Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-10-04

Ubuntu Security Notice USN-3435-2
Posted Oct 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3435-2 - USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7805, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824
MD5 | f3497adebd97cb8880f571587424512d
nullcon Goa 2018 Call For Papers
Posted Oct 4, 2017
Site nullcon.net

The Call For Papers for nullcon Goa 2018 is now open. It's the time of the year when they welcome research done by the community as paper submissions for nullcon. So, sip your coffee, dust your debuggers, fire your tools, challenge your grey cells and shoot them an email. It will take place March 2nd through the 3rd, 2018 in Goa, India.

tags | paper, conference
MD5 | 03cceca06a854253d0f37ba9b89ab7b9
Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution
Posted Oct 4, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 suffers from authentication bypass and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, bypass
advisories | CVE-2017-12478
MD5 | 9d6d20dd61555d23609e4ebabde10468
Red Hat Security Advisory 2017-2858-01
Posted Oct 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2858-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-12150, CVE-2017-12151, CVE-2017-12163
MD5 | 104f0352678b86d2e6dc8a411ed3b6cd
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 4, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
MD5 | 6fac5f12b988c5d618dd41e90f4d5591
Unitrends UEB 9.1 Privilege Escalation
Posted Oct 4, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-12479
MD5 | 54ea4c79a90bb7589d2d48f383e0346f
Microsoft Security Bulletin CVE Update For October, 2017
Posted Oct 4, 2017
Site microsoft.com

This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-8695
MD5 | 7f2b2373f6f20e2666ca468d4ec593b1
OpenSSH 7.6p1
Posted Oct 4, 2017
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | 06a88699018e5fef13d4655abfed1f63
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
Posted Oct 4, 2017
Authored by Kacper Szurek

Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | f5b04fcd738b0b833d61f1bc22f69ffc
WordPress Smush Image 2.7.4.1 Directory Traversal
Posted Oct 4, 2017
Authored by Ricardo Sanchez

WordPress Smush Image plugin version 2.7.4.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 74031598272cf1973422350b4130cab0
DiskBoss Enterprise 8.4.16 Local Buffer Overflow
Posted Oct 4, 2017
Authored by C4t0ps1s

DiskBoss Enterprise version 8.4.16 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | 3482c7fabbb5b1e26237c477a8ec383d
ClipBucket 2.8.3 Remote Code Execution
Posted Oct 4, 2017
Authored by Meisam Monsef

ClipBucket version 2.8.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | f13ec94b270861446ac3f3edfb30d15a
Fiberhome AN5506-04-F Command Injection
Posted Oct 4, 2017
Authored by Tauco

Fiberhome AN5506-05-F suffers from a command injection vulnerability.

tags | exploit
MD5 | 060deecd3c2ad0da82d4a03242288cfc
EPESI 1.8.2 Revision 20170830 Cross Site Scripting
Posted Oct 4, 2017
Authored by Zeeshan Shaikh

EPESI version 1.8.2 revision 20170830 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14712, CVE-2017-14713, CVE-2017-14714, CVE-2017-14715, CVE-2017-14716, CVE-2017-14717
MD5 | f9d422039547e917ef1215c6f65ce74c
Apache Tomcat JSP Upload Bypass / Remote Code Execution
Posted Oct 4, 2017
Authored by xxlegend

Apache Tomcat versions prior to 9.0.1 (Beta), 8.5.23, 8.0.47, and 7.0.8 suffer from a jsp upload bypass vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, bypass
advisories | CVE-2017-12615
MD5 | 1177b1b337472286468b90770055760c
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close