Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2018-02-20

Red Hat Security Advisory 2018-0336-01
Posted Feb 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-6459, CVE-2014-8183, CVE-2016-1669, CVE-2016-3693, CVE-2016-3696, CVE-2016-3704, CVE-2016-4451, CVE-2016-4995, CVE-2016-4996, CVE-2016-6319, CVE-2016-8639, CVE-2016-9593, CVE-2016-9595, CVE-2017-2667, CVE-2017-2672
MD5 | 321ab6f0a0184312cc9770bd037c6df7
Ubuntu Security Notice USN-3577-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2017-18190
MD5 | 73e8a98550dd664c32df48cec1e47b6c
Red Hat Security Advisory 2018-0334-01
Posted Feb 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-6056
MD5 | 1bf3920760fb2e14938aac7906098075
Ubuntu Security Notice USN-3576-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-5008, CVE-2017-1000256, CVE-2018-5748, CVE-2018-6764
MD5 | 931859bd5d694e9c9b0cfb0c3d3fb153
Windows NPFS Symlink Security Feature Bypass / Privilege Escalation
Posted Feb 20, 2018
Authored by James Forshaw, Google Security Research

Windows suffers from NPFS Symlink security feature bypass and privilege escalation vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2018-0823
MD5 | 351a799b32a8be9550b61628f66dea60
Ubuntu Security Notice USN-3575-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-11334, CVE-2017-13672, CVE-2017-14167, CVE-2017-15038, CVE-2017-15118, CVE-2017-15119, CVE-2017-15124, CVE-2017-15268, CVE-2017-15289, CVE-2017-16845, CVE-2017-17381, CVE-2017-18043, CVE-2018-5683
MD5 | bd2712c7c70f27164ec4d237cb2e9d33
Windows Global Reparse Point Security Feature Bypass / Privilege Escalation
Posted Feb 20, 2018
Authored by James Forshaw, Google Security Research

Windows suffer from Global Reparse Point security feature bypass and privilege escalation vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2018-0822
MD5 | 84a050a0c09ac8b610c64807057eb756
Windows Kernel nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure
Posted Feb 20, 2018
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from a nt!RtlpCopyLegacyContextX86 stack memory disclosure vulnerability.

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0832
MD5 | 377dfc9711b87f3d2d74deede52a59ef
Windows StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation
Posted Feb 20, 2018
Authored by James Forshaw, Google Security Research

StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file creation vulnerability that allows for privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2018-0826
MD5 | 975bfeb1e370d50ca7f709523268f0be
MagniComp SysInfo mcsiwrapper Privilege Escalation
Posted Feb 20, 2018
Authored by Brendan Coles, Daniel Lawson, Romain Trouve | Site metasploit.com

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.

tags | exploit, arbitrary, x86, root
systems | linux, solaris, debian, fedora
advisories | CVE-2017-6516
MD5 | 8b66a6c82ba59a4ce479a1d17b9e36b6
Radiant CMS 1.1.4 Cross Site Scripting
Posted Feb 20, 2018
Authored by Suparna Kachroo

Radiant CMS version 1.1.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7261
MD5 | 6dc58a00103bd51e9c6c7282cfb3fd76
Gentoo Linux Security Advisory 201802-06
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-6 - A vulnerability in LibreOffice might allow remote attackers to read arbitrary files. Versions less than 5.4.5.1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-6871
MD5 | 1e3e65ab877e7b8d76068f51e4d19eb3
Gentoo Linux Security Advisory 201802-05
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-5 - A vulnerability has been found in Ruby which may allow for arbitrary command execution. Versions less than 2.2.9:2.2 are affected.

tags | advisory, arbitrary, ruby
systems | linux, gentoo
advisories | CVE-2017-17405
MD5 | 013a559d47b485c86bbb96a6c30d869b
Gentoo Linux Security Advisory 201802-04
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-4 - Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code. Versions less than 5.6.39 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10155, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10314, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3599, CVE-2017-3600, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635
MD5 | 903f54350b730d80d84df608a73211ba
Gentoo Linux Security Advisory 201802-03
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2016-6354, CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465
MD5 | 342c99b34da6a302b3f5a3b2469de9ea
Mozilla Executable Installer DLL Hijacking
Posted Feb 20, 2018
Authored by Stefan Kanthak

Mozilla's executable installers are vulnerable to dll hijacking.

tags | advisory
systems | windows
MD5 | 8915a3fa0d07a20bdf3b322c2c1e4179
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close