what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-07-12 to 2017-07-13

RSA Authentication Manager Brute Force
Posted Jul 12, 2017
Site emc.com

RSA Authentication Manager 8.2 SP1 Patch 2 contains a fix for a brute force PIN-guessing vulnerability. This Self-Service Console vulnerability could potentially be exploited by malicious users and would impact a victim's ability to access protected resources. It requires that the victim's Self-Service Console credentials were compromised.

tags | advisory
advisories | CVE-2017-8006
SHA-256 | 77aa2d399d4cb516fc5ff38029d6ead28e25e859e723af948bdbc87aeb25d0fe
EMC Undocumented Accounts
Posted Jul 12, 2017
Authored by rgod | Site emc.com

EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R for SAS Solution Packs contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

tags | advisory, remote, web, arbitrary
advisories | CVE-2017-8011
SHA-256 | e6415f53d783cf4db0e45411c0e289224a93bbb7336828a9a2b204e38467e23e
Red Hat Security Advisory 2017-1739-01
Posted Jul 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1739-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2017-7400
SHA-256 | e18207687de7f35cadfe4c6e890cdbe4b2626ac0b5f418ff6563f33d68af607f
iSmartAlarm Backend Server-Side Request Forgery
Posted Jul 12, 2017
Authored by Ilia Shnaidman

iSmartAlarm Backend suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2017-7727
SHA-256 | da804f19d05a661b73dd051be5f3a1581b11b2858fec1fe0e6c21ddf2edf9c84
iSmartAlarm CubeOne Missing SSL Certificate Validation
Posted Jul 12, 2017
Authored by Ilia Shnaidman

iSmartAlarm CubeOne fails to validate the server-side SSL certificate.

tags | advisory
advisories | CVE-2017-7726
SHA-256 | 6f8db5b3ece4e1e602b85d195adbc5b0e5b4dbdf942a6229d0ec3960d6e2bdde
rack-cors Missing Anchor
Posted Jul 12, 2017
Authored by Jens Mueller

A missing anchor in generated regex for rack-cors versions prior to 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.

tags | advisory
SHA-256 | 9e2393521935f0c2d55d8bbcb87e105d1c088b74bf965cd2698351eafce20ff4
AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials
Posted Jul 12, 2017
Authored by T. Weber | Site sec-consult.com

AGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b2200472eb599e2f158bdd515a5c8503aba40b07de1704b509cb4ab9af230c5d
Red Hat Security Advisory 2017-1731-01
Posted Jul 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1731-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
SHA-256 | 47f596bc7cb8b676a218eaad3de2cb4954dcc684d71f83033193a1d46a52a6a8
IBM Informix 12.10 DB-Access Buffer Overflow
Posted Jul 12, 2017
Authored by Leon Juranic, DefenseCode, Bosko Stankovic

IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to insert data from an operating-system file into an existing table or view. Version 12.10 is affected.

tags | exploit, overflow, arbitrary
SHA-256 | 7242df27de9624e0c0b57ed3ef055069c110005a841ad63815fe50406c581c74
ObjectPlanet Opinio 7.6.3 Cross Site Scripting
Posted Jul 12, 2017
Authored by Kasper Karlsson

ObjectPlanet Opinio versions 7.6.3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-10798
SHA-256 | 1ec0215ae742091f21c37eeb17032a074dc5191ea8941b52c6a34d5e36556cda
Red Hat Security Advisory 2017-1721-01
Posted Jul 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1721-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.

tags | advisory, remote, web, protocol
systems | linux, redhat
advisories | CVE-2016-8743
SHA-256 | 501f1a9e83c4d2a57f85a6319ff08f4cb39c3fe24d17c131138eb29c3b23deb5
Red Hat Security Advisory 2017-1715-01
Posted Jul 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1715-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-7895
SHA-256 | 62efaa9fb5dc8f8fb6a0946ee053ae58a6deca0ba51a9b5cb405c0f101600a45
Red Hat Security Advisory 2017-1723-01
Posted Jul 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-7895
SHA-256 | 0dc240c457b2a7a130cf637c2ed5bdf468bb619dfe9e8b60997711285085985d
DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure
Posted Jul 12, 2017
Authored by Nassim Asrir

DataTaker DT80 dEX version 1.50.012 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2017-11165
SHA-256 | 048568e8d903730e1c7a71509f06b027e564960e8dac311671ebcf6ca565d868
VMware Horizon's macOS Client Code Injection
Posted Jul 12, 2017
Authored by Florian Bogner

VMware Horizon's macOS client versions prior to 4.5 suffer from a code injection vulnerability.

tags | advisory
advisories | CVE-2017-4918
SHA-256 | f66d718ae51d75bdcc8a8fa9026bde7c7516f85ea2777a8579d4c319165f6016
RaidenHTTPD 2.0.44 User-Agent Cross Site Scripting
Posted Jul 12, 2017
Authored by sultan albalawi

RaidenHTTPD version 2.0.44 suffers from a cross site scripting vulnerability via the user-agent header.

tags | exploit, xss
SHA-256 | 4e5fb1d12824277e2c16c01b1e20fc64700a011ff335cb5fd70e538478517c43
xfrm Out-Of-Bounds Read
Posted Jul 12, 2017
Authored by bo Zhang

When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not check dir value of xfrm_userpolicy_id. This will cause out of bound access to net->xfrm.policy_bydst in policy_hash_direct func and others when dir value exceeds XFRM_POLICY_MAX. Linux kernel versions 4.12 and below are affected.

tags | advisory, kernel
systems | linux
SHA-256 | b19c3f5d900e2c98a719a1ba12c9f79494c5c8cd41263ce11198720a5851bd92
Microsoft Security Bulletin CVE Update For July, 2017
Posted Jul 12, 2017
Site microsoft.com

This Microsoft bulletin summary lists multiple CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2016-3305, CVE-2017-0292, CVE-2017-8543
SHA-256 | e9765dadc7ef22691f545d5d5ec8511307562284cfbd01acee88de6e21d6a058
Microsoft Security Bulletin Summary For July, 2017
Posted Jul 12, 2017
Site microsoft.com

This bulletin summary lists 64 released Microsoft security bulletins for July, 2017.

tags | advisory
SHA-256 | 7bf2ccfe213585733efeeea542eb9ffafdbfcf2e4c3f9c1f928062288579f4f5
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    21 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close