what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-10-31

HPE Security Bulletin HPESBHF03787 1
Posted Oct 31, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03787 1 - Security vulnerabilities in HPE Intelligent Management Center (iMC) PLAT products could be exploited to allow Remote Code Execution. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2017-8962, CVE-2017-8963, CVE-2017-8964, CVE-2017-8965, CVE-2017-8966, CVE-2017-8967
SHA-256 | 048e7f04fe21a1795eaf32f8f6ee39d0f93b37113dd2f0fee5a796d0399b2d3e
Sync Breeze 10.1.16 Buffer Overflow
Posted Oct 31, 2017
Authored by Felipe Xavier Oliveira

Sync Breeze version 10.1.16 is vulnerable to a buffer overflow vulnerability, which can be exploited remotely or locally to achieve arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" path of the application.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2017-15950
SHA-256 | 59c9d2495edf8a0486ff788f422643c727583429a515dece3fc0fe22ccb5eba7
EMC VMAX Virtual Appliance (vApp) Authentication Bypass
Posted Oct 31, 2017
Authored by rgod | Site emc.com

The vApp Manager which is embedded in EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and EMC VMAX Embedded Management (eManagement) contains an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. Affected products include EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).

tags | advisory, bypass
advisories | CVE-2017-14375
SHA-256 | f18d4b791aa5ab38928fc5023efe3fe370686f782ff9192339e3ecd5d208f81a
EMC AppSync Server Hardcoded Password
Posted Oct 31, 2017
Site emc.com

EMC AppSync contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 3.5.0.1 are affected.

tags | advisory
advisories | CVE-2017-14376
SHA-256 | adb832e1561d998886665033dc9667b3881bbb1e7c69d63f3a0d223e4e111d17
Red Hat Security Advisory 2017-3086-01
Posted Oct 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3086-01 - Red Hat Proxy aStand-Alonea : Systems registered as clients to RHN via a Red Hat Satellite Proxy server are no longer a Red Hat supported deployment, and will no longer function as required.

tags | advisory, web
systems | linux, redhat
SHA-256 | 0074a732069a5fbbd377da2677e8f112b44506bc1d2c5f1b8cb1b2762f037939
Ubuntu Security Notice USN-3468-2
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-2 - USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | 47d0cfd351854611999665f04a62bff5bebaaf70ccb7778a12e28834ed22be13
Ubuntu Security Notice USN-3468-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | 4351d0ac9d461f5f4d4e71ae65bcadc5bdb1901c5bd483b113516c2bb33b787a
Ubuntu Security Notice USN-3469-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3469-1 - Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-12192, CVE-2017-14051, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14991, CVE-2017-15537, CVE-2017-9984, CVE-2017-9985
SHA-256 | 04cc3e67a19f3ee8637e2800765e1cf7c138d3aee0e7534753e7272826f5de09
Ubuntu Security Notice USN-3470-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | 79802aa159a36b07a77681f62d34e9d9160b1f7e1046cae1a8af43715e35697b
Ubuntu Security Notice USN-3469-2
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3469-2 - USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-12192, CVE-2017-14051, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14991, CVE-2017-15537, CVE-2017-9984, CVE-2017-9985
SHA-256 | 2581cae25d586f8b72eaa828c6ca5f97ec0fd29b3967bf2e5a8351f98d807994
Ubuntu Security Notice USN-3468-3
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | b0c7e1f5657c8f1a680373d7595b40ecf55695e2aab91e40342187daa8027ff6
WordPress User Login History 1.5.2 Cross Site Scripting
Posted Oct 31, 2017
Authored by Nicolas Buzy-Debat

WordPress User Login History plugin version 1.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-15867
SHA-256 | 6c3febf1993c19f0a16505de24832a566c3f18364d14acf384da90a87c23b22d
Progea Movicon 11.5.1181 Search Path Issues
Posted Oct 31, 2017
Authored by Karn Ganeshen

Progea Movicon versions 11.5.1181 and below suffer from search path related vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-14017, CVE-2017-14019
SHA-256 | 3c27f46c9c35863630e0bcb760272da150ea550494090d47a78f9257d279eb07
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
Posted Oct 31, 2017
Authored by Karn Ganeshen

SpiderControl SCADA Web Server versions 2.02.0007 and below suffer from an improper privilege management vulnerability.

tags | exploit, web
advisories | CVE-2017-12728
SHA-256 | 2378a84eb198ed39fc681076b39d9def7c87bcb0b99d8a1c1eeae425ed47ed97
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
Posted Oct 31, 2017
Authored by Karn Ganeshen

JanTek JTC-200 RS232-NET Connector suffers from cross site request forgery and missing authentication vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2016-5789, CVE-2016-5791
SHA-256 | c7609342cf2c7e5053c6d7835d18f3713bed53c9a2e04ffdb132de5d57800d31
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close