what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-11-07

Debian Security Advisory 4021-1
Posted Nov 7, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4021-1 - It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics.

tags | advisory
systems | linux, debian
advisories | CVE-2017-14635
MD5 | c0146378f55e32dcb1fcedbc2bb66d5c
Red Hat Security Advisory 2017-3151-01
Posted Nov 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3151-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.89. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-15398, CVE-2017-15399
MD5 | 43de8de1d726c8006a36b5c4b1912ef4
Red Hat Security Advisory 2017-3141-01
Posted Nov 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3141-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2014-9970, CVE-2017-7525, CVE-2017-7536
MD5 | 056b19a639c1fe9b62650b1e6930f712
WordPress Duplicator Migration 1.2.28 Cross Site Scripting
Posted Nov 7, 2017
Authored by Ricardo Sanchez

WordPress Duplicator Migration plugin version 1.2.28 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2a23ccdd30440e91eff8eb3c5895687a
Hashcat Advanced Password Recovery 4.0.1 Source Code
Posted Nov 7, 2017
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: Fixed a memory leak while parsing a wordlist. Fixed compile of kernels on AMD systems on windows due to invalid detection of ROCm. Various other fixes.
tags | tool, cracker
systems | unix
MD5 | e6b3f6623d3edaf15a573641ffcd1645
Hashcat Advanced Password Recovery 4.0.1 Binary Release
Posted Nov 7, 2017
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: Fixed a memory leak while parsing a wordlist. Fixed compile of kernels on AMD systems on windows due to invalid detection of ROCm. Various other fixes.
tags | tool, cracker
MD5 | 0abd25079306015c70ef20dd3f621e05
Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
Posted Nov 7, 2017
Authored by Chris Salls

This is a proof of concept exploit for the waitid bug introduced in version 4.13 of the Linux kernel. It can be used to break out of sandboxes such as that in Google Chrome.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2017-5123
MD5 | d639706ada72778161ee250f8be0e58d
Actiontec C1000A Modem Backdoor Account
Posted Nov 7, 2017
Authored by Joseph McDonagh

The Actiontec C1000A modem has a hard-coded backdoor admin account.

tags | exploit
MD5 | 9b26731e44af5a8e6e15a0558e3e6416
Debian Security Advisory 4020-1
Posted Nov 7, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4020-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-15396, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133
MD5 | 3c21c7c25cf172bd948476729c4416c6
pfSense 2.3.1_1 Post-Authentication Command Execution
Posted Nov 7, 2017
Authored by s4squatch

pfSense versions 2.3.1_1 and below suffers from a post authentication command execution vulnerability.

tags | exploit
MD5 | d8d02e5d6eae4e7a40f0f83d102408ad
Logitech Media Server 7.9.0 Cross Site Scripting
Posted Nov 7, 2017
Authored by Dewank Pant

Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, xss
advisories | CVE-2017-16567, CVE-2017-16568
MD5 | 8c4957b94bdce3c0e68c8f212feeed3e
mkvalidator 0.5.1 Denial Of Service
Posted Nov 7, 2017
Authored by qflb.wu

mkvalidator version 0.5.1 suffers from multiple denial of service vulnerabilities leveraging libebml2 and mkclean.

tags | exploit, denial of service, vulnerability
advisories | CVE-2017-12779, CVE-2017-12780, CVE-2017-12781, CVE-2017-12782, CVE-2017-12783, CVE-2017-12800, CVE-2017-12801, CVE-2017-12802, CVE-2017-12803
MD5 | a6a7a05030b7baeea04f707a0abb51bc
POC OR GTFO 0x16
Posted Nov 7, 2017
Authored by pocgtfo

This is the sixteenth issue of POC || GTFO.

tags | magazine
MD5 | 077321dc32ba752a1b52039649e9bf31
WordPress UserPro 4.6.17 Authentication Bypass
Posted Nov 7, 2017
Authored by Iain Hadgraft, Colette Chamberland

WordPress Userpro plugin versions 4.9.17 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 3caf55475144701c51ba9e65a7535575
Debut Embedded httpd 1.20 Denial Of Service
Posted Nov 7, 2017
Authored by z00n

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. Version 1.20 is affected.

tags | exploit, web, denial of service
advisories | CVE-2017-16249
MD5 | ee7ef5bdd4a7041feca97eedbf83f374
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    3 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    11 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close