exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 151 - 175 of 389 RSS Feed

Files Date: 2017-05-01 to 2017-05-31

Asterisk Project Security Advisory - AST-2017-004
Posted May 20, 2017
Authored by Sandro Gauci, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with chan_skinny enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet does not detect that the call to read() returned end-of-file before the expected number of bytes and continues infinitely. The partial data message logging in that tight loop causes Asterisk to exhaust all available memory.

tags | advisory, remote
SHA-256 | 8d5f47cf0e67ce5864a2b2a4177e62f386b1d90a8d45c93551e617023efa518c
Asterisk Project Security Advisory - AST-2017-003
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.

tags | advisory
SHA-256 | dffc64dd4e5928c9a21df82604d70762c92068e2145f6bc7293d2eb080f35bbc
Asterisk Project Security Advisory - AST-2017-002
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

tags | advisory, remote, overflow
SHA-256 | 60ef218a0c056d6aec0776e903fa217b0958d9a103decc2e014f49f5d98412d9
Microsoft Security Bulletin Revision Increment For May, 2017
Posted May 20, 2017
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-0223
SHA-256 | e9644ba34af5fc468f284a8211f278b9180d4ad29b4398daec9fe8adb57be2f5
Google I/O 2017 Android Man-In-The-Middle
Posted May 20, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Google I/O 2017 application for Android versions prior to 5.1.4 suffer from a man-in-the-middle vulnerability.

tags | advisory, info disclosure
advisories | CVE-2017-9045
SHA-256 | 1fa0559e9edae7e21ef67d5f155d2d2b4db4d4651ee541249e1393abaf366ace
HP SiteScope 11.32 Remote Code Execution
Posted May 20, 2017
Authored by Harrison Neal

In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.

tags | advisory, java, remote, code execution
SHA-256 | 52544054868c2ef0c003c8317520227934d8c939f448bb6d5e4d362256c9015c
Debian Security Advisory 3856-1
Posted May 19, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3856-1 - Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).

tags | advisory, web, vulnerability, csrf
systems | linux, debian
advisories | CVE-2017-7178, CVE-2017-9031
SHA-256 | ffd4b2a7a8f00187b94f35a5055d76e483f4645d61a3bcd2ed54463b4ab27be8
HPE Security Bulletin HPESBGN03748 1
Posted May 19, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03748 1 - A potential security vulnerability has been identified in HPE Cloud Optimizer. The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2017-8944
SHA-256 | 7483e63110b0bf1c8c541a2f924bb2bf09ca0c60d99d6ea43f0e7571351d4d97
Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor
Posted May 19, 2017
Authored by Ian Ling

Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.

tags | exploit
advisories | CVE-2015-0936
SHA-256 | 19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169
Western Digital TV Media Player 1.03.07 LFI / CSRF / File Upload
Posted May 19, 2017
Authored by Fikri Fadzil, Wan Ikram | Site sec-consult.com

Western Digital TV Media Player version 1.03.07 suffers from file upload, local file inclusion, cross site request forgery, private key issue, remote SQL injection, and other vulnerabilities.

tags | advisory, remote, local, vulnerability, sql injection, file inclusion, file upload, csrf
SHA-256 | 385687d49d2c40482bc4095866410a41b9a17b1428c065bcb0a4be85c09e9a45
Red Hat Security Advisory 2017-1256-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1256-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
SHA-256 | 66a0b9ebd91f3d58b18c164ce18f959b822d47b029a739de04202319a8322641
Red Hat Security Advisory 2017-1253-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1253-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
SHA-256 | 5a4ec3b1227c9241673259dff46a3a8629ad441ccc88aaeb18290d488426c5d1
Red Hat Security Advisory 2017-1259-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1259-01 - Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fix: It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7470
SHA-256 | 42ce9b171df841e7dba3df7165abf9639f62c061e6efdad41a6d0829ddcebc04
Ubuntu Security Notice USN-3275-3
Posted May 19, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3275-3 - USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.

tags | advisory, java, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
SHA-256 | b6267488b59a31e9e6e0acbee223e59d7a111c146fc457952a554fc22c390435
Ubuntu Security Notice USN-3295-1
Posted May 19, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3295-1 - It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10249, CVE-2016-10251, CVE-2016-1867, CVE-2016-2089, CVE-2016-8654, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560, CVE-2016-9591
SHA-256 | b62194c8b668f64ae29e7257348391b5c012a8addd0decc9b4f7c298876675a3
Red Hat Security Advisory 2017-1255-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1255-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
SHA-256 | 908877da3f1cfc9dfca69965316818a94445a7d83eafed2908514e284a7b6ae4
Red Hat Security Advisory 2017-1260-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1260-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.15. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
SHA-256 | f8dede59460b3e91131da210ce201d95cfb51359708c5aedfa61beace085aa8c
Red Hat Security Advisory 2017-1254-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1254-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
SHA-256 | 4a6d3b6826b17d73c6e89756d374ffc7b8d743c626ed1841cace3e0cb5b75665
Kodak InSite 8.0 Cross Site Scripting
Posted May 19, 2017
Authored by Ricardo Sanchez

Kodak InSite versions 6.5. through 8.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | edfdb5072d2100ae5816327aa1047bf156b40a14eb41a16b1e0dfe93a6055864
Nixauditor CIS Script 1.1
Posted May 19, 2017
Authored by Alfie | Site the-infosec.com

Nixauditor is a script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines.

Changes: Audit script enabling user to audit Kernel info, Kernel versions, Specific release information, Current user/group info, Users that have previously logged onto the system, All users and uid/gid info. General CIS Checks (over 100 security checks).
tags | tool
systems | linux, unix
SHA-256 | c895b4f499689b377e4a2360b02832996b972639b6e2ed8b1a1c145eefa9cfa1
WhatsApp Failure To Delete
Posted May 19, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

WhatsApp Messenger for Android does not delete sent and received files from the SD card on the device when chats are cleared, deleted or the application is uninstalled from the device. Additionally, the application stores sent and received files in the SD card without encryption where they are accessible to any applications with storage permissions.

tags | advisory
advisories | CVE-2017-8769
SHA-256 | 33e5802bd2f7506103d2ccc503733ef058009d057af1f25c56e0615d0d99772f
Belden GarrettCom 6K / 10KT Bypass / Disclosure / Buffer Overflow
Posted May 19, 2017
Authored by David Tomaschik

Belden GarrettCom 6K and 10KT series suffer from suffers from buffer overflow, authentication bypass, information disclosure, and other vulnerabilities.

tags | exploit, overflow, vulnerability, info disclosure
SHA-256 | 49d1717295169be58fe33b4c7d8306f29f0d9e8f045dbaf9cda485d36d3f2e48
Ubuntu Security Notice USN-3291-2
Posted May 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3291-2 - USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific processors and cloud environments. Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7187, CVE-2017-7261, CVE-2017-7294, CVE-2017-7616
SHA-256 | f3e4d664cf8dd366e7bc5377123017cb95774c649163d1560d36a4167521a917
Red Hat Security Advisory 2017-1244-01
Posted May 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1244-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-7466, CVE-2017-7481
SHA-256 | 3429392f5b616768d19c2fc020ae31066a385e1385c90e913e643e01d4c2354d
Ubuntu Security Notice USN-3294-1
Posted May 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3294-1 - Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local, root, bash
systems | linux, ubuntu
advisories | CVE-2016-0634, CVE-2016-7543, CVE-2016-9401, CVE-2017-5932
SHA-256 | f45d68112bea29f65c3632f3d6b8227dff94e29452d9f3d29a6943cc82cb3905
Page 7 of 16
Back56789Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close