Twenty Year Anniversary
Showing 1 - 25 of 45 RSS Feed

Files Date: 2017-12-12

MikroTik 6.40.5 Denial Of Service
Posted Dec 12, 2017
Authored by Hosein Askari

MikroTik version 6.40.5 kernel failure denial of service proof of concept exploit.

tags | exploit, denial of service, kernel, proof of concept
advisories | CVE-2017-17538
MD5 | 12c83cbcfbe3a5163c4f8fc4865dd781
GRR 3.2.1.1
Posted Dec 12, 2017
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: The HTTPDatastore has been removed from GRR. GRR now supports MySQL out of the box (when installed from the server deb). Various other updates.
tags | tool, remote, web, forensics
systems | unix
MD5 | 93f67792eab4a629d4cd7ad2d68af5ae
MikroTik RouterBoard 6.39.2 / 6.40.5 DNS Denial Of Service
Posted Dec 12, 2017
Authored by Hosein Askari

MikroTik RouterBoard versions 6.39.2 and 6.40.5 DNS daemon denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2017-17537
MD5 | c3b26684e576d6b6c58b6f3270bef359
Libraw 0.18.5 Denial Of Service
Posted Dec 12, 2017
Authored by Laurent Delosieres | Site secunia.com

Libraw version 0.8.15 suffers from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2017-16909, CVE-2017-16910
MD5 | 05f8390db2d984a68b3f2a0b472f4f59
Debian Security Advisory 4058-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4058-1 - Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-1000229, CVE-2017-16938
MD5 | dd0f5a9d40a4eeb468d7c801146e0438
Ubuntu Security Notice USN-3512-1
Posted Dec 12, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3512-1 - David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-3737, CVE-2017-3738
MD5 | 0cc0ee9bc2108ca4e7a6bf8e0410739c
Debian Security Advisory 4062-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4062-1 - It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.

tags | advisory, web
systems | linux, debian
advisories | CVE-2017-7843
MD5 | 462098030c204e9dc5d68f345415d194
Debian Security Advisory 4061-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4061-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
MD5 | a5310638fafd1bd743a7aa997c8def97
Debian Security Advisory 4060-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4060-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

tags | advisory, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2017-11408, CVE-2017-13766, CVE-2017-17083, CVE-2017-17084, CVE-2017-17085
MD5 | 63c4113d4dfc8cde1097aebefc5a01de
Slackware Security Advisory - openssl Updates
Posted Dec 12, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-3737, CVE-2017-3738
MD5 | e6e09e7e8a766023e9521e28de89fbdf
FreeBSD Security Advisory - FreeBSD-SA-17:12.openssl
Posted Dec 12, 2017
Site security.freebsd.org

FreeBSD Security Advisory - Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. Various other issues were addressed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-3737, CVE-2017-3738
MD5 | 3475ce3c92c45de6eb4652ec337d3e53
Debian Security Advisory 4059-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4059-1 - It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2017-16612
MD5 | f27c72c0b25d92627aeaff62733112c9
macOS / iOS Kernel IOSurfaceRootUserClient Double-Free
Posted Dec 12, 2017
Authored by Google Security Research, ianbeer

macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.

tags | exploit, kernel
systems | cisco, ios
advisories | CVE-2017-13861
MD5 | 184f6e2345e9d5d30fb5251e4ff335fc
macOS getrusage Stack Leak
Posted Dec 12, 2017
Authored by Jann Horn, Google Security Research

macOS suffers from a getrusage stack leak through struct padding.

tags | exploit
advisories | CVE-2017-13869
MD5 | 7b47e5940f3ef53d7ed82338cc4b4ae9
macOS necp_get_socket_attributes so_pcb Type Confusion
Posted Dec 12, 2017
Authored by Jann Horn, Google Security Research

macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.

tags | exploit
advisories | CVE-2017-13855
MD5 | 420bee1dc1be795e79cb3c03b5f47731
XNU Kernel Memory Corruption
Posted Dec 12, 2017
Authored by Google Security Research, ianbeer

The XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms.

tags | exploit, overflow, kernel
advisories | CVE-2017-13876
MD5 | c638f3dbcc9363560aaf17fa6e01b0a5
macOS / iOS IOTimeSyncClockManagerUserClient Use-After-Free
Posted Dec 12, 2017
Authored by Google Security Research, ianbeer

macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.

tags | exploit, kernel, vulnerability
systems | cisco, ios
advisories | CVE-2017-13847
MD5 | 91c42e10c5af4753d52cffa762abd8ac
macOS AppleIntelCapriController::GetLinkConfig Kernel Code Execution
Posted Dec 12, 2017
Authored by Google Security Research, ianbeer

The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.

tags | exploit, kernel, code execution
advisories | CVE-2017-13875
MD5 | 5ae7dba93f843e9011a2eeac188240d3
macOS / iOS Kernel Double Free
Posted Dec 12, 2017
Authored by Google Security Research, ianbeer

macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.

tags | exploit, kernel
systems | cisco, ios
advisories | CVE-2017-13867
MD5 | adea43dc13c8a03941deec88ab491ec2
XNU Kernel API Memory Disclosure
Posted Dec 12, 2017
Authored by Google Security Research, ianbeer

There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn't a failure at writing a description.

tags | exploit, kernel
advisories | CVE-2017-13865
MD5 | 1879d1a7c15b3f573be6ae2ceeeb63de
LibTIFF pal2rgb 4.0.9 Heap Overflow
Posted Dec 12, 2017
Authored by Jungun Baek

LibTIFF pal2rgb version 4.0.9 suffers from a heap buffer overflow.

tags | exploit, denial of service, overflow
advisories | CVE-2017-17095
MD5 | cfe4e9dc701134a471ef36e7bc8746f5
Vanguard 1.4 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Vanguard version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 743cb476678f11288642320dc9d7c025
Vanguard 1.4 Arbitrary File Upload
Posted Dec 12, 2017
Authored by Ihsan Sencan

Vanguard version 1.4 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 9ce2e913fa5e1295e84d50bc0da48c0a
Basic Job Site Script 2.0.5 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Basic Job Site Script version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b6d4b17370cf8c74e783b9d74f8716a1
Resume Clone Script 2.0.5 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Resume Clone Script version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c5b43f61ef320354c7d769d35638db2c
Page 1 of 2
Back12Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close