Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-12-04

Arq Backup 5.9.6 Local Root Privilege Escalation
Posted Dec 4, 2017
Authored by Mark Wadham

Arq Backup versions 5.9.6 and below suffer from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2017-15357
MD5 | 2cf34b399d49d64d0321379e8239a52e
Ubuntu Security Notice USN-3503-1
Posted Dec 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3503-1 - It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000159
MD5 | ebb5ce7bbc80b14cfd7841dd50f31b12
Ubuntu Security Notice USN-3498-2
Posted Dec 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3498-2 - USN-3498-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-8817
MD5 | 26d30b6c5e75b0330e6d2d9aa3568ea6
Red Hat Security Advisory 2017-3382-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3382-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-7843
MD5 | 4f26deb40bfd00ea60b40d1a9254c77b
Red Hat Security Advisory 2017-3379-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3379-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix: It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

tags | advisory, remote, local
systems | linux, redhat
advisories | CVE-2017-12173
MD5 | 7f4b313a6c09b1de5b59cb9a844524f0
Red Hat Security Advisory 2017-3375-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3375-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.2 was retired as of November 30, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.2 EUS after November 30, 2017.

tags | advisory
systems | linux, redhat
MD5 | b9a71a1eaf04087f42ec3b4c39e60275
Red Hat Security Advisory 2017-3376-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3376-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.5 was retired as of November 30, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.5 TUS after November 30, 2017.

tags | advisory
systems | linux, redhat
MD5 | 72551dac1676c247309f0438bc7e81b2
Amazon Audible DLL Hijacking
Posted Dec 4, 2017
Authored by Himanshu Mehta

Amazon Audible suffers from a dll hijacking vulnerability.

tags | exploit
advisories | CVE-2017-17069
MD5 | ae9d60bd3397826b75d540aa43330e47
0d1n 2.5
Posted Dec 4, 2017
Authored by Cooler

0d1n is a web security tool for fuzzing various HTTP/S payloads. It's written in C and uses libcurl.

Changes: Various updates.
tags | tool, web, scanner
systems | unix
MD5 | bd8c5cb8dad46e2b47960bd46c439d5e
TOR Virtual Network Tunneling Tool 0.3.1.9
Posted Dec 4, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.1.9 backports important security and stability fixes from the 0.3.2 development series.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 585e62d086ae7df7cd873f735d726118
Red Hat Security Advisory 2017-3372-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3372-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
MD5 | b3d55d125f85fe69a4f06858b91bd845
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
Posted Dec 4, 2017
Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh | Site sec-consult.com

OpenEMR version 5.0.0 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | ae3d7e59300638cb1a92e34e6480a979
WAGO PFC 200 Series Authentication Bypass
Posted Dec 4, 2017
Authored by T. Weber | Site sec-consult.com

WAGO PFC 200 Series suffers from multiple unauthenticated access bypass vulnerabilities.

tags | exploit, vulnerability
MD5 | e2abe1666aac18721e912c338c5dd1a2
FortiGate SSL VPN Portal 5.x Cross Site Scripting
Posted Dec 4, 2017
Authored by Stefan Viehbock | Site sec-consult.com

FortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14186
MD5 | 326f6888433930a05fa0eaf4edd6db42
Asterisk Project Security Advisory - AST-2017-013
Posted Dec 4, 2017
Authored by Juan Sacco | Site asterisk.org

Asterisk Project Security Advisory - If the chan_skinny (AKA SCCP protocol) channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind.

tags | advisory, protocol
MD5 | 2cbedc51743649be0104f9790f0c2743
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close