what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-11-27

Exim 4.89 Denial Of Service
Posted Nov 27, 2017
Authored by meh

Exim version 4.89 suffers from a denial of service vulnerability while parsing the BDAT data header.

tags | exploit, denial of service
advisories | CVE-2017-16944
SHA-256 | 06400f3e55ff24c12a728e79c0653462e865d8c5b296a559adff089a0a57f067
Diving Log 6.0 XML External Entity Injection
Posted Nov 27, 2017
Authored by Trent Gordon

Diving Log version 6.0 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2017-9095
SHA-256 | d0450eb5a8f82ef2929848b75adb39ccab2685f6239626955cde5507f931229d
RSA Authentication Agent SDK For C Error Handling
Posted Nov 27, 2017
Site emc.com

A security vulnerability in RSA Authentication Agent API/SDK for C versions 8.5 and 8.6 could potentially lead to authentication bypass in certain limited implementations.

tags | advisory
advisories | CVE-2017-14378
SHA-256 | 96e44facec66d245517ed5775e0250836be88213983c6ab0a939fbec80c2e1da
RSA Authentication Agent For Web Authentication Bypass
Posted Nov 27, 2017
Site emc.com

A security vulnerability in RSA Authentication Agent for Web for Apache Web Server could potentially lead to authentication bypass. Versions 8.0 and 8.0.1 prior to build 618 are affected.

tags | advisory, web
advisories | CVE-2017-14377
SHA-256 | e809201aa940c6a9c8357406fa7d2d471668ca0e033a43147728363b0bbfc35d
Chameleon Mini Smartcard Emulator Iceman Fork
Posted Nov 27, 2017
Authored by Christian Herrmann | Site github.com

This is the Iceman fork of the Chameleon Mini source code for the firmware. The Chameleon Mini is a versatile contactless smartcard emulator compliant to NFC. A popular hardware revision is the Chameleon Mini rev E - rebooted.

tags | tool
systems | unix
SHA-256 | 6d43a0f372b8297935c834c2db448e3fc735feda1b2cbedd7cff95edcbe021bb
Ubuntu Security Notice USN-3477-2
Posted Nov 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-2 - USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting attacks. It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
SHA-256 | 9d86fd5032018e790c3b211d4a6351a163087b4a1457ea87bb4f30d6d755a7b4
Ubuntu Security Notice USN-3495-1
Posted Nov 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3495-1 - It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000229
SHA-256 | 9a2b0afb95212034eda457751a8409bd3790121144231c5a778b06133163530a
IPTables Bash Completion 1.7
Posted Nov 27, 2017
Authored by AllKind | Site sourceforge.net

iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.

Changes: Various updates and improvements.
tags | tool, firewall
systems | linux, unix
SHA-256 | 582595982431a35d6b5544384918bf51a031a9c773ee746826bacc9afd647b34
Ubuntu Security Notice USN-3494-1
Posted Nov 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3494-1 - It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-10672
SHA-256 | 72b732fd3f05827c401246f726f4d428a69a60db0e46fbefe772bb646b472cba
Ubuntu Security Notice USN-3493-1
Posted Nov 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3493-1 - It was discovered that Exim incorrectly handled memory in the ESMTP CHUNKING extension. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16943
SHA-256 | b682ce23a365c9f0c1a12f999ea8890678e6432dec8406a563bfa963c428342c
Ubuntu Security Notice USN-3476-2
Posted Nov 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3476-2 - USN-3476-1 fixed two vulnerabilities in postgresql-common. This update provides the corresponding update for Ubuntu 12.04 ESM. Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-1255, CVE-2017-8806
SHA-256 | 334649fe863d6da15bfb22775417958a6004976a01d7fb36d76466fbe9a48233
CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection
Posted Nov 27, 2017
Authored by Ziyahan Albeniz

CMS Made Simple version 2.1.6 suffers from cross site scripting and server-side template injection vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2017-16783
SHA-256 | 6b78c3370b093a9afe1f6852a2f1df3a510d50c437d422d4e858dd8f8493fba3
ZTE ZXDSL 831 Unauthorized Configuration Access Bypass
Posted Nov 27, 2017
Authored by Ibad Shah

ZTE ZXDSL 831 suffers from an insecure direct object reference vulnerability.

tags | exploit, bypass
advisories | CVE-2017-16953
SHA-256 | 56ed9803c128c1aed4f617858b3568c7769896b1c746cd91482983cbe371b484
Red Hat Security Advisory 2017-3265-01
Posted Nov 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3265-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2017-10155, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10279, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10314, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384
SHA-256 | ef0733358f7868bd51e823af67579e4d81acf87a3799ba07337735c84fab869a
Red Hat Security Advisory 2017-3264-01
Posted Nov 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3264-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
SHA-256 | b9201431909936ea9fd97a7fcd50d51c4350b43fe1f82c552c0ae26c8fd37e75
Red Hat Security Advisory 2017-3263-01
Posted Nov 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3263-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.

tags | advisory, web, overflow, imap, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2017-1000257
SHA-256 | c5eab8bf1e060a52f1aeaf4d8be2f3887a32098d9807d9da833a0c80320d986c
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close