exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-05-22 to 2017-05-23

HPE Security Bulletin HPESBHF03744 1
Posted May 22, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03744 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-7053, CVE-2016-7054, CVE-2016-7055
SHA-256 | 99aeebea1c35a4f406782d080470c69bf66978ba45cc37f1440ba6f370c6f25f
Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery
Posted May 22, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Mantis Bug Tracker versions 1.3.10 and 2.3.0 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-7620
SHA-256 | 657f51bab66ce5d5cf6800d27e2f3bc584ea834cf9cbd98479d947434a3b0ead
Debian Security Advisory 3858-1
Posted May 22, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3858-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography.

tags | advisory, java, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
SHA-256 | e8004e244bc9ba3237af6bccc9d6a3803da5f5860ae47f04632bea3d25f01406
Red Hat Security Advisory 2017-1262-01
Posted May 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, remote, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
SHA-256 | 9df768ffe02abc9c9d33d36f5d1cb57af1e669c292ca02824422babbe60dd117
Red Hat Security Advisory 2017-1263-01
Posted May 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1263-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

tags | advisory, remote, memory leak
systems | linux, redhat
advisories | CVE-2017-8779
SHA-256 | 49d9acba01c695412d6018d26794d50acb5f77b1730e133e0169fa768d25b526
Red Hat Security Advisory 2017-1265-01
Posted May 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1265-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2125, CVE-2016-2126, CVE-2017-2619
SHA-256 | 4098aa20948ce3f8ca4c274f5eed9f9ca798a1f08ce911aefc1cc64b5cf7492f
Red Hat Security Advisory 2017-1264-01
Posted May 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1264-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix: A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.

tags | advisory, local, root, spoof
systems | linux, redhat
advisories | CVE-2017-8422
SHA-256 | 55b5ec56d5fdf924706e71ec4e094f503df4e61144152b03ddfde919983c2a85
VMWare Workstation On Linux Privilege Escalation
Posted May 22, 2017
Authored by Jann Horn, Google Security Research

This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges. The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/.asoundrc. libasound is not designed to run in a setuid context and deliberately permits loading arbitrary shared libraries via dlopen().

tags | exploit, arbitrary, root
systems | linux
advisories | CVE-2017-4915
SHA-256 | 4f6b3ffb38593e545a6d2b121f82db2cd943284427086d0cf851e6f78aa712bf
Atlassian SourceTree 2.5c Command Execution
Posted May 22, 2017
Authored by Yu Hong

Atlassian SourceTree versions 2.5c and below suffer from a command injection vulnerability. This advisory gives a ridiculously small amount of information regarding the issue itself.

tags | advisory
advisories | CVE-2017-8768
SHA-256 | e2a767420fa68c4a02c5ef67ce359c7a39caef6bd52157da4e47059779e79f74
DAVOSET 1.3.3
Posted May 22, 2017
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: In new version there was added support of Tor as a proxy. Based on Socks support since v.1.2 at 26.04.2014. Also there were added new services into full list of zombies and removed non-working services from it.
tags | tool, denial of service
SHA-256 | 1d0696f6d29b1273f17be4301f1c7f0214c4b515f9206ae19050d360010d08ba
Asterisk 14.4.0 Skinny Denial Of Service
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | f873e04bcb0eecc9597ab97c172b350143d8b4bc7a90a33fabc8192c71a4c519
Asterisk 14.4.0 PJSIP 2.6 Denial Of Service
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 26735dd3956e23cd86d3bfd7f09cf45b7e07e2f91f84b5f91c48da4e3976b767
Asterisk 14.4.0 PJSIP 2.6 Heap Overflow
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 with PJSIP version 2.6 suffers from a heap overflow vulnerability in CSEQ header parsing.

tags | exploit, overflow
SHA-256 | 96d2411683190b99bf76dad788720f5b886c567643bf4124f892badaecf39a31
VMWare Horizon 5.4 DLL Hijacking
Posted May 22, 2017
Authored by Owais Mehtab, Tayeeb Rana

VMWare Horizon client version 5.4 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 05cb35186f2e5f6b2221c1ab68f277a67270ad790351e64db88411655e075325
HP SimplePass 8.x Local Privilege Escalation
Posted May 22, 2017
Authored by Rehan Ahmed

HP SimplePass versions 8.00.49, 8.00.57, and 8.01.46 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | ed0ba43506d010e8c28aee71c085c7b2aa863c572c95d00e7bb69bb5b2d1abdb
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close