Twenty Year Anniversary
Showing 1 - 25 of 28 RSS Feed

Files Date: 2018-01-10

HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows, 7
advisories | CVE-2017-5817
MD5 | 252d40a332488ae10b75261fe5cefc7d
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows, 7
advisories | CVE-2017-5816
MD5 | 5919ea7fa37b5b123d15780fb9eca50b
Spring Jackson-Databind Default Typing Issue
Posted Jan 10, 2018
Authored by Imre Rad

Proof of concept that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions.

tags | exploit, proof of concept
advisories | CVE-2017-17485, CVE-2017-7525
MD5 | bd94dd448499d73f15b54018b06b7f7f
Kernel Live Patch Security Notice LSN-0034-1
Posted Jan 10, 2018
Authored by Benjamin M. Romer

On January 9, fixes for CVE-2017-5754 were released into the Ubuntu Xenial kernel version 4.4.0-108.131. This CVE, also known as "Meltdown," is a security vulnerability caused by flaws in the design of speculative execution hardware in the computer's CPU.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 4974c888dabe678b81c7dea7955b3a4c
VMware Security Advisory 2018-0002.1
Posted Jan 10, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0002.1 - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

tags | advisory
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 98039a0f8ea7a3f15db5f2c25f082c3e
VMware Security Advisory 2018-0004
Posted Jan 10, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0004 - VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest remediation for speculative execution issue.

tags | advisory
advisories | CVE-2017-5715
MD5 | b855012b06ac33e0e15bdc7c6553f569
Debian Security Advisory 4082-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4082-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-1000407, CVE-2017-1000410, CVE-2017-15868, CVE-2017-16538, CVE-2017-16939, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-5754, CVE-2017-8824
MD5 | b88b402831cc589e93712fbeed229e93
Debian Security Advisory 4080-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4080-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934, CVE-2017-16642
MD5 | 7a923ed447a8c3d28e10e24fe62a1992
Slackware Security Advisory - irssi Updates
Posted Jan 10, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208
MD5 | 22083c63323dbaa86fcd37fa55557e1a
Ubuntu Security Notice USN-3524-1
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3524-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 257c1190c8db4f29219aebe29c12194e
Ubuntu Security Notice USN-3522-2
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-2 - USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | b64b860b09568182f97f59bf7e46ba05
Ubuntu Security Notice USN-3522-1
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 0309df4e8cea9c3405f86a79f00a8cc7
Ubuntu Security Notice USN-3523-1
Posted Jan 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3523-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-16995, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-5754
MD5 | a70e4f6712a9f397feb49e6273bf2ee5
Debian Security Advisory 4081-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4081-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12933, CVE-2017-16642
MD5 | fdb7bf3837629f4a8ca9b2cef7a169ad
Microsoft Windows Local XPS Print Spooler Sandbox Escape
Posted Jan 10, 2018
Authored by James Forshaw, Google Security Research

The Microsoft Windows local print spooler can be abused to create an arbitrary file from a low privilege application including one in an AC as well as a typical Edge LPAC CP leading to elevation of privilege.

tags | exploit, arbitrary, local
systems | windows
MD5 | f9c76875d1743262b2802cf76e9e7f56
Microsoft Windows Kernel ATMFD.DLL NamedEscape 0x250D Pool Corruption
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode font driver has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0788
MD5 | 96b46447ba7a6c968d0db2900d57b8a3
Microsoft Windows Kernel ATMFD.DLL Out-Of-Bounds Read
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode driver lacks any sort of sanitization of various 32-bit offsets found in .MMM files (Multiple Master Metrics), and instead uses them blindly while loading Type 1 Multiple-Master fonts in the system.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0754
MD5 | 870a4dbf54830a3b7fe3d330142d98ab
Microsoft Windows Kernel nt!PiUEventHandleGetEven Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure from nt!RawMountVolume via nt!PiUEventHandleGetEvent (\Device\DeviceApi\CMNotify device).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0747
MD5 | 60cf9a8ec04755f71c4247b0446d8196
Microsoft Edge Chakra JIT Escape Analysis Bug
Posted Jan 10, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.

tags | exploit
advisories | CVE-2017-11918
MD5 | f49a75546e986ccb23882860abd5f185
Microsoft Windows Kernel nt!NtQuerySystemInformation Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0746
MD5 | b620b4ff52f8487fa112c32d8993da4c
Microsoft Windows Kernel nt!NtQueryInformationProcess Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure in nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0745
MD5 | 705f77a5bfdb76b806fe73449ba102a5
Android ashmem Race Condition
Posted Jan 10, 2018
Authored by Google Security Research, laginimaineb

The Android MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes.

tags | exploit, remote
advisories | CVE-2017-13216
MD5 | dcf0633cc886152f7601ff53e754aa73
Microsoft Edge Chakra JIT asm.js Out-Of-Bounds Read
Posted Jan 10, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an out-of-bounds read in asm.js.

tags | exploit
advisories | CVE-2017-11911
MD5 | 0ad7db805f5e80c2d07d8d3efece99ce
Microsoft Edge Chakra JIT BackwardPass::RemoveEmptyLoopAfterMemOp Failed Insert
Posted Jan 10, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT has an issue where BackwardPass::RemoveEmptyLoopAfterMemOp does not insert branches.

tags | exploit
advisories | CVE-2017-11909
MD5 | dc948f248dc2d2bfd1f170d86c25f83c
Microsoft Edge Chakra JIT Op_MaxInAnArray / Op_MinInAnArray Misuse
Posted Jan 10, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT has an issue where Op_MaxInAnArray and Op_MinInAnArray Misuse can explicitly call user defined JavaScript functions.

tags | exploit, javascript
advisories | CVE-2017-11893
MD5 | 077ed40c3d16dd77486c3f7c155974d8
Page 1 of 2
Back12Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    27 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close