what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files Date: 2017-12-17

OpenStego Free Steganography Solution 0.7.2
Posted Dec 17, 2017
Authored by Samir Vaidya | Site github.com

OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).

Changes: Added support for Java 9. Removed DES algorithm as it is not secure.
tags | tool, java, encryption, steganography
SHA-256 | fdd2de57852e1fd9cec19e7c576100a286c2be9c0fff14396e2cffa7e5548fdd
Telegram Messenger For Android Directory Traversal
Posted Dec 17, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is not filtered. The name is provided by the remote peer when sending a document or music file.

tags | exploit, java, remote
SHA-256 | 7ffd15f66d899cf5ad6ff6674833eb1870b4935ff336fb675f5220f416be335f
Outlook For Android Directory Traversal
Posted Dec 17, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written anywhere on the filesystem that the Outlook app can access when an attached image is viewed in the Outlook app.

tags | exploit
SHA-256 | bb3c8a7504d6e8c404b476e897caa56de42f921ba832cc4711f8ae78d2e13e4a
WordPress Placemarks 2.0.0 Cross Site Scripting
Posted Dec 17, 2017
Authored by Ricardo Sanchez

WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ec1a0d99abb5947627baca39e075feb58469c6d5343d02372f0c7228f090bb6
WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS
Posted Dec 17, 2017
Authored by Ricardo Sanchez

WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a1e26e9a88b4ddfb7ecd7cc345817ca900f281621be4abee4b9fc7cfe1b7235d
Red Hat Security Advisory 2017-3477-01
Posted Dec 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3477-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9798
SHA-256 | 822ce2a5a2219e619fcb8712952a12baa3716903009d2d8afeb6607985aa478a
Red Hat Security Advisory 2017-3476-01
Posted Dec 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3476-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9798
SHA-256 | e524f8ce7b2aeed25d1c47f9cedff0e1cc57e3fbd7aa76b24a33091b5f3ff83d
Red Hat Security Advisory 2017-3475-01
Posted Dec 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3475-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9798
SHA-256 | 7a80ddd064b974806ee57d0ef30c611ff93aa622e38490ed53afce00dc512af4
Zoom Linux Client 2.0.106600.0904 Command Injection
Posted Dec 17, 2017
Authored by Gabriel Quadros, Ricardo Silva

The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.

tags | exploit, shell
advisories | CVE-2017-15049
SHA-256 | ebb137b7cf5aab3fa821e1160f32d5b277ad4a8d68b147107e0e492f7b821dd4
Zoom Linux Client 2.0.106600.0904 Buffer Overflow
Posted Dec 17, 2017
Authored by Gabriel Quadros, Ricardo Silva

The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.

tags | exploit, overflow
advisories | CVE-2017-15048
SHA-256 | acc225bd1b21250c626dc4a00829cd53ab675137c05067793a79cfb388ed3cf7
Monstra CMS 3.0.4 Remote Shell Upload
Posted Dec 17, 2017
Authored by Ishaq Mohammed

Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.

tags | exploit, remote, shell, code execution
SHA-256 | 603914e4682e0177547ee6bd36e55a016f2159b8a92243ba90bf9945fe6c0675
VLC 2.2.8 MP4 Demux Type Conversion
Posted Dec 17, 2017
Authored by Hans Jerry Illikainen

VLC versions 2.2.8 and below suffer from a type conversion vulnerability in the MP4 demux module.

tags | advisory
advisories | CVE-2017-17670
SHA-256 | 517f22e30a6a226acec48ea2f884e2b4a520164bd32f90f3aac8dc1b5d910d2a
nsd Format String
Posted Dec 17, 2017
Authored by bashis

The nsd binary shipping with multiple camera security systems suffers from a format string vulnerability.

tags | exploit
SHA-256 | 0158af91f1804a0e9359005af8cc870bf882c536878b03e5930291a42bb7217a
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close