what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-11-28

Red Hat Security Advisory 2017-3270-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3270-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2017-12613
SHA-256 | ac092a4be485ac7d15c938e50713a1d1b80f85f242be87121a1bb281cf5c2665
Red Hat Security Advisory 2017-3269-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3269-01 - The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail. Security Fix: A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-16844
SHA-256 | 5622b099a9dfdea7d27cd19e91fd3673e0d1f340111ff01937ce5596b21a9daf
Red Hat Security Advisory 2017-3188-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3188-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The OpenShift Container Platform 3.7 Release Notes provides information about new features, bug fixes, and known issues. This advisory contains the RPM packages for this release.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-12195
SHA-256 | 0fe9fc5b2a90021d45b19857908bc1ef158f71fdbebf89369594e79322e8773f
Red Hat Security Advisory 2017-3268-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3268-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
SHA-256 | 4d3f99353fc0df0e6a3b532ab60da83e1644f085c1e6bc829589edb141973576
Red Hat Security Advisory 2017-3267-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3267-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
SHA-256 | 1cbdf57cadd1e25962575914fcbe68c5198cbbf91b9a933acd1c4fc9b599ac7d
Ubuntu Security Notice USN-3496-3
Posted Nov 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3496-3 - USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2017-1000158
SHA-256 | 25ec9bbd468ed0c82e0fe30a2b0f52afae748c6e3c5db5c64cdf86ebbf0c6b12
Zed Attack Proxy 2.7.0 Cross Platform Package
Posted Nov 28, 2017
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: Various updates.
tags | tool, web, vulnerability
SHA-256 | dc4fa60c53f1fc1f05479780e9ee5c0f3399b9a27a10a6faa06ea7036a46b8e0
pfSense 2.3.1_1 Remote Command Execution
Posted Nov 28, 2017
Authored by h00die, s4squatch

pfSense versions 2.3.1_1 and below contain a remote command execution vulnerability post authentication in the system_groupmanager.php page.

tags | exploit, remote, php
SHA-256 | 7e95005faf5bd57e5f8dd4d924787a1fff296c90c38c30c7cdaff7910db8bb51
Microsoft Security Bulletin Advisory Update For November, 2017
Posted Nov 28, 2017
Site microsoft.com

This Microsoft bulletin summary holds information regarding an update to ADV170020 and CVE-2017-11882.

tags | advisory
advisories | CVE-2017-11882
SHA-256 | 8c08d2b67f5fdd5c140f53076710a906d0d8f284ac320f33f211d5650d20f612
Ubuntu Security Notice USN-3496-2
Posted Nov 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3496-2 - USN-3496-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2017-1000158
SHA-256 | 4a22f21aff027378e07779d79dadfe00a297d9391643a87ff58a459c0677471e
Ubuntu Security Notice USN-3496-1
Posted Nov 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3496-1 - It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2017-1000158
SHA-256 | 80fb3c8c7fa006d1e08575782e3dce959bd30004b0f4f8b9f5c5278cc9fbc1e9
JTempest Windows ExtIO 32-Bit
Posted Nov 28, 2017
Authored by rtl-sdr, Martin Marinov | Site github.com

TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This is a pre-compiled version of the project that is built to work on Windows with ExtIO interfaces.

tags | tool
systems | windows
SHA-256 | 8ba8910a4bf58caeac2cb02e3f6edbd07a32333f3304c30c83828aab87b3c55f
TempestSDR RTL-SDR Fork
Posted Nov 28, 2017
Authored by rtl-sdr, Martin Marinov | Site github.com

This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.

tags | tool, java
systems | windows
SHA-256 | 913741b472128ad1b2ac7ab93cbf5301bd4d26b65a78782bde70fd5f962156a4
HikVision Wi-Fi IP Camera Wireless Access Point State
Posted Nov 28, 2017
Authored by IOT Sec

HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.

tags | exploit
advisories | CVE-2017-14953
SHA-256 | f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06
Android Gmail Attachment Download Directory Traversal
Posted Nov 28, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.

tags | exploit
SHA-256 | acde40f4552aa5149be44a28077696e55fd9ef012ef17e6a02fc5ba02d2dce2c
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close