Exploit the possiblities
Showing 1 - 25 of 336 RSS Feed

Files Date: 2017-11-01 to 2017-11-30

Debian Security Advisory 4050-1
Posted Nov 29, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4050-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597
MD5 | 412df3dde45b3de5f7c25b9cd59d6b2e
Hipchat For Mac 4.x Remote Code Execution
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2017-14586
MD5 | bc9f76c16c2234a3266f91910a0c367f
Mac OS X Root Privilege Escalation
Posted Nov 29, 2017
Site metasploit.com

This Metasploit module exploits a serious flaw in Mac OS X High Sierra. Any user can login with user "root", leaving an empty password.

tags | exploit, root
MD5 | f135153db9d869d3133d4890fca2f61f
Kernel Live Patch Security Notice LSN-0032-2
Posted Nov 29, 2017
Authored by Benjamin M. Romer

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-14140
MD5 | 7da09c1aeaae77a18335cfc81f24b94c
Asterisk 13.17.2~dfsg-2 Memory Exhaustion
Posted Nov 29, 2017
Authored by Juan Sacco

Asterisk version 13.17.2~dfsg-2 suffers from a remote unauthenticated memory exhaustion vulnerability.

tags | exploit, remote, denial of service
MD5 | 359301b570dd73a9d68c81fd132e7f30
Ubuntu Security Notice USN-3499-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3499-1 - It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-16944
MD5 | 76413a0a0b86941ed4c9ab6ea5adcb1a
Ubuntu Security Notice USN-3501-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3501-1 - It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16612
MD5 | dcb5463838fcb70c44bb92e443ba7eea
Ubuntu Security Notice USN-3500-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3500-1 - It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-16611
MD5 | 2b2de1eb031ae49f268ff9aee4ea6ea6
Hipchat Data Center / Hipchat Server Code Execution / SSRF
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat Data Center and Hipchat Server suffer from server-side request forgery and remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2017-14585
MD5 | e2f2ba4acc611b0394376429fc3f7a13
Synology StorageManager 5.2 Remote Command Execution
Posted Nov 29, 2017
Authored by securiteam

Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.

tags | exploit, remote, cgi, root
MD5 | 0e725291dedfc743e647723b95b3a423
Ubuntu Security Notice USN-3498-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3498-1 - Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-8816, CVE-2017-8817
MD5 | 41cead7dc230ab023b565d109b9d6985
Ubuntu Security Notice USN-3497-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3497-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
MD5 | 8d8eb129033011bab0cea2ab92f4f64c
Red Hat Security Advisory 2017-3278-01
Posted Nov 29, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3278-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2017-14746, CVE-2017-15275
MD5 | 0a2de761d1524893f664239d79f4b1a6
Red Hat Security Advisory 2017-3277-01
Posted Nov 29, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3277-01 - The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Security Fix: A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2017-1000198, CVE-2017-1000199, CVE-2017-1000200, CVE-2017-1000201
MD5 | 60d0bc3e1239871d8a46ec7c89c07b68
QEMU 2.10 Buffer Overflow
Posted Nov 29, 2017
Authored by Eric Blake

QEMU version 2.10 suffers from an NBD server long export name stack buffer overflow vulnerability. This was introduced with commit f37708f6b8.

tags | exploit, overflow
advisories | CVE-2017-15118
MD5 | cd918a363b2e2a85e3195712b7c48c43
Red Hat Security Advisory 2017-3270-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3270-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2017-12613
MD5 | ba5b34282d65f0cfd7c5265748650a28
Red Hat Security Advisory 2017-3269-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3269-01 - The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail. Security Fix: A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2017-16844
MD5 | 56987dcd4d1a7beae1060f304b1bbf65
Red Hat Security Advisory 2017-3188-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3188-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The OpenShift Container Platform 3.7 Release Notes provides information about new features, bug fixes, and known issues. This advisory contains the RPM packages for this release.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-12195
MD5 | fcef255c0cf189f5aea74cbce7f32d2a
Red Hat Security Advisory 2017-3268-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3268-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
MD5 | 009de2beba704fb3d35d0aae5ccb84e0
Red Hat Security Advisory 2017-3267-01
Posted Nov 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3267-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-10165, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
MD5 | 2f20e74df3d331e3431edb2fb2074463
Ubuntu Security Notice USN-3496-3
Posted Nov 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3496-3 - USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2017-1000158
MD5 | f941682c699f5113e70fcf5b8841ab5e
Zed Attack Proxy 2.7.0 Cross Platform Package
Posted Nov 28, 2017
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: Various updates.
tags | tool, web, vulnerability
MD5 | c342a94bd3225be35d867a63e0953b80
pfSense 2.3.1_1 Remote Command Execution
Posted Nov 28, 2017
Authored by h00die, s4squatch

pfSense versions 2.3.1_1 and below contain a remote command execution vulnerability post authentication in the system_groupmanager.php page.

tags | exploit, remote, php
MD5 | e31f1a0a55167ae457e32b3a771f6c12
Microsoft Security Bulletin Advisory Update For November, 2017
Posted Nov 28, 2017
Site microsoft.com

This Microsoft bulletin summary holds information regarding an update to ADV170020 and CVE-2017-11882.

tags | advisory
advisories | CVE-2017-11882
MD5 | c9eb28267150315af85ee2be75c9d465
Ubuntu Security Notice USN-3496-2
Posted Nov 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3496-2 - USN-3496-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2017-1000158
MD5 | 6d06d0cdd588c0582cf4b147440fd9a8
Page 1 of 14
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    11 Files
  • 21
    Feb 21st
    3 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close