Twenty Year Anniversary
Showing 76 - 100 of 495 RSS Feed

Files Date: 2017-01-01 to 2017-01-31

Android RKP Memory Corruption
Posted Jan 26, 2017
Authored by Google Security Research, laginimaineb

Android suffers from an RKP related memory corruption vulnerability in rkp_mark_adbd.

tags | advisory
MD5 | 7e81520365413a1dfd2ebd05eca4fa3c
Mac OS / iOS IOService::matchPassive Use-After-Free
Posted Jan 26, 2017
Authored by Google Security Research, ianbeer

Mac OS / iOS kernels suffer from a use-after-free due to a failure to take reference in IOService::matchPassive.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2353
MD5 | e669deea1d2cdd39e0dcb1090e39f7ce
Mandos Encrypted File System Unattended Reboot Utility 1.7.14
Posted Jan 26, 2017
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 4f5c86874e3c4a497110ec582ef22c36
WordPress InfiniteWP Client 1.5.1.3 / 1.6.0 PHP Object Injection
Posted Jan 25, 2017
Authored by Yorick Koster, Securify B.V.

WordPress InfiniteWP Client plugin versions 1.5.1.3 and 1.6.0 suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 46b274061e0acc0178360b285063f6b1
EMC Isilon OneFS Privilege Escalation
Posted Jan 25, 2017
Site emc.com

EMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. Various versions of the 7.x.x.x releases are affected.

tags | advisory
advisories | CVE-2016-9871
MD5 | e667ced2224e97d4bc7c29d00c863473
WordPress CMS Commander Client 2.21 PHP Object Injection
Posted Jan 25, 2017
Authored by Yorick Koster, Securify B.V.

WordPress CMS Command Client plugin version 2.21 suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 9a7027555b61d92952f9550a552cf56f
WordPress Google Forms 0.87 PHP Object Injection
Posted Jan 25, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Google Forms plugin versions 0.8 through 0.87 suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 4808b37b794d5488075cea57599da9e2
OpenCart 2.3.0.2 Cross Site Request Forgery
Posted Jan 25, 2017

OpenCart version 2.3.0.2 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | eb474e9107cd056b386ae5b810b14eda
Gentoo Linux Security Advisory 201701-65
Posted Jan 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-65 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, the worst of which may allow execution of arbitrary code Versions less than 1.8.0.121 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289
MD5 | 02e023b883e373a3bf1d31ee813fd1ae
Gentoo Linux Security Advisory 201701-64
Posted Jan 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-64 - Multiple vulnerabilities have been found in X.Org X Server, the worst of which may allow authenticated attackers to read from or send information to arbitrary X11 clients. Versions less than 1.18.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6424, CVE-2015-3164, CVE-2015-3418
MD5 | 64d752296eeef5e5435d05f74f6fab8e
Red Hat Security Advisory 2017-0191-01
Posted Jan 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0191-01 - After March 31, 2017, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.6 or older on Red Hat Enterprise Linux 5. The listed versions will exit the existing Limited Maintenance Release phase.

tags | advisory
systems | linux, redhat
MD5 | 33887b0e2915cdb9e7edd05a5c1428b6
Red Hat Security Advisory 2017-0192-01
Posted Jan 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0192-01 - After March 31, 2017, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.6 or older on Red Hat Enterprise Linux 5. The listed versions will exit the existing Limited Maintenance Release phase.

tags | advisory
systems | linux, redhat
MD5 | b2d35c67ecc875462cc0401fce2de280
Red Hat Security Advisory 2017-0190-01
Posted Jan 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0190-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396
MD5 | 165044ce69b894d5aa649a4ef01e9fa0
HP Security Bulletin HPSBST03642 3
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3566, CVE-2016-0705
MD5 | 2a7fc4c484132a88fb19a3bff6be7eaa
HP Security Bulletin HPSBHF03695 1
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03695 1 - A security vulnerability with the Ethernet Non-Volatile Flash Memory (NVM) image in Intel Forteville-based adapters has been addressed by certain HPE Ethernet Adaptors. The vulnerability could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-8106
MD5 | d5351baa60822d038b62fa6700179fab
Ubuntu Security Notice USN-3179-1
Posted Jan 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3179-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289
MD5 | 05bd35309151940a3d3bf97cb00f1258
Red Hat Security Advisory 2017-0194-01
Posted Jan 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0194-01 - This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-2108, CVE-2016-2177, CVE-2016-2178, CVE-2016-4459, CVE-2016-6808, CVE-2016-8612
MD5 | 975da83bd9aca9cb9a5340cea42e0844
Red Hat Security Advisory 2017-0193-01
Posted Jan 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0193-01 - This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6, and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-2108, CVE-2016-2177, CVE-2016-2178, CVE-2016-4459, CVE-2016-6808, CVE-2016-8612
MD5 | 053512a40c8824ef00912d4a3a6321c1
HP Security Bulletin HPSBHF03441 2
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03441 2 - Potential security vulnerabilities have been identified in HPE Integrated Lights Out 3, HPE Integrated Lights Out 4, and Integrated Lights Out 4 mRCA. The vulnerabilities are remotely exploitable. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2016-4375
MD5 | 9b68eecfa3566190ba2cb263b99d3322
WD My Cloud Mirror 2.11.153 Remote Command Execution / Authentication Bypass
Posted Jan 25, 2017
Authored by Kacper Szurek

WD My Cloud Mirror version 2.11.153 suffers from remote command execution and authentication bypass vulnerabilities.

tags | exploit, remote, vulnerability, bypass
MD5 | 3a03bededda8df40bf30974851a7f210
An Overview Of Some Popular Network Anonymity Systems
Posted Jan 25, 2017
Authored by James Fell

This essay takes a look at a selection of network anonymity systems including VPNs, Tor, Freenet and I2P. The different systems are explained and then compared and contrasted with each other. A number of issues are considered for each system including ease of use, popularity, strength of anonymity provided, and potential attacks on the system.

tags | paper
MD5 | edf4b50c5f22ff22e631de9cd3c9e745
Apple Security Advisory 2017-01-23-7
Posted Jan 25, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-01-23-7 - iTunes for Windows 12.5.5 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple
advisories | CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2366
MD5 | f57789b6c84897bc855b33dca4b22e27
Ubuntu Security Notice USN-3178-1
Posted Jan 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3178-1 - It was discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-5208, CVE-2017-5331, CVE-2017-5332, CVE-2017-5333
MD5 | 39be44b1d1641cee2e74718b45208494
Cisco Security Advisory 20170124-webex
Posted Jan 24, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco WebEx browser extensions provided by Cisco WebEx Meetings Server and Cisco WebEx Meetings Center could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the use of a crafted pattern by the affected software. An attacker could exploit this vulnerability by directing a user to a web page that contains the crafted pattern and starting a WebEx session. The WebEx session could allow the attacker to execute arbitrary code on the affected system, which could be used to conduct further attacks. Cisco has begun to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web, arbitrary
systems | cisco
MD5 | 088f50565f7b84d228e21059275699e0
Slackware Security Advisory - mozilla-firefox Updates
Posted Jan 24, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 92b16efa31362143160feabc3dea32af
Page 4 of 20
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close