seeing is believing
Showing 76 - 100 of 426 RSS Feed

Files Date: 2017-06-01 to 2017-06-30

Gentoo Linux Security Advisory 201706-24
Posted Jun 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-24 - Multiple vulnerabilities have been found in jbig2dec, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 0.13-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-9601
MD5 | 8059d7bf1578b878d2aafde68ebb4348
Microsoft Security Bulletin CVE Update For June, 2017
Posted Jun 23, 2017
Site microsoft.com

This Microsoft bulletin summary lists one CVE that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-8558
MD5 | 194b919141c916c084087ab2c632a94c
WordPress FormCraft Basic 1.0.5 SQL Injection
Posted Jun 23, 2017
Authored by r0m3r0, Seyyed Amir Hossein Mir Hosseini

WordPress FormCraft Basic plugin version 1.0.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | ab956807aad6b5f6d6ddd7dec71ed759
Microsoft Security Bulletin CVE Update For June, 2017
Posted Jun 23, 2017
Site microsoft.com

This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2017-0173, CVE-2017-0193, CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, CVE-2017-0219, CVE-2017-0282, CVE-2017-0283, CVE-2017-0284, CVE-2017-0285, CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-0291, CVE-2017-0292, CVE-2017-0294, CVE-2017-0295, CVE-2017-0296, CVE-2017-0297, CVE-2017-0298, CVE-2017-0299, CVE-2017-0300, CVE-2017-8460, CVE-2017-8462, CVE-2017-8464, CVE-2017-8465, CVE-2017-8466
MD5 | a7ea1e3d1dab53dbf750cd56ec6c758b
Cisco Prime Infrastructure 3.1.6 XXE Injection / XSS / LFD / SQL Injection
Posted Jun 22, 2017
Authored by P. Morimoto | Site sec-consult.com

Cisco Prime Infrastructure versions 1.1 through 3.1.6 suffer from cross site scripting, XML external entity injection, file disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
systems | cisco
advisories | CVE-2017-6662, CVE-2017-6698, CVE-2017-6699, CVE-2017-6700
MD5 | a015626c21297363f1b2f3b6319821c8
Gentoo Linux Security Advisory 201706-21
Posted Jun 22, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-21 - A cache-related side channel vulnerability was found in nettle which might allow an attacker to obtain sensitive information. Versions less than 3.2-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2016-6489
MD5 | a3cbce443396e3e01768173890c30f42
Ubuntu Security Notice USN-3339-1
Posted Jun 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3339-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-6329, CVE-2017-7479, CVE-2017-7508, CVE-2017-7512, CVE-2017-7520, CVE-2017-7521
MD5 | d3cafbb3d6cf1f0190409317b5d44266
Gentoo Linux Security Advisory 201706-23
Posted Jun 22, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-23 - Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code. Versions less than 4.3.2_p20170426 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1412, CVE-2011-2764, CVE-2011-3012, CVE-2012-3345
MD5 | 4f0ee8947eb20edbfc34b50ad0edb456
Debian Security Advisory 3893-1
Posted Jun 22, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3893-1 - Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.

tags | advisory, java, arbitrary, code execution, python
systems | linux, debian
advisories | CVE-2016-4000
MD5 | b8ba5a4ab403058f5b4a58ef979ff381
Gentoo Linux Security Advisory 201706-22
Posted Jun 22, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-22 - Multiple vulnerabilities have been found in libksba which might allow remote attackers to obtain sensitive information or crash an libksba-based application. Versions less than 1.3.5 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2016-4579
MD5 | 92182dff40a0bcb25b688b2ada8caaef
SimpleRisk 20170416-001 Cross Site Scripting
Posted Jun 22, 2017
Authored by LiquidWorm | Site zeroscience.mk

SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | cc6ee041f9ef0acdd8e3fb8dbdcb6dfb
Blackcat CMS 1.2 Cross Site Scripting
Posted Jun 22, 2017
Authored by Faiz Ahmed Zaidi

Blackcat CMS version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-9609
MD5 | 668cadbe054cbbd74a06fb0a595e0503
Slackware Security Advisory - openvpn Updates
Posted Jun 22, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-7508, CVE-2017-7512, CVE-2017-7520, CVE-2017-7521, CVE-2017-7522
MD5 | cbfc8242ea06a8baac440b5d71ba2960
Kernel Live Patch Security Notice LSN-0024-1
Posted Jun 22, 2017
Authored by Benjamin M. Romer

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges.

tags | advisory, arbitrary, kernel
systems | linux
advisories | CVE-2017-1000364
MD5 | 802d5d0c1e8f0c95c047a7f9331ccb3d
DAVOSET 1.3.4
Posted Jun 22, 2017
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Support added for an XXE vulnerability in Qlikview. New services into lists of zombies and removed non-working services from lists of zombies.
tags | tool, denial of service
MD5 | d5dd78793564fb2262d358d23eee5998
Linux 4.10.1 Double-Fetch
Posted Jun 22, 2017
Authored by Pengfei Wang

Linux kernel versions 4.10.1 and below suffer from a double-fetch vulnerability.

tags | advisory, kernel
systems | linux
advisories | CVE-2017-8831
MD5 | ae616a219ada3d4187b43ded936abd80
PayPal Marketing User Enumeration
Posted Jun 22, 2017
Authored by Chamli

PayPal's Marketing Online Service suffers from a user enumeration vulnerability.

tags | exploit
MD5 | e5c3f9c104584625593cdc59eb1620ca
Vaadin 7.7.6 Cross Site Scripting
Posted Jun 22, 2017
Authored by Caleb Cushing

Vaadin version 7.7.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a18a2b3a6b79a8e884de918c1aca80f0
OffensiveCon Berlin 2018 Call For Papers
Posted Jun 22, 2017
Site offensivecon.org

OffensiveCon Berlin 2018 has announced its call for papers. It will take place February 16th through the 17th, 2018 in Berlin, Germany.

tags | paper, conference
MD5 | 32acfe671da7b738e3a0ce113154dc3d
Debian Security Advisory 3890-1
Posted Jun 21, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.

tags | advisory, remote, web, code execution
systems | linux, debian
advisories | CVE-2017-9736
MD5 | 82f7dc777ed288bd4614a107d13dbf01
Ubuntu Security Notice USN-3338-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3338-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4997, CVE-2017-1000364
MD5 | ff11a345e1bef3a88baf80b2a7e8c7b3
Ubuntu Security Notice USN-3335-2
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3335-2 - USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

tags | advisory, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000364
MD5 | 703176c01991d36308a0995357ad662b
Ubuntu Security Notice USN-3336-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3336-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-7502
MD5 | 7617cdd35e7baf76e62633c0fac373e3
Ubuntu Security Notice USN-3337-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | ea08dfb16ff10f314da98e02ad262c8a
Red Hat Security Advisory 2017-1558-01
Posted Jun 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1558-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. Security Fix: A cross-site scripting flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2017-7514
MD5 | 9c7079aa374cda833c93af1a1362e3a5
Page 4 of 17
Back23456Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close