what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2018-02-20

Red Hat Security Advisory 2018-0336-01
Posted Feb 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-6459, CVE-2014-8183, CVE-2016-1669, CVE-2016-3693, CVE-2016-3696, CVE-2016-3704, CVE-2016-4451, CVE-2016-4995, CVE-2016-4996, CVE-2016-6319, CVE-2016-8639, CVE-2016-9593, CVE-2016-9595, CVE-2017-2667, CVE-2017-2672
SHA-256 | f33fdbb9f17a9910f6bb8747cd69b73e5a65222f0d44324a839bac58722b9798
Ubuntu Security Notice USN-3577-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2017-18190
SHA-256 | df2c2a365476e5ab3300528c58be0fd9fc0ebd53e18d182bb67578d8076a5932
Red Hat Security Advisory 2018-0334-01
Posted Feb 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-6056
SHA-256 | 5055cae290c2dd58f5f325a276f0e772eb32720d091ad7ef5ce1b5d737448872
Ubuntu Security Notice USN-3576-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-5008, CVE-2017-1000256, CVE-2018-5748, CVE-2018-6764
SHA-256 | 90c6d4cdd362e55904c6d76f4118ef039e8e85b0aab04a6669ee178da97eb658
Windows NPFS Symlink Security Feature Bypass / Privilege Escalation
Posted Feb 20, 2018
Authored by James Forshaw, Google Security Research

Windows suffers from NPFS Symlink security feature bypass and privilege escalation vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2018-0823
SHA-256 | 241a41e7b4c34606c5b8c38997e3a9919b21068375867365bd1daf381cc4f5dc
Ubuntu Security Notice USN-3575-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-11334, CVE-2017-13672, CVE-2017-14167, CVE-2017-15038, CVE-2017-15118, CVE-2017-15119, CVE-2017-15124, CVE-2017-15268, CVE-2017-15289, CVE-2017-16845, CVE-2017-17381, CVE-2017-18043, CVE-2018-5683
SHA-256 | 9216cd38d1a355f9c315588c2a43b7eb0867dc1c8b82f16c2edab968fb6683e4
Windows Global Reparse Point Security Feature Bypass / Privilege Escalation
Posted Feb 20, 2018
Authored by James Forshaw, Google Security Research

Windows suffer from Global Reparse Point security feature bypass and privilege escalation vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2018-0822
SHA-256 | 817479ced9c55750d45cb5a0bd0abe3a085b6eb1f5c6e5bafd694e7961cbeb11
Windows Kernel nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure
Posted Feb 20, 2018
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from a nt!RtlpCopyLegacyContextX86 stack memory disclosure vulnerability.

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0832
SHA-256 | 199235f1e50c783934bc089610c17d71c6e7359a26462fdd0048024c134ddbae
Windows StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation
Posted Feb 20, 2018
Authored by James Forshaw, Google Security Research

StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file creation vulnerability that allows for privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2018-0826
SHA-256 | da3cf612ba7cedad78f1b652e836abe760eadee6b6d179778393eb87b95624a5
MagniComp SysInfo mcsiwrapper Privilege Escalation
Posted Feb 20, 2018
Authored by Brendan Coles, Daniel Lawson, Romain Trouve | Site metasploit.com

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.

tags | exploit, arbitrary, x86, root
systems | linux, solaris, debian, fedora
advisories | CVE-2017-6516
SHA-256 | 809ebb68ed1aab5bb488f6d63c6c587cf594c965eb2d13367633fdff06cc093e
Radiant CMS 1.1.4 Cross Site Scripting
Posted Feb 20, 2018
Authored by Suparna Kachroo

Radiant CMS version 1.1.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7261
SHA-256 | 94d9e7767b64e9f32c9c0292fe312b8b61b280f6a8bb0532ebeb9be8be39ef01
Gentoo Linux Security Advisory 201802-06
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-6 - A vulnerability in LibreOffice might allow remote attackers to read arbitrary files. Versions less than 5.4.5.1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-6871
SHA-256 | e52783ecbf3d0aed53e821478a194b9d1227605de0ca88ff8d978517facdc9c9
Gentoo Linux Security Advisory 201802-05
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-5 - A vulnerability has been found in Ruby which may allow for arbitrary command execution. Versions less than 2.2.9:2.2 are affected.

tags | advisory, arbitrary, ruby
systems | linux, gentoo
advisories | CVE-2017-17405
SHA-256 | cef946c6cb0cfc9ef3f929b43b4dedbca821675979bd69edd5fb661f0d0a954a
Gentoo Linux Security Advisory 201802-04
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-4 - Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code. Versions less than 5.6.39 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10155, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10314, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3599, CVE-2017-3600, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635
SHA-256 | 682e0b61aa43e86f7d5c80a68000e54a4ce775a285fbe79431d38e00abfa3ec1
Gentoo Linux Security Advisory 201802-03
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2016-6354, CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465
SHA-256 | 9c755436dabdfb3e7a966a0901e80d5c8a7a16dfd36c2bb6664051a1013932d3
Mozilla Executable Installer DLL Hijacking
Posted Feb 20, 2018
Authored by Stefan Kanthak

Mozilla's executable installers are vulnerable to dll hijacking.

tags | advisory
systems | windows
SHA-256 | 667fb44cb2aa120fbd61c8117b32b9ec85ae2bc46b83d6b9d112e9bfb4199dc9
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close