what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-10-23

FS Freelancer Clone SQL Injection
Posted Oct 23, 2017
Authored by 8bitsec

FS Freelancer Clone suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1f4b5ec15f3ce1622270a509b91ddc80ec0f418b6cf79be3b04762928a6c1665
Ubuntu Security Notice USN-3441-2
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3441-2 - USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel Stenberg discovered that curl incorrectly handled large A floating point output. A remote attacker could use this issue to cause A curl to crash, resulting in a denial of service, or possibly execute A arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407
SHA-256 | 7aae14ec5ba893ef0d780ab62a86bba669dd2dbe21dca9f3ab0beb40cb92a0f0
Ubuntu Security Notice USN-3458-2
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3458-2 - USN-3458-1 fixed a vulnerability in ICU. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that ICU incorrectly handled certain inputs. If an A application using ICU processed crafted data, a remote attacker could A possibly cause it to crash or potentially execute arbitrary code with A the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | e5f20afd7d7e0e8d8e517e0c5504d5f49f164f954343b98e97920f4233af7766
Ubuntu Security Notice USN-3461-1
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3461-1 - It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-6257, CVE-2017-6259, CVE-2017-6266, CVE-2017-6267, CVE-2017-6272
SHA-256 | 663258a4aea245e2accd9a76c115a3fbe688ebb2ab8f368a1d2605cf04ace536
Ubuntu Security Notice USN-3458-1
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3458-1 - It was discovered that ICU incorrectly handled certain inputs. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | 274a8461ed742fcb98d0a61c06e1852430fc7a0eb87b93f78e51758031e7048a
Ubuntu Security Notice USN-3460-1
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3460-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120
SHA-256 | 384ba8dedaf6420ae5558b7f6d647f6c22ec2ef1adbb37214209079c32ac2906
Kaltura 13.1.0 Remote Code Execution
Posted Oct 23, 2017
Authored by Robin Verton

Kaltura versions 13.1.0 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-14143
SHA-256 | 73bbdc3dfb63fe71bff9b533363ded6daba1c5d251d456a8d077bb1e4caf737c
Gentoo Linux Security Advisory 201710-27
Posted Oct 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-27 - Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.78 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
SHA-256 | 38689f62169ad9727d20db758cda09ebd860a0cf445ff581a92ce63c5f6b096a
Gentoo Linux Security Advisory 201710-26
Posted Oct 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-26 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.3.0:2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10504, CVE-2016-10505, CVE-2016-10506, CVE-2016-10507, CVE-2016-1626, CVE-2016-1628, CVE-2016-9112, CVE-2016-9113, CVE-2016-9114, CVE-2016-9115, CVE-2016-9116, CVE-2016-9117, CVE-2016-9118, CVE-2016-9572, CVE-2016-9573, CVE-2016-9580, CVE-2016-9581, CVE-2017-12982, CVE-2017-14039, CVE-2017-14164
SHA-256 | 869f6c6e091d19293a71cba637355cc94a93b938d26ef5543bfaaf688f1098ed
Gentoo Linux Security Advisory 201710-25
Posted Oct 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-25 - Multiple vulnerabilities have been found in the PCRE Library, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 8.41 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246
SHA-256 | 2193225aa04df440a7b00f39ed529a699177212702436597ca09649b8e8a3b5d
Red Hat Security Advisory 2017-3002-01
Posted Oct 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2017-11499
SHA-256 | b7c8154b1f5237a078676a57b89ad1b4f6366494158e4a90b9f5691fbdad6562
Red Hat Security Advisory 2017-2999-01
Posted Oct 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2999-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
SHA-256 | 5a4ce654a7f1a56a3e0c28d38c35a7bd07a67e4a9e13e00e1109d326f55215e6
Gentoo Linux Security Advisory 201710-24
Posted Oct 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-24 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 62.0.3202.62 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133
SHA-256 | a3f601b3c1424c220b0f15954ed5a1dea8576ebb6231a9b661bad5f2fb60ea2d
Gentoo Linux Security Advisory 201710-23
Posted Oct 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-23 - Multiple vulnerabilities have been found in Go, the worst of which may result in the execution of arbitrary commands. Versions less than 1.9.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15041, CVE-2017-15042
SHA-256 | bf94b265f8846c16e26ea3dc339c3f0268d4a939482de4292f29ffc877facace
Gentoo Linux Security Advisory 201710-22
Posted Oct 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-22 - A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code. Versions less than 27.0.0.170 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-11292
SHA-256 | dc65b829c89803538e09910cafc7de0940c865803aba55f2c2c947582b61ed06
Ubuntu Security Notice USN-3459-1
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3459-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-10155, CVE-2017-10165, CVE-2017-10167, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10311, CVE-2017-10313, CVE-2017-10314, CVE-2017-10320, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384
SHA-256 | 60e04cc4314d1e6802ea9de37fddc302419ea27711619e9ac828c586652f347f
Ubuntu Security Notice USN-3457-1
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3457-1 - Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, imap
systems | linux, ubuntu
advisories | CVE-2017-1000257
SHA-256 | 1b115a38c70e2d18635e3fe9217eb65e896a4c7c70caa393bd607a28352ff906
Fuzzing Font Parsing
Posted Oct 23, 2017
Authored by James Fell

This article presents a cross-platform test harness written in Python that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality. The tool automates the delivery of test cases (font files in this context) into a web browser. The creation of a corpus of mutated TTF font files suitable for use in fuzzing is also covered.

tags | tool, web, vulnerability, python, fuzzer
systems | unix
SHA-256 | c8318c528d7e608b8d2215bee4998862b6f54b96d2c952d42a31f344c81b6f0d
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close