Exploit the possiblities
Showing 1 - 13 of 13 RSS Feed

Files Date: 2017-12-09

Suricata IDPE 4.0.3
Posted Dec 9, 2017
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: No change. Re-releasing 4.0.2 as 4.0.3 due to packaging mistake.
tags | tool, intrusion detection
systems | unix
MD5 | 8ab68a083a8c20ffab2a9fd03872443f
OpenSSL Toolkit 1.0.2n
Posted Dec 9, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Read/write after SSL object in error state addressed. rsaz_1024_mul_avx2 overflow bug on x86_64 addressed. Various other issues address.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2017-3737, CVE-2017-3738
MD5 | 13bdc1b1d1ff39b6fd42a255e74676a4
Kernel Live Patch Security Notice LSN-0033-1
Posted Dec 9, 2017
Authored by Benjamin M. Romer

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-1000405, CVE-2017-15265, CVE-2017-16939
MD5 | ca77a2333d4c9ee49fdd8d0056475a48
Debian Security Advisory 4057-1
Posted Dec 9, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4057-1 - It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.

tags | advisory
systems | linux, debian
advisories | CVE-2017-1000385
MD5 | 6876d45c412f81a9386021d696efb902
Ubuntu Security Notice USN-3507-2
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3507-2 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306, CVE-2017-15951, CVE-2017-16939
MD5 | e4e9ca45d6a9e4cece95a15bfca16c42
Red Hat Security Advisory 2017-3405-01
Posted Dec 9, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3405-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2017-12172, CVE-2017-15097
MD5 | 997166402189930f6d5a4c0bef3024b8
Red Hat Security Advisory 2017-3404-01
Posted Dec 9, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3404-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2017-12172, CVE-2017-15097
MD5 | 5e83d7998ed71bb88b86b400cdb8e508
Red Hat Security Advisory 2017-3403-01
Posted Dec 9, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3403-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, we dropped the --new-systemd-unit option for security reasons. Please use the root-only script postgresql-new-systemd-unit.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2017-12172, CVE-2017-15097
MD5 | e115e24b1d1fb7d1b51b241e3269be13
Red Hat Security Advisory 2017-3402-01
Posted Dec 9, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3402-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, this update works properly only if the postgres user has write access to the postgres' home directory, such as the one in the default configuration.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2017-12172, CVE-2017-15097
MD5 | 9975c358cbf69aa627308bec7345a038
Ubuntu Security Notice USN-3511-1
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3511-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-16939
MD5 | 9e7a4f198355b4645387c08f75f34134
Ubuntu Security Notice USN-3510-2
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3510-2 - USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-16939
MD5 | a759e1476a777349ca39f619d2d7e469
Ubuntu Security Notice USN-3510-1
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3510-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-16939
MD5 | c760dcb9902f64f23bb4e67232a51fbb
Website Auction Marketplace 2.0.5 SQL Injection
Posted Dec 9, 2017
Authored by Ihsan Sencan

Website Auction Marketplace version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2029175a4339c5c80431519be74f9d03
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close