Exploit the possiblities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2018-01-31

BMC Server Automation RSCD Agent NSH Remote Command Execution
Posted Jan 31, 2018
Authored by Nicky Bloor, Olga Yanushkevich | Site metasploit.com

This Metasploit module exploits a weak access control check in the BMC Server Automation RSCD agent that allows arbitrary operating system commands to be executed without authentication. Note: Under Windows, non-powershell commands may need to be prefixed with 'cmd /c'.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2016-1542, CVE-2016-1543
MD5 | 21c820bdd8fcc8d4555e107c87aa2da7
Red Hat Security Advisory 2018-0260-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0260-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1049
MD5 | a0bf0f1a8c15ce6d941dc610258bd80c
Ubuntu Security Notice USN-3554-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3554-1 - It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-1000005, CVE-2018-1000007
MD5 | ed28b8a51a89d4fe400c8f5837f74ceb
IPSwitch MoveIt 9.4 Cross Site Scripting
Posted Jan 31, 2018
Authored by 1N3

IPSwitch MoveIt versions 8.1 through 9.4 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 723b0f6426716909db57c54c2b850fdf
Ubuntu Security Notice USN-3552-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3552-1 - Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5124
MD5 | f5beae9e157b6c3465d7f0c741c213cc
Ubuntu Security Notice USN-3554-2
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3554-2 - USN-3554-1 fixed vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1000007
MD5 | cbb336ff298a6ef4206c6c5ed8192aef
Chromium filesystem::mojom::Directory Sandbox Escape
Posted Jan 31, 2018
Authored by Google Security Research, laginimaineb

Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service.

tags | exploit
advisories | CVE-2018-6055
MD5 | 29596ace8468f827cee80ea00a7fe425
Sprecher Automation SPRECON-E-C / PU-2433 Traversal / DoS
Posted Jan 31, 2018
Authored by T. Weber | Site sec-consult.com

Sprecher Automation SPRECON-E-C and PU-2433 versions prior to 8.49 suffer from directory traversal, missing authentication, broken authentication, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
MD5 | 3eee1d1477c9814e48ff458b33bc5936
Ubuntu Security Notice USN-3553-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3553-1 - It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. Various other issues were also addressed.

tags | advisory, ruby
systems | linux, ubuntu
advisories | CVE-2017-0901, CVE-2017-0902, CVE-2017-0903
MD5 | 9fbc460d38073ceb73302a8f256c5cbc
Debian Security Advisory 4094-2
Posted Jan 31, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4094-2 - CA'me Chilliet from the FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch.

tags | advisory
systems | linux, debian
advisories | CVE-2017-1000480
MD5 | 5b58dc778a857812a944448df08335d7
systemd Local Privilege Escalation
Posted Jan 31, 2018
Authored by Michael Orlitzky

systemd (systemd-tmpfiles) versions prior to 236 suffer from an fs.protected_hardlinks=0 local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-18078
MD5 | 28b82df7153ff8f785b06fc4f6265f23
Ubuntu Security Notice USN-3551-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3551-1 - Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code.

tags | advisory, web, denial of service, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2017-13884, CVE-2017-13885, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2018-4088, CVE-2018-4096
MD5 | 03155ba7333222d7d3aaa92e3651eaee
Red Hat Security Advisory 2018-0252-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0252-01 - collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. Security Fix: The csnmp_read_table function in the SNMP plugin of collectd, before version 5.6.3, is susceptible to a double free in a certain error case. This could lead to a crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16820
MD5 | 69129257bbcebfc56abd650b90a3072c
Red Hat Security Advisory 2018-0242-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0242-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-1000385
MD5 | 511849f3080588a3367f99f428adf620
Red Hat Security Advisory 2018-0241-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0241-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Security Fix: By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16239
MD5 | b46916f647649c3af4bff5a7353014c4
Ubuntu Security Notice USN-3550-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3550-1 - It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380
MD5 | 5f3208b5b603b99222466af1acb0b1c1
Red Hat Security Advisory 2018-0239-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0239-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 was retired as of January 29, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after January 29, 2018.

tags | advisory
systems | linux, redhat
MD5 | cd15d1e1d74265849f13d36541fe9098
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close