Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-02-13

Ubuntu Security Notice USN-3569-1
Posted Feb 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3569-1 - It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-14632, CVE-2017-14633
MD5 | 14e4e469973769025ea7a81e687d7513
Microsoft Intune App PIN Bypass
Posted Feb 13, 2018
Authored by Stephan Sekula

Compass Security discovered a design weakness in Microsoft Intune's app protection. This weakness allows a malicious user that gets hold of an employee's iOS device to access company data even without knowing the app PIN.

tags | exploit
systems | cisco, ios
MD5 | c46a3d6ea1c728f1cb1a8de7ee96f1f7
Red Hat Security Advisory 2018-0316-01
Posted Feb 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0316-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2017-12613
MD5 | 55c846c815ca8a40bd787b3198550cd4
Red Hat Security Advisory 2018-0314-01
Posted Feb 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0314-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Security Fix: By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16239
MD5 | 48571ad96e11ae5ea37377b1c6609758
Microsoft Security Bulletin Advisory Update For February, 2018
Posted Feb 13, 2018
Site microsoft.com

This Microsoft bulletin summary holds additional information regarding Microsoft security advisory ADV180002.

tags | advisory
MD5 | b26873a45ecc1744b246b7ad424cd8ea
Dell EMC VMAX Virtual Appliance (vApp) File Upload / Hardcoded Password
Posted Feb 13, 2018
Authored by Carlos Perez | Site emc.com

Dell EMC VMAX Virtual Appliance (vApp) Manager suffers from file upload and hardcoded password vulnerabilities. Affected includes Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).

tags | advisory, vulnerability, file upload
advisories | CVE-2018-1215, CVE-2018-1216
MD5 | 11d93c36789566df6ef815dee212fa6e
Microsoft Security Bulletin Summary For February, 2018
Posted Feb 13, 2018
Site microsoft.com

This Microsoft bulletin summary holds information regarding Microsoft security updates for February 13, 2018.

tags | advisory
MD5 | 1201e1fdee6442377d3e52c8ac3ff31e
Red Hat Security Advisory 2018-0315-01
Posted Feb 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0315-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. openstack-aodh has been rebased to the upstream 4.0.2-3 version. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12440
MD5 | 67e15433b38e01c0b5cf5c60687107aa
Red Hat Security Advisory 2018-0303-01
Posted Feb 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0303-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-1000385
MD5 | 217f1512f2875b82f71a2d4e6975541f
HP Security Bulletin MFSBGN03800 1
Posted Feb 13, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03800 1 - A potential vulnerability has been identified in Micro Focus Performance Center. The vulnerability could be exploited to Remote Arbitrary File Modification or Remote Arbitrary Code Execution. Revision 1 of this advisory.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2017-11357
MD5 | c9065438dcac9c12fa86b0dc97d95af0
Red Hat Security Advisory 2018-0299-01
Posted Feb 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0299-01 - collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. Security Fix: A double-free vulnerability was found in the csnmp_read_table function in the SNMP plugin of collectd. A network-based attacker could exploit this by sending malformed data, causing collectd to crash or possibly other impact.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16820
MD5 | a9104fcd5a977ae6e16adc40de51b8a2
From APK To Golden Ticket
Posted Feb 13, 2018
Authored by Giuseppe Trotta, Andrea Pierini

Whitepaper called From APK to Golden Ticket.

tags | paper
MD5 | c41b1a6331f02af6ab88c77c02e46108
TypeSetter CMS 5.1 Host Header Injection
Posted Feb 13, 2018
Authored by Navina Asrani

TypeSetter CMS version 5.1 suffers from a host header injection vulnerability.

tags | exploit
advisories | CVE-2018-6889
MD5 | 79728f4462823cdf8b70681c903c52e5
News Website Script 2.0.4 SQL Injection
Posted Feb 13, 2018
Authored by Varun Bagaria

News Website Script version 2.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7a4bb6574c7180e2cf83c47bc96e4aa3
dotCMS SQL Injection
Posted Feb 13, 2018
Authored by Elar Lang

dotCMS versions prior to 4.1.1 suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2016-10007, CVE-2016-10008
MD5 | 051378d5d7710f66ec2e4258a92e4061
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    13 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close