exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-10-04

Ubuntu Security Notice USN-3435-2
Posted Oct 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3435-2 - USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7805, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824
SHA-256 | e4329dc59b5c975dbfaeabc519833561b7137ab8b8b4f63d158d784f6215af26
nullcon Goa 2018 Call For Papers
Posted Oct 4, 2017
Site nullcon.net

The Call For Papers for nullcon Goa 2018 is now open. It's the time of the year when they welcome research done by the community as paper submissions for nullcon. So, sip your coffee, dust your debuggers, fire your tools, challenge your grey cells and shoot them an email. It will take place March 2nd through the 3rd, 2018 in Goa, India.

tags | paper, conference
SHA-256 | b8bf53ca2348a3ba0b6a7f6a79f4770e53dee05c163b905a9ebeb692de6166bf
Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution
Posted Oct 4, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 suffers from authentication bypass and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, bypass
advisories | CVE-2017-12478
SHA-256 | dc78b0fa80eae08212c73ef783d41166b3faa9276eaa480864465d043a22739a
Red Hat Security Advisory 2017-2858-01
Posted Oct 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2858-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-12150, CVE-2017-12151, CVE-2017-12163
SHA-256 | e1751858f2654a30e58a89f135fc7f0a4a103cd6fbfb2d44571d6962a18d585f
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 4, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 8d86ea8e9eb75bb36c388fcd274b7cd6fb4431c98f0098e80d1cb745bb4f4af9
Unitrends UEB 9.1 Privilege Escalation
Posted Oct 4, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-12479
SHA-256 | 5e34110454ce1173b51f2831389e35dc0b6b2e68f613b44d1cccff58bd1e3048
Microsoft Security Bulletin CVE Update For October, 2017
Posted Oct 4, 2017
Site microsoft.com

This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-8695
SHA-256 | c22e2e8a2a8a210b33f61e30441de9ab77fe4d98567df86397d83a07cd941b78
OpenSSH 7.6p1
Posted Oct 4, 2017
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
Posted Oct 4, 2017
Authored by Kacper Szurek

Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | b8d3a063ba3bd0344ed7822ba4e9550c9ff3a801bd5d1a0414ce83b2fc913254
WordPress Smush Image 2.7.4.1 Directory Traversal
Posted Oct 4, 2017
Authored by Ricardo Sanchez

WordPress Smush Image plugin version 2.7.4.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 21db7b5485a4de9d8322d67427bf0278edc32447bfb7c5844a7851f081d16ba2
DiskBoss Enterprise 8.4.16 Local Buffer Overflow
Posted Oct 4, 2017
Authored by C4t0ps1s

DiskBoss Enterprise version 8.4.16 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | d31cd4e67cca649797128b20d0b177cf1f83d9367ecdd996dbd04d5f317b2ff8
ClipBucket 2.8.3 Remote Code Execution
Posted Oct 4, 2017
Authored by Meisam Monsef

ClipBucket version 2.8.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f2d101c1868f5bf135c5889d537000610c831cd9ebaa72664d14c6d9b33aa667
Fiberhome AN5506-04-F Command Injection
Posted Oct 4, 2017
Authored by Tauco

Fiberhome AN5506-05-F suffers from a command injection vulnerability.

tags | exploit
SHA-256 | eb47d8c931a37c1ccb36a6d9bc6077b07801c2488864fe638ed9eb160bc65124
EPESI 1.8.2 Revision 20170830 Cross Site Scripting
Posted Oct 4, 2017
Authored by Zeeshan Shaikh

EPESI version 1.8.2 revision 20170830 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14712, CVE-2017-14713, CVE-2017-14714, CVE-2017-14715, CVE-2017-14716, CVE-2017-14717
SHA-256 | 937ef0c704e74cecbbb5739db1f0a20572434be5e5cf0868d7b84ac45578fabe
Apache Tomcat JSP Upload Bypass / Remote Code Execution
Posted Oct 4, 2017
Authored by xxlegend

Apache Tomcat versions prior to 9.0.1 (Beta), 8.5.23, 8.0.47, and 7.0.8 suffer from a jsp upload bypass vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, bypass
advisories | CVE-2017-12615
SHA-256 | 7ffd01777edabd0ba5fd2741571567ed01b09949bb47a6972df8972e43c81251
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close