1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000369
MD5 | c4cda9020eacdc18314d460e10c57921
Gentoo Linux Security Advisory 201709-18
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-18 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 4.3 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-1000115, CVE-2017-1000116, CVE-2017-9462
MD5 | 6d02a0446582a8ec15b99209a9eab5ec
Gentoo Linux Security Advisory 201709-17
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-17 - A command injection vulnerability in CVS may allow remote attackers to execute arbitrary code. Versions less than 1.12.12-r12 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-12836
MD5 | 171398e6faeace9a376cb8e0553dd671
BlueBorne BlueTooth Buffer Overflow Proof Of Concept
Posted Sep 25, 2017
Authored by Marcin Kozlowski

BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.

tags | exploit, denial of service, overflow, kernel, proof of concept
systems | linux
advisories | CVE-2017-1000251
MD5 | 8fe062e0b377bb75c70ddb9e02781792
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close