all things security
Showing 1 - 25 of 236 RSS Feed

Files Date: 2017-10-01 to 2017-10-31

ZKTime Web Software 2.0 Insecure Direct Object Reference
Posted Oct 20, 2017
Authored by Arvind V

ZKTime Web Software version 2.0 suffers from an insecure direct object reference vulnerability.

tags | exploit, web
advisories | CVE-2017-14680
MD5 | b777dd4813f975f9032626bc736f801a
ZKTime Web Software 2.0 Cross Site Request Forgery
Posted Oct 20, 2017
Authored by Arvind V

ZKTime Web Software version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2017-13129
MD5 | f8c4d4b15229d25be5aec0554197f32d
Red Hat Security Advisory 2017-2998-01
Posted Oct 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2998-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
MD5 | 9b1e84c860529e0f38c32ad7686287f4
Red Hat Security Advisory 2017-2997-01
Posted Oct 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2997-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.62. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133
MD5 | b2470576425eef21d5ed10492bfe0a9c
Debian Security Advisory 4003-1
Posted Oct 20, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4003-1 - Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify (and related) parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned off and ignoring any errors while validating the server certificate.

tags | advisory
systems | linux, debian
advisories | CVE-2017-1000256
MD5 | 69848289fe0c4ca73f392494649ad6a5
Debian Security Advisory 4002-1
Posted Oct 20, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4002-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384
MD5 | f2c725729bb0242ef87846c5c977af61
Mozilla Firefox Username Denial Of Service
Posted Oct 20, 2017
Authored by Amit Sangra

Mozilla Firefox versions prior to 55 suffer from a long username denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-7783
MD5 | d045383f0ddfecdc908bd3897dc709ce
Red Hat Security Advisory 2017-2972-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2972-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2017-12171, CVE-2017-9798
MD5 | e64652074e2e5759339d4e7268697da3
Red Hat Security Advisory 2017-2966-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2966-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The ansible packages have been upgraded to upstream version 2.4.0, which provides a number of bug fixes and enhancements over the previous version. For more information, please see the Ansible 2.4 Porting Guide linked in the References section.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-7550
MD5 | 1d8210224bcc1be47f0e774b00032111
Red Hat Security Advisory 2017-2931-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2931-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | c1dbd6840e2e16c4205c17a6e62ec9fa
Red Hat Security Advisory 2017-2930-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2930-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | bde81e8df0854f9e0da92d2d031727b7
FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
Posted Oct 19, 2017
Authored by Mathy Vanhoef | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | dd1ceecd8830ca90a5666d6a9425ade7
Red Hat Security Advisory 2017-2918-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2918-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-14340, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | 8518b2d326398c1a3d949f4ea8241046
Xen Unbounded Recursion In Pagetable De-Typing
Posted Oct 19, 2017
Authored by Google Security Research, jannh

Xen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address.

tags | exploit
MD5 | 7b0613bdfa02a772faa0631e1daf6f95
Hacksys Extreme Vulnerable Windows Driver Analysis Part 1
Posted Oct 19, 2017
Authored by Alireza Chegini

Whitepaper called Hacksys Extreme Vulnerable Windows Driver Analysis. Part 1 of a series. Written in Arabic.

tags | paper
systems | windows
MD5 | c6aaef0e16af84719f2f55fdbf70e8db
Suricata IDPE 4.0.1
Posted Oct 18, 2017
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This is regular bug fix release fixing various issues. Also added is much improved Napatech support.
tags | tool, intrusion detection
systems | unix
MD5 | d05b323b2554e02678dfc896bb7cc6e7
Microsoft Windows GDFMaker 6.3.9600.16384 XXE Injection
Posted Oct 18, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows Game Definition File Editor (GDFMaker) version 6.3.9600.16384 suffers from an XML external entity injection vulnerability.

tags | exploit
systems | windows
MD5 | c7d0ae4a7bf14a2d1e2cae2ae115040a
WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption
Posted Oct 18, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ has had numerous security vulnerabilities addressed including arbitrary code execution, memory corruption, cookie theft, and various other issues.

tags | advisory, arbitrary, vulnerability, code execution
advisories | CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142
MD5 | 40a14f9ee80a9b6a0dd89788c1f7de76
Apache Solr 7.0.1 XXE Injection / Code Execution
Posted Oct 18, 2017
Authored by Michael Stepankin, Olga Barinova

Apache Solar version 7.0.1 suffers from XML external entity injection and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2017-12629
MD5 | c5a11c70eb9d20e9abf2fb6d5efc3959
Slackware Security Advisory - xorg-server Updates
Posted Oct 18, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187
MD5 | a5944f967d76efcd420fdad9ca39f446
Slackware Security Advisory - wpa_supplicant Updates
Posted Oct 18, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | 5f30c98ca9d6706d0dad1a1ee2ac2c01
Slackware Security Advisory - libXres Updates
Posted Oct 18, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libXres packages are available for Slackware 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1988
MD5 | 9b1fcaf6f1c53a47e74bb4db4e95bd71
Red Hat Security Advisory 2017-2913-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2913-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-tough-cookie. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2017-15010
MD5 | 1bb4f60348aca969b49b49177bbb559a
Red Hat Security Advisory 2017-2912-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2912-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs-tough-cookie. Security Fix: Regular expression denial of service flaws were found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2016-1000232, CVE-2017-15010
MD5 | b34cf10bfe50a5eec139fcbdbb2d214d
Red Hat Security Advisory 2017-2911-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2911-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087
MD5 | 827665e961e348671c6b78cd391318d4
Page 1 of 10
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close