exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2018-01-31

BMC Server Automation RSCD Agent NSH Remote Command Execution
Posted Jan 31, 2018
Authored by Nicky Bloor, Olga Yanushkevich | Site metasploit.com

This Metasploit module exploits a weak access control check in the BMC Server Automation RSCD agent that allows arbitrary operating system commands to be executed without authentication. Note: Under Windows, non-powershell commands may need to be prefixed with 'cmd /c'.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2016-1542, CVE-2016-1543
SHA-256 | 020bc853633a23b3189378857da4cf64c9fbfa92972a9d8257b10605b54490ec
Red Hat Security Advisory 2018-0260-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0260-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1049
SHA-256 | 4ac69c2811c510395540bcc2723c9abe81f7fcdb13eead05595f16ce66d0dd85
Ubuntu Security Notice USN-3554-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3554-1 - It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-1000005, CVE-2018-1000007
SHA-256 | ee1405d654e5fc28965683ec21b5fffd34a6565643e1930d61b5f19285e4b446
IPSwitch MoveIt 9.4 Cross Site Scripting
Posted Jan 31, 2018
Authored by 1N3

IPSwitch MoveIt versions 8.1 through 9.4 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 12013f6ce4d0f0ab29797d4705be8ffde2e21245d164e6f3205ddeebdbc5c88a
Ubuntu Security Notice USN-3552-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3552-1 - Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5124
SHA-256 | cb75456f4685d4fe6714d772f734e3ad10cf43b211c3db184b609ae95eff2868
Ubuntu Security Notice USN-3554-2
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3554-2 - USN-3554-1 fixed vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1000007
SHA-256 | 334231f948d727c2ea5c2f9f47d2ce007628d5ce9684f64828ba1a5e91153af9
Chromium filesystem::mojom::Directory Sandbox Escape
Posted Jan 31, 2018
Authored by Google Security Research, laginimaineb

Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service.

tags | exploit
advisories | CVE-2018-6055
SHA-256 | cc97041329fb5fde5d5be5b7ba4a75fde06179aa88f36bf5eb0548c2978bc596
Sprecher Automation SPRECON-E-C / PU-2433 Traversal / DoS
Posted Jan 31, 2018
Authored by T. Weber | Site sec-consult.com

Sprecher Automation SPRECON-E-C and PU-2433 versions prior to 8.49 suffer from directory traversal, missing authentication, broken authentication, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
SHA-256 | dbe54c5ea42b2b718d2e52d43f2a94c9324fceea90c90f40ef71e0110a6e0d24
Ubuntu Security Notice USN-3553-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3553-1 - It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. Various other issues were also addressed.

tags | advisory, ruby
systems | linux, ubuntu
advisories | CVE-2017-0901, CVE-2017-0902, CVE-2017-0903
SHA-256 | 5d7b3fe0f4c71c7da1067a7580faf6ed442b66169a1f2a91718bc27f05851223
Debian Security Advisory 4094-2
Posted Jan 31, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4094-2 - CA'me Chilliet from the FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch.

tags | advisory
systems | linux, debian
advisories | CVE-2017-1000480
SHA-256 | a4a4694e28ccfca5d8bf2d9ad772854d674221d653add527ca61b2490cdaaa18
systemd Local Privilege Escalation
Posted Jan 31, 2018
Authored by Michael Orlitzky

systemd (systemd-tmpfiles) versions prior to 236 suffer from an fs.protected_hardlinks=0 local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-18078
SHA-256 | ab5c7f27e35d1f4741577e57058839ae024c0d913dfc8c629d2aad07f55c2130
Ubuntu Security Notice USN-3551-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3551-1 - Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code.

tags | advisory, web, denial of service, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2017-13884, CVE-2017-13885, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2018-4088, CVE-2018-4096
SHA-256 | 6f58f2a8b58f4527b92e0b7288534ae7b923b86070b572e1d3898c0cc509a869
Red Hat Security Advisory 2018-0252-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0252-01 - collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. Security Fix: The csnmp_read_table function in the SNMP plugin of collectd, before version 5.6.3, is susceptible to a double free in a certain error case. This could lead to a crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16820
SHA-256 | dbbca830478beafc286591cc7f67dc51b618e721437e463b27a755f246c3b920
Red Hat Security Advisory 2018-0242-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0242-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-1000385
SHA-256 | e3add1cb1128a45de26537048fd9f3350801d1970edd25209ab5d3fb8c55a0e3
Red Hat Security Advisory 2018-0241-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0241-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Security Fix: By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16239
SHA-256 | 007f6e9b5b301cd7db692db00f4249e0ef70f6ae5f31cf04b0f441d019657c72
Ubuntu Security Notice USN-3550-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3550-1 - It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380
SHA-256 | 7d9ee129e8aa9ff28684d890a0e222ae0fdaf7d6118ce4bec373d5b4a13c8986
Red Hat Security Advisory 2018-0239-01
Posted Jan 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0239-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 was retired as of January 29, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after January 29, 2018.

tags | advisory
systems | linux, redhat
SHA-256 | f58ad3a5f00599eac9c83ca46f003cc929710f53c7230b4fe9b5a46981d166f8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close