FreeBSD setrlimit stack clash proof of concept exploit.
55fb8566c8dcae52540b3d92f7a1228604de1093d9d64e40a1cebbbe5ec1f611Linux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
e3bc684fbe0cc5c683f1e0aa4b3c0294f9ee713b3f50398609a3d2677cd20406FreeBSD FGPE stack clash proof of concept exploit.
2dddaf6810e24694581a3d0559ab7f60f9bdef61855acef6f9cdc6c393b35315FreeBSD FGPU stack clash proof of concept exploit.
fa4055aa1f668bb096eafa433dace0e75f81c48fefa47f2d5271474380116c6bOracle Solaris versions 11.1 and 11.3 rsh local privilege escalation stack clash exploit.
d6fc2124ab39b596a408ba197a8da71c03b284c1dac54ac107cc4d471c892d32This Metasploit module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session is reused, even though it has previously been freed. This Metasploit module supports 3 specific versions of the Backup Exec agent in the 14, 15 and 16 series on 64-bit and 32-bit versions of Windows and has been tested from Vista to Windows 10.
18615ac29398d7f2d7f4f16eff1790cc387a69c2808a4e6bb7a5632253c7e45fThe Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
0bc2dbf6d87b6049a30cf872cd58cbce1c72539afcf4cc3fcb3c44514b701ed1Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
1011f2188afe2cfa015134b365c225eb892ed298b59a2beb4cc63a8e09cdc1b0VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.
a4d0a8672e720b49dae2fef3ee2fa48acda55214ead9237b46537b91eade0b32Ubuntu Security Notice 3345-1 - USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
4fad8a2d68a376e72996bff518accee987d6531fbdbaade3e1a8aafe24ebd666Ubuntu Security Notice 3344-2 - USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.
ec10468c5bcc0374a009d044a4736922434eb7ade1b26c45c16cecb020b07cafUbuntu Security Notice 3344-1 - USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
a4f0efc2b95ce1da0e5cacbafafb82858ba2e9f6956f158428863e22f80ea6d3Ubuntu Security Notice 3342-1 - USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
02f110dbf3f133d2c7e542623023dfb8fc8045b5c5147b836e889becc448b849Ubuntu Security Notice 3343-1 - USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
9ea59fe7184daae4dabc3d41854293f31717e8ced346b9507f46908a71b2ba14Ubuntu Security Notice 3343-2 - USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. USN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.
f56a67ded25cba5991da6e27ed05f27e72923a50d6768bc40e175e9410f6a869Ubuntu Security Notice 3338-2 - USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix for CVE-2017-1000364 introduced regressions for some Java applications. This update addresses the issue. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
5a99af3894c4fc090fac2baaecc7fd883c01e2ad021d13522a1c7fa248f1aaf7NetBSD stack clash proof of concept exploit.
79d2a60bd57d2106ec864e90aa5a2a7fafd9984de7938980ff4f491b72819769Red Hat Security Advisory 2017-1658-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. Multiple security issues have been addressed.
50aa060f98da6b1e50308b6d01277a2a6b359083f0c8bbb7e34abde4dcebe506Red Hat Security Advisory 2017-1599-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
534a661506144dd1d7c4748a4b8038a02eb473ba1ffd28cb7cbe641a049f56eeRed Hat Security Advisory 2017-1598-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a later upstream version: python-django-horizon. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.
559e51a6b19aaa61c99248ccbdb1fcb845ea12e44cd8b4a143d495ee7d1395c1Red Hat Security Advisory 2017-1597-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. The following packages have been upgraded to a later upstream version: openstack-keystone. Multiple security issues have been addressed.
7ce5a937781538a68f366244f4d415c9484ec8458131eb303ef5866f6bf3a4f0Red Hat Security Advisory 2017-1596-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a later upstream version: python-django. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
d0e6a85be46c7aeefb2e61f70abc77ca2dd2e25ace97d6cacede77e48678e993Red Hat Security Advisory 2017-1659-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release includes bug fixes as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Multiple security issues have been addressed.
b063190fd710dc1e98b42fc46ea97b54f3b495147b0d0c8c6dc8b32e46110a6dRed Hat Security Advisory 2017-1595-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. python-novaclient is the python client for the OpenStack Nova API. The client's Python API and command-line script both implement 100% of the OpenStack Nova API. The following packages have been upgraded to a later upstream version: python-novaclient, openstack-nova.
330df04280f7d7f7159a8e3468ba074f1edea700e2d331a76319fccf22b8fe8cRed Hat Security Advisory 2017-1584-01 - OpenStack Workflow groups multiple OpenStack tasks into workflows. Red Hat OpenStack Platform uses these workflows to perform common functions, including bare-metal node control, validations, plan management, and overcloud deployment. The following packages have been upgraded to a later upstream version: openstack-mistral. Security Fix: An accessibility flaw was found in the OpenStack Workflow service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
83b83656626fa8b3b9b1b2ec988a662459fce6b1f729349623b89d60262c5bcc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed