exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2018-05-17

AF_PACKET packet_set_ring Privilege Escalation
Posted May 17, 2018
Authored by Brendan Coles, Andrey Konovalov | Site metasploit.com

This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2017-7308
SHA-256 | 7b4f48c24e371972810721c416bade431b286fec0e3a136c171f4ecb92af8692
Red Hat Security Advisory 2018-1609-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1609-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. Issues addressed include a privilege escalation vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-8656, CVE-2016-8657
SHA-256 | 81f5ab6bbe3c288da5788fe603447f302cec9bd2a7e2d9c7e23024337456cad5
Slackware Security Advisory - php Updates
Posted May 17, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549
SHA-256 | d1aa5a62111a07197a2aaccfb382dbb33114dcf775f441d2e865493d97ae346a
Intelbras NCLOUD 300 1.0 Authentication Bypass
Posted May 17, 2018
Authored by Pedro Aguiar

Intelbras NCLOUD 300 version 1.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-11094
SHA-256 | c0b2d400e49ff299100c1fc673ba05c78e1e22446fb3832ba3efe604e0003060
Red Hat Security Advisory 2018-1607-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1607-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2017-12149
SHA-256 | 0b9cc24c539472cc37d25940db03c9b6a46a9a8e7eee652e38751c575832d809
Red Hat Security Advisory 2018-1593-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1593-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-12155, CVE-2018-1000115
SHA-256 | 152b29ed1fc7877b224d7421750f311465cf5de3926f88af2eb5b25c7f3447e0
Slackware Security Advisory - curl Updates
Posted May 17, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1000300, CVE-2018-1000301
SHA-256 | 995df06ea509e3ba0623ef636ade9ddadf80140e6d9d607242983d794e83bac1
Nanopool Claymore Dual Miner 7.3 Remote Code Execution
Posted May 17, 2018
Authored by ReverseBrain

Nanopool Claymore Dual Miner version 7.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000049
SHA-256 | 53609dc34126d348a5caadd8991b65475a0d5a9df21934fb6121d47c9df2b23f
Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery
Posted May 17, 2018
Authored by t4rkd3vilz

Powerlogic/Schneider Electric IONXXXX Series suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-5809
SHA-256 | cbfadb4f6124af0d04a94c69b20b073ca62f7db4a2dc725a2377d3bf720c262f
Red Hat Security Advisory 2018-1608-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1608-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2017-12149
SHA-256 | 36eb1033325725ffeeae126499491998e537e07309b7bad0357e9748cfa7387e
Red Hat Security Advisory 2018-1593-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1593-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-12155, CVE-2018-1000115
SHA-256 | 152b29ed1fc7877b224d7421750f311465cf5de3926f88af2eb5b25c7f3447e0
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
Posted May 17, 2018
Authored by Borna Nematzadeh

SuperCom Online Shopping Ecommerce Cart 1 suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | fa826216901fe5358126b5e3b35d5aaaf8215eae09454a01da916568498f33ea
NodAPS 4.0 Cross Site Request Forgery / SQL Injection
Posted May 17, 2018
Authored by Borna Nematzadeh

NodAPS version 4.0 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | 5e77b51a868cbd53c3a7643bc0b4f70c3c7bf616e963ca796d9a818ad5853e41
Red Hat Security Advisory 2018-1605-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1605-01 - Red Hat OpenStack Platform Operational Tools provides the facilities for monitoring a private or public Red Hat OpenStack Platform cloud. collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. Security fix: collectd: double free in csnmp_read_table function in snmp.c.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-16820
SHA-256 | 6b52920846053a63aee72c41ceb0f57b8c3b419aaf4a351a62eab41155b4bf82
Red Hat Security Advisory 2018-1606-01
Posted May 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1606-01 - Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Security fix: Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text. For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Issues addressed include a failed redaction issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000060
SHA-256 | 45e99473cc6898aca3f57360cc0eb1aacd5d41ec12447f5148adf26ed2382d7e
Debian Security Advisory 4202-1
Posted May 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

tags | advisory
systems | linux, debian
advisories | CVE-2018-1000301
SHA-256 | 90a8bd88a40752bf5d9068f391d79df7a3cd320bafb58ab2092469b30f208678
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close