what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-10-03

Ubuntu Security Notice USN-3437-1
Posted Oct 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3437-1 - Radek Micek discovered that OCaml incorrectly handled sign extensions. A remote attacker could use this issue to cause applications using OCaml to crash, to possibly obtain sensitive information, or to possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8869
SHA-256 | 4fc5d9593a2242ea01f057e6a7a61b13baf8fe1bbacd8ed9d2123f3ac61c271d
ERS Data System 1.8.1 Java Deserialization
Posted Oct 3, 2017
Authored by West Shepherd

ERS Data System version 1.8.1 suffers from a java deserialization vulnerability.

tags | exploit, java
advisories | CVE-2017-14702
SHA-256 | db7664c356e0313b7516c67bc791c41b1366694c81bde1fae6aade830d6ee526
HPE Security Bulletin HPESBHF03776 1
Posted Oct 3, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03776 1 - A potential security vulnerability has been identified in HPE Intelligent Management Center (iMC) Service Operation Management (SOM). The vulnerability could be remotely exploited to allow arbitrary file download and disclosure of information. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2017-12555
SHA-256 | cb1d256f53870308120074e2aae29011ea977e0b63df4915d0391790433d52bb
Ubuntu Security Notice USN-3430-2
Posted Oct 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3430-2 - USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 12.04 ESM. A Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher A discovered that Dnsmasq incorrectly handled DNS requests. A remote A attacker could use this issue to cause Dnsmasq to crash, resulting in A a denial of service, or possibly execute arbitrary code.A A Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
SHA-256 | af47e78fbed8bea2d0e91ae18d941fe35ccaff045fd6e05faf0764d15c245741
HPE Security Bulletin HPESBMU03753 1
Posted Oct 3, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBMU03753 1 - Several potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Cross-site scripting, local and remote Denial of Service, local and remote execution of arbitrary code, local elevation of privilege and local unqualified configuration change. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability, xss
systems | linux, windows
advisories | CVE-2016-8743, CVE-2017-12544, CVE-2017-12545, CVE-2017-12546, CVE-2017-12547, CVE-2017-12548, CVE-2017-12549, CVE-2017-12550, CVE-2017-12551, CVE-2017-12552, CVE-2017-12553
SHA-256 | 8aebece5aa468ae51cd352fc00bf4f6f2e1373b2a2a9227a4a8e9385983057cb
e2openplugin OpenWebif 1.2.4 Code Execution
Posted Oct 3, 2017
Authored by John Torakis

e2openplugin OpenWebif versions 0.2.9 through 1.2.4 suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2017-9807
SHA-256 | 21753d40223ecda0da1e940eee1a7ab08434dd3c2965b4390c2c9e3ccecac767
WebKit JSC Incorrect Optimization
Posted Oct 3, 2017
Authored by Google Security Research, lokihardt

A proof of concept has been released that bypasses the fix for the original finding regarding an incorrect optimization in BytecodeGenerator::emitGetByVal in WebKit JSC.

tags | exploit, proof of concept
advisories | CVE-2017-7117
SHA-256 | 424b380e7d3c1cbc0226f7a72afefbd2fcb4158f18e5251ba138a6ab2b914b5b
Botan C++ Crypto Algorithms Library 2.3.0
Posted Oct 3, 2017
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS

Changes: Addressed a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. Various other updates.
tags | library
advisories | CVE-2017-14737
SHA-256 | 39f970fee5986a4c3e425030aef50ac284da18596c004d1a9cce7688c4e6d47c
Botan C++ Crypto Algorithms Library 1.10.17
Posted Oct 3, 2017
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the old stable release.

Changes: Addressed a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. Various other updates.
tags | library
advisories | CVE-2017-14737
SHA-256 | 6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613
Ubuntu Security Notice USN-3435-1
Posted Oct 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3435-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss
systems | linux, ubuntu
advisories | CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7816, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824
SHA-256 | c86ee2d1eff650ae175e17d1af6c359f0bd16aa5cac13f5f74b1dfa298e8ba18
Red Hat Security Advisory 2017-2836-01
Posted Oct 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2836-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
SHA-256 | 40f38afa9a7156950ba15636b6a23e5643072a5975f5c5d66d3df49b270e25fd
Ubuntu Security Notice USN-3434-1
Posted Oct 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3434-1 - It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-14062
SHA-256 | 18e90f2c41bd5875f69610e95c337df9dbf99c4971f0ef284b47b16864b6bc20
Red Hat Security Advisory 2017-2839-01
Posted Oct 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2839-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-14491
SHA-256 | 9301e5e527415a2079a3e5a2d51158d08cb1acf07b4b31123d7e9edf847b15b6
Red Hat Security Advisory 2017-2838-01
Posted Oct 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2838-01 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-14491
SHA-256 | 419b8334960678d4d5bd2530706ac6c176749a1ab7380d444363dc8317e67b4b
Microsoft IIS UrlScan Module Bypass
Posted Oct 3, 2017
Authored by Steve Kaun

The Microsoft IIS UrlScan module suffers from a bypass vulnerability.

tags | exploit, bypass
SHA-256 | 54497e82b70415d781fcd57707a5cb05e7acb0d1698546f2269bbbfaf32e45ea
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close