what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files Date: 2017-10-05

Slackware Security Advisory - xorg-server Updates
Posted Oct 5, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-13721, CVE-2017-13723
SHA-256 | cb27d12d25dde94c7fcb4078e7f623a71aba876dceb4186dc9c85f194dc92021
Red Hat Security Advisory 2017-2863-01
Posted Oct 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2863-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2017-7541
SHA-256 | b5d36abd11e4b419b90113b2ed47a5cc04c205be0ed8a375cf6ddc28816b390a
Ubuntu Security Notice USN-3439-1
Posted Oct 5, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3439-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, ruby
systems | linux, ubuntu
advisories | CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
SHA-256 | 8c6c4c94983dabc75dd50c50d1082bfaba6b7926affc9a8903806ee12dcbfb72
Red Hat Security Advisory 2017-2860-01
Posted Oct 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2860-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-7546
SHA-256 | 6d56e55b488b26d17886c954bb94e94e3b3af4cd7d29690997652965cf565de0
Ubuntu Security Notice USN-3438-1
Posted Oct 5, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3438-1 - It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2017-14867
SHA-256 | e32a2ebe0546242c52b87064dfcd052606941a2550f69c17e41fd7203c101d6f
Lansweeper 6.0.0.63 Cross Site Scripting
Posted Oct 5, 2017
Authored by BackBox Team, Giovanni Cerrato, Giovanni Guido

Lansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-9292
SHA-256 | 4b22abdddc1c837b9570e576fea285a43af05467d3f4ec06042d5ab9f5b354b9
Apple Security Advisory 2017-10-05-1
Posted Oct 5, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-05-1 - macOS High Sierra 10.13 Supplemental Update is now available and addresses a password hint issue and keychain extraction vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2017-7149, CVE-2017-7150
SHA-256 | ba18157b0ddad8def7a6b9f8b593aefe7b6bf640e60a4ebe23e2efed83ae9885
Unitrends UEB 9.1 bpserverd Remote Command Execution
Posted Oct 5, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 bpserverd remote command execution exploit.

tags | exploit, remote
advisories | CVE-2017-12477
SHA-256 | 82f1bd41a9b91ff7fcf43dabc0f2e01ae63a3f65d7f2de5cd8bcbb8efd53673b
SmartBear SoapUI 5.3.0 Remote Code Execution Via Deserialization
Posted Oct 5, 2017
Authored by Jakub Palaczynski

SmartBear SoapUI version 5.3.0 suffers from a remote code execution vulnerability via deserialization.

tags | exploit, remote, code execution
SHA-256 | 4cf0e4fc81ad8154903c5779e00dbb3afa5e22cf4b62e8c9face65c732b1a970
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 5, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 4d32bf78790a47b612f73e6f5369bdb54efc47178d31a6a5c2caee2287e9d34f
UCOPIA Wireless Appliance 5.1 Code Execution
Posted Oct 5, 2017
Authored by agix

UCOPIA Wireless Appliance versions 5.1 and below suffer from a captive portal remote root code execution vulnerability.

tags | exploit, remote, root, code execution
SHA-256 | ae7e8abc8f16b10dadca2659c059cf8776f3ea99ee39848e71339f94e098c220
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close