Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2018-05-17

AF_PACKET packet_set_ring Privilege Escalation
Posted May 17, 2018
Authored by Brendan Coles, Andrey Konovalov | Site metasploit.com

This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2017-7308
MD5 | 619464075778b62a92b3753066e120ba
Red Hat Security Advisory 2018-1609-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1609-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. Issues addressed include a privilege escalation vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-8656, CVE-2016-8657
MD5 | 7c100c472fd59e5ad369c9effc751de1
Slackware Security Advisory - php Updates
Posted May 17, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549
MD5 | a8f21befcaeda522f47af64b6d0c5282
Intelbras NCLOUD 300 1.0 Authentication Bypass
Posted May 17, 2018
Authored by Pedro Aguiar

Intelbras NCLOUD 300 version 1.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-11094
MD5 | 388ac8e1c27e9c1b841bbf975ca1481a
Red Hat Security Advisory 2018-1607-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1607-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2017-12149
MD5 | dee495cfe14cbaa6158b93cea0446461
Red Hat Security Advisory 2018-1593-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1593-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-12155, CVE-2018-1000115
MD5 | 9e6e66db8a08c7c4b5d71cd5f923df18
Slackware Security Advisory - curl Updates
Posted May 17, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1000300, CVE-2018-1000301
MD5 | 521162b2ea72021232324db926b46554
Nanopool Claymore Dual Miner 7.3 Remote Code Execution
Posted May 17, 2018
Authored by ReverseBrain

Nanopool Claymore Dual Miner version 7.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000049
MD5 | 8623321185104823c8fa7a0e5ca0190f
Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery
Posted May 17, 2018
Authored by t4rkd3vilz

Powerlogic/Schneider Electric IONXXXX Series suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-5809
MD5 | 2ef17c9ee603982d018c378cdb7b105c
Red Hat Security Advisory 2018-1608-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1608-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2017-12149
MD5 | fbe66019443ba99f0b3702a2afac7898
Red Hat Security Advisory 2018-1593-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1593-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-12155, CVE-2018-1000115
MD5 | 9e6e66db8a08c7c4b5d71cd5f923df18
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
Posted May 17, 2018
Authored by Borna Nematzadeh

SuperCom Online Shopping Ecommerce Cart 1 suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | eee904a60e89110b7191ba2d167bbfb3
NodAPS 4.0 Cross Site Request Forgery / SQL Injection
Posted May 17, 2018
Authored by Borna Nematzadeh

NodAPS version 4.0 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | c44435ac73194c9205c2e0f6fdab2a8b
Red Hat Security Advisory 2018-1605-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1605-01 - Red Hat OpenStack Platform Operational Tools provides the facilities for monitoring a private or public Red Hat OpenStack Platform cloud. collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. Security fix: collectd: double free in csnmp_read_table function in snmp.c.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16820
MD5 | 3ac3e04d6f0e29a92ac6f6eaf01c7cd1
Red Hat Security Advisory 2018-1606-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1606-01 - Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Security fix: Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text. For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Issues addressed include a failed redaction issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000060
MD5 | 58acea7fb88289c404cf58fcd6e4358e
Debian Security Advisory 4202-1
Posted May 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

tags | advisory
systems | linux, debian
advisories | CVE-2018-1000301
MD5 | bca5c9e18380423f0b3f484011c480fc
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close