what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-04-25 to 2017-04-26

Dell Customer Connect 1.3.28.0 Privilege Escalation
Posted Apr 25, 2017
Authored by Kacper Szurek

Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 01adb10edf42c5c531eefc99d7226ee312a57ead81179ddea9469321e3875f5e
OpenText Documentum Content Server SQL Injection
Posted Apr 25, 2017
Authored by Andrey B. Panfilov

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. This code is a proof of concept exploit.

tags | exploit, remote, arbitrary, sql injection, proof of concept
advisories | CVE-2014-2513, CVE-2015-4533, CVE-2017-7221
SHA-256 | 075e41464f5a5b594ef398cfbdc839e338020d08e61a4d818296c681db42b4d7
Ubuntu Security Notice USN-3266-2
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3266-2 - USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
SHA-256 | 38bf0e1ebe7b487031f7f129018d145bb062758b3fcb637423c23f99910dc876
Ubuntu Security Notice USN-3265-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3265-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5669, CVE-2017-5897, CVE-2017-5970, CVE-2017-5986, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348, CVE-2017-7374
SHA-256 | 458544e325eb238c58004371dbe9356a95171c61c3dbdaeb26265ab61d0a46c5
Ubuntu Security Notice USN-3265-2
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3265-2 - USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5669, CVE-2017-5897, CVE-2017-5970, CVE-2017-5986, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348, CVE-2017-7374
SHA-256 | 0c9967de91275097ac2b964a5f5f15ab25ba17e3a65406a24207ac40379c8d83
Ubuntu Security Notice USN-3266-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3266-1 - Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
SHA-256 | 388005729548db4ef2fb458e260c25a00a658e1fc5e6cc30a86ff9544d66f5cd
Ubuntu Security Notice USN-3264-2
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3264-2 - USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
SHA-256 | 08bd22ddd449f23f83690f03bef696d4220beacfda3e370c51c533548712002a
Ubuntu Security Notice USN-3267-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3267-1 - Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-2619
SHA-256 | 380cf9bf4beda1eda84eea11a36b4452ad006b1cfa8e93c8e4f2d3defff5110c
Ubuntu Security Notice USN-3268-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3268-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10028, CVE-2016-8667, CVE-2016-9602, CVE-2016-9603, CVE-2016-9908, CVE-2016-9912, CVE-2016-9914, CVE-2017-5552, CVE-2017-5578, CVE-2017-5987, CVE-2017-6505
SHA-256 | 55219cd93a67e26cc2c98285217c82a6a4c4a415f32a2bc50c406be0dfd12705
Ubuntu Security Notice USN-3264-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3264-1 - Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-5986
SHA-256 | 5617bdc6e6c1ccc15c09b9257b1ec4cce82e101317b00bd377fd23662ed06fa8
Slackware Security Advisory - mozilla-firefox Updates
Posted Apr 25, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | df5e943771e59fc2289df3af757bd1a57e0e1c52504d2a66c7b611ab1f057e98
Debian Security Advisory 3833-1
Posted Apr 25, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3833-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

tags | advisory
systems | linux, debian
advisories | CVE-2016-9821, CVE-2016-9822
SHA-256 | 8d692af2b943bea43208aef15f7da5e70206cdcf1a91c28cbe75076b9a37add4
Red Hat Security Advisory 2017-1126-01
Posted Apr 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1126-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-2636
SHA-256 | 34d392e00adb86300a44fe21a8d79fc93f1e9dbf79ba5dc3b3e00240e2bbc6be
Red Hat Security Advisory 2017-1125-01
Posted Apr 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-2636
SHA-256 | 7112adc140cf091a6d4e364b6e09c73a98b1eea23f7cd1fef5eb48900766f898
Red Hat Security Advisory 2017-1124-01
Posted Apr 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1124-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 58.0.3029.81. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069
SHA-256 | e325fa775ede1fe0fa9d26ba89abf5e87c0e726c82d6a6adb5a3e13ea26b42d1
OXATIS 2017 Cross Site Scripting
Posted Apr 25, 2017
Authored by HTTPCS

OXATIS 2017 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b4ff5aa49a3b93d6b92ea4d397b075e42df21186055dbc33740a7c44b12f9701
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close