what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-10-17

Afian AB FileRun 2017.03.18 CSRF / Shell Upload / XSS / Redirection
Posted Oct 17, 2017
Authored by Roman Ferdigg | Site sec-consult.com

Afian AB FileRun version 2017.03.18 suffers from cross site request forgery, cross site scripting, open redirection, remote shell upload, and various other vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
SHA-256 | 2826127ad7fe9509d7f398e13bb1fdb75d324125493456d998e4d7e25c350413
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
Posted Oct 17, 2017
Authored by T. Weber | Site sec-consult.com

Linksys E series devices suffer from cross site request forgery, cross site scripting, header injection, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
SHA-256 | e66d718a08baa524af05c5de1f9b57d9611d9454de19eb2da59eee56654ed6a8
Gentoo Linux Security Advisory 201710-20
Posted Oct 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-20 - Multiple vulnerabilities have been found in Nagios, the worst of which could lead to the remote execution of arbitrary code. Versions prior to 4.3.3 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-9565, CVE-2016-9566, CVE-2017-12847
SHA-256 | 71bbb60aa3362e4c8f4445ea29cd272ea687230997e48f4eb582bacc56ad6176
Red Hat Security Advisory 2017-2908-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2908-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2017-11499
SHA-256 | 7969868d6d3e4cc32a9f6308dce75909322aa2c3b6f3723586b11a881f1a97e3
Gentoo Linux Security Advisory 201710-19
Posted Oct 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-19 - Multiple vulnerabilities have been found in libarchive, the worst of which could lead to a Denial of Service condition. Versions less than 3.3.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10349, CVE-2016-10350
SHA-256 | 86fc0bec8e78681d6cf24948e8a4e2bb9e6f7b75e57aa12b7a41791b482d4e27
Red Hat Security Advisory 2017-2905-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2905-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
SHA-256 | d7e1b54ddf358b368323a0d855bf2e5186841d7534eca072f35a8d897659fdfd
Gentoo Linux Security Advisory 201710-18
Posted Oct 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-18 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.2.8 are affected.

tags | advisory, remote, arbitrary, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2016-2337, CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
SHA-256 | 74182e2fa1de3051fe5a5e387c1c4a43e8c3561f268eef142677191cc11c3c11
Red Hat Security Advisory 2017-2907-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2907-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | c467a1c4f7cb51ed5062bdc517c2295e285cd5c495e37d543ae688167c35f501
Gentoo Linux Security Advisory 201710-17
Posted Oct 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-17 - Multiple vulnerabilities have been found in Xen, the worst of which may allow local attackers to escalate privileges. Versions less than 4.7.3 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10918, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922
SHA-256 | 9484e589a56881408d4c0766dd0c78bd8f82e19aea09b18a0919672dda99ea6b
HPE Security Bulletin HPESBHF03789 2
Posted Oct 17, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03789 2 - A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data. Revision 2 of this advisory.

tags | advisory, remote, local
advisories | CVE-2017-15361
SHA-256 | acdb5759c51be71c692f1131460bb7021ed481bbd9c21ac6af091921bdd24b5e
Ubuntu Security Notice USN-3456-1
Posted Oct 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3456-1 - It was discovered that the X.Org X server incorrectly handled certain lengths. An attacker able to connect to an X server, either locally or remotely, could use these issues to crash the server, or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187
SHA-256 | ae7f1eae80900b7f7dfcf04b648d771c3b13b3d6314ba66e63f1427820c9d84b
Webtrekk Pixel Tracking Cross Site Scripting
Posted Oct 17, 2017
Authored by Malte Batram | Site sec-consult.com

Webtrekk Pixel Track versions 3.24 to 3.40, 4.00 to 4.40, and 5.00 to 5.04 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0715456c005dbb913030d97db91cff6ea75e827161f4bb4cf639636aab940a0d
Red Hat Security Advisory 2017-2899-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2899-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.170. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-11292
SHA-256 | 42c4b20574fd46cdec6e1151b9759e96c775095c6bb41183c21e4438ac3e1e90
Red Hat Security Advisory 2017-2904-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2904-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
SHA-256 | 5b20d3c47a867b021f89c414e2e15806585f337275ea0f6a5bd1d6adc8c38d66
Interspire Email Marketer Authentication Bypass
Posted Oct 17, 2017
Authored by Hakan Kusne

Interspire Email Marketer versions prior to 6.1.6 suffered from an administrative authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2017-14322
SHA-256 | 63b12c183eef7d18a993e7da3f6e94fb295c8da79b37ec97a2295783aff97b9b
Red Hat Security Advisory 2017-2906-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2906-01 - Red Hat Single Sign-On 7.1 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The Node.js adapter provides a simple module for authentication and authorization in Node.js applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
SHA-256 | d729e98f328dac94dc12ca2849872675e6350f226f0e2ac94427213f552718b6
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close