all things security
Showing 76 - 100 of 432 RSS Feed

Files Date: 2017-04-01 to 2017-04-30

Slackware Security Advisory - mozilla-firefox Updates
Posted Apr 24, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 to fix security and stability issues.

tags | advisory
systems | linux, slackware
MD5 | cfe3574ff99afdd892183f4bc0d30210
Microsoft Windows Dolby Audio X2 Service Privilege Escalation
Posted Apr 24, 2017
Authored by Google Security Research, forshaw

The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2017-7293
MD5 | 335be82ee5239bb58196243435177028
Disk Sorter Enterprise 9.5.12 GET Buffer Overflow
Posted Apr 24, 2017
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise version 9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, web, overflow, x86
systems | windows, 7
MD5 | d0efa18e6955b9b943952b0d59267c45
WePresent WiPG-1000 Command Injection
Posted Apr 24, 2017
Authored by Matthias Brun | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.

tags | exploit, cgi
MD5 | 9b114a97c4c0d9295990975928a03725
Red Hat Security Advisory 2017-1119-01
Posted Apr 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1119-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2017-3509, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | ebd9c833e9a35e46957721f5ca58b68b
Red Hat Security Advisory 2017-1117-01
Posted Apr 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1117-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 131. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | c0d373c56981ee80e0e91096309c730f
Red Hat Security Advisory 2017-1118-01
Posted Apr 24, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1118-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 141. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 6ec001747aae0497ef65d2e4bf1a7036
Gnome Keyring Daemon Credential Disclosure
Posted Apr 24, 2017
Authored by Luca Ercoli | Site lucaercoli.it

The gnome-keyring-daemon is vulnerable to local credential disclosure as it leaves credentials accessible in memory.

tags | exploit, local, info disclosure
MD5 | dab6a6b67a31a5658f079344def0f19c
Starscream 2.0.3 SSL Pinning Bypass
Posted Apr 23, 2017
Authored by Giuliano Galea, Lukas Futera

Starscream library version prior to 2.0.4 suffer from an SSL pinning vulnerability due to the pinning occurring too late in the stream function.

tags | advisory, bypass
advisories | CVE-2017-5887
MD5 | b0989ba797389d3201af3d8be771474f
SquirrelMail 1.4.22 Remote Code Execution
Posted Apr 23, 2017
Authored by Dawid Golunski

SquirrelMail versions 1.4.22 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7692
MD5 | aca9c60af6e94fd27e23b8ce1f25f382
Western Digital My Cloud 2.21.126 Authentication Bypass
Posted Apr 22, 2017
Authored by Securify B.V., Remco Vermeulen

Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.

tags | exploit, bypass
MD5 | 03efc4e9cf55948800f65cb80dd0da13
Linux/x86 Egg-Hunter Shellcode
Posted Apr 22, 2017
Authored by phackt_ul

18 bytes small Linux/x86 egg-hunter shellcode.

tags | x86, shellcode
systems | linux
MD5 | 55237a6e0bf93ca13c7290f3ff373598
Ubuntu Security Notice USN-3260-1
Posted Apr 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3260-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, xss
systems | linux, ubuntu
advisories | CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460
MD5 | b693a951a2efb8041880522f8ebd8fe9
Oracle VirtualBox 5.1.18 Guest Additions Double-Free
Posted Apr 21, 2017
Authored by Google Security Research, mjurczyk

A heap double-free vulnerability has been discovered in Oracle VirtualBox version 5.1.18 when Guest Additions (and more specifically shared folders) are enabled in the guest operating system.

tags | exploit
advisories | CVE-2017-3587
MD5 | a2ba12f8f6dd039daa8cda8cc7e00f0f
WordPress AccessPress Social Icons 1.6.6 SQL Injection
Posted Apr 21, 2017
Authored by DefenseCode, Neven Biruski

WordPress AccessPress Social Icons plugin versions 1.6.6 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 9d14bcc50dc1e82357572a79e09e747e
Starscream 2.0.3 SSL Pinning Bypass
Posted Apr 21, 2017
Authored by Giuliano Galea, Lukas Futera

WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting the TCP connection between the client and server, and afterwards by injecting an SSL server certificates they control.

tags | advisory, tcp, bypass, info disclosure
advisories | CVE-2017-7192
MD5 | 4a7af40db402a792926151e595919340
Exponent CMS 2.4.1 SQL Injection
Posted Apr 21, 2017
Authored by 404 Not Found

Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-7991
MD5 | 8fc45c6470c515d4326185e4b391a80c
nt!_SEP_TOKEN_PRIVILEGES Single Write EoP Protection
Posted Apr 21, 2017
Authored by Kyriakos Economou

This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.

tags | paper, kernel
MD5 | 30228610ed457bed8670b8f3dcfdd1b6
Red Hat Security Advisory 2017-1109-01
Posted Apr 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1109-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 0bc5adf6231e691697bf1f8d7e0b43f9
Red Hat Security Advisory 2017-1108-01
Posted Apr 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1108-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 9a81f66b248e03c6ab156c611e4405cd
Ubuntu Security Notice USN-3263-1
Posted Apr 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3263-1 - It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10328
MD5 | 6ea2c1999ded647549ef91e567ed6d51
Ubuntu Security Notice USN-3259-1
Posted Apr 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3259-1 - It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-3136, CVE-2017-3137, CVE-2017-3138
MD5 | f90db46f7c13a442b42ceda025615e04
Red Hat Security Advisory 2017-1106-01
Posted Apr 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1106-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465
MD5 | d6e9d64a4125e36e138aba8b516f330e
Ubuntu Security Notice USN-3262-1
Posted Apr 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3262-1 - It was discovered that curl incorrectly handled client certificates when resuming a TLS session. A remote attacker could use this to hijack a previously authenticated connection.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-7468
MD5 | d592f3ab6cca52d0bba85f68c14caeaa
Wells Fargo Poor Password Configurations
Posted Apr 21, 2017
Authored by anonymous

WellsFargo.com password and security management has been identified as being in a weak state of configuration and violation of PCI DSS 3.2 Subsection 8.2.3, 8.2.4. Multiple vulnerabilities result in poor credential management and configuration, as well as flaws in triggering fraud detection. Some vulnerabilities can be paired with each other to increase the risk associated.

tags | advisory, vulnerability
MD5 | c0a6146d69e9eff5b6dbeb8ecfb9e6c0
Page 4 of 18
Back23456Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close