accept no compromises
Showing 26 - 50 of 221 RSS Feed

Files Date: 2017-10-01 to 2017-10-31

Webtrekk Pixel Tracking Cross Site Scripting
Posted Oct 17, 2017
Authored by Malte Batram | Site sec-consult.com

Webtrekk Pixel Track versions 3.24 to 3.40, 4.00 to 4.40, and 5.00 to 5.04 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b3b27563cb47af66f17f10561156cccc
Red Hat Security Advisory 2017-2899-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2899-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.170. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-11292
MD5 | 02ed4445c47e4397935369732ee381d4
Red Hat Security Advisory 2017-2904-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2904-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Multiple security issues have been addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
MD5 | 2ebc502ff20b3b7a01bc99ea1dbd4320
Interspire Email Marketer Authentication Bypass
Posted Oct 17, 2017
Authored by Hakan Kusne

Interspire Email Marketer versions prior to 6.1.6 suffered from an administrative authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2017-14322
MD5 | d16b312e6faf1afda94639ee5d1222ef
Red Hat Security Advisory 2017-2906-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2906-01 - Red Hat Single Sign-On 7.1 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The Node.js adapter provides a simple module for authentication and authorization in Node.js applications. This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12158, CVE-2017-12159, CVE-2017-12160, CVE-2017-12197
MD5 | 95a32325af4c7e800d6d722a26eb8460
Ubuntu Security Notice USN-3455-1
Posted Oct 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3455-1 - Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with using key reinstallation attacks to obtain sensitive information. Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-4476, CVE-2016-4477, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | a6dc13bf6c1817ca8b6b932b33c20cda
EMC Isilon OneFS Cross Site Scripting
Posted Oct 16, 2017
Site emc.com

EMC Isilon OneFS suffers from a reflected cross site scripting vulnerability. Versions prior to 8.1.0.1, prior to 8.0.1.2, prior to 8.0.0.6, and 7.2.1.x are affected.

tags | advisory, xss
advisories | CVE-2017-8024
MD5 | cd2e806bc83685d03ee148b1019e6beb
Bro Network Security Monitor 2.5.2
Posted Oct 16, 2017
Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Bro 2.5.2 fixes a security issue in the ContentLine analyzer. In rare cases a bug in the ContentLine analyzer can lead to an out of bound write of a single byte. This allows a remote attacker to crash Bro; there also is a possibility this can be exploited in other ways.
tags | tool, intrusion detection
systems | unix
MD5 | c2de260b7592418e3f136a46a069f8d1
EMC NetWorker Buffer Overflow
Posted Oct 16, 2017
Authored by Aaron Portnoy | Site emc.com

EMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, and prior to 9.2.0.4 are affected.

tags | advisory, overflow
advisories | CVE-2017-8022
MD5 | 2d30450eaae3824296cca31643c40da1
3CX Phone System 15.5.3554.1 Directory Traversal
Posted Oct 16, 2017
Authored by Jens Regel

3CX Phone System version 15.5.3554.1 suffers from an authentication directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2017-15359
MD5 | a9779e9950c10976260d9d215e0f3f96
Microsoft Security Bulletin CVE Revision Increment For October, 2017
Posted Oct 16, 2017
Site microsoft.com

This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-13080
MD5 | e5270836babd16d59c2b2392ab9061da
Windows Kernel Pool Ntfs!LfsRestartLogFile Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

This advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11817
MD5 | f4472007f780b633aa086c20fa3c9ee8
Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11784
MD5 | e7fc69388cdf09d854702265504b52eb
Windows Kernel Pool nt!NtQueryObject Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when certain conditions are met.

tags | exploit
advisories | CVE-2017-11785
MD5 | f4f91d01df5144f04444581ce5fe7b80
Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption
Posted Oct 16, 2017
Authored by Wolfgang Ettlinger | Site sec-consult.com

Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
MD5 | 49e5b10ae54b8581b0809387e9a79239
Debian Security Advisory 3999-1
Posted Oct 16, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3999-1 - Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | 61ae28c5f354e7251a9387e75388fce0
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
Posted Oct 16, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.

tags | exploit, vulnerability, xss, csrf
MD5 | e8275ecd6d49c4502a0718560697279c
Gentoo Linux Security Advisory 201710-16
Posted Oct 16, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-16 - A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. Versions less than 4.5 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2017-12424
MD5 | c4d45ff26aae8a93b016fc209e1e6af0
Key Reinstallation: Forcing Nonce Reuse In WPA2
Posted Oct 16, 2017
Authored by Frank Piessens, Mathy Vanhoef | Site krackattacks.com

Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.

tags | paper, crypto, protocol
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | 9ae08a7eee791f7977ada5c05ba50f29
Windows x64 API Hooking Shellcode
Posted Oct 16, 2017
Authored by Roziul Hasan Khan Shifat

117 bytes small Windows x64 API hooking shellcode.

tags | shellcode
systems | windows
MD5 | 0e1f30f71a25c4a08e91b66ad4ca90de
WordPress Influencer Marketing And Press Release System 2.2 XSS
Posted Oct 16, 2017
Authored by Ricardo Sanchez

WordPress Influencer Marketing and Press Release System plugin version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bb9fd8af678bc4aeb2ce39173e2416cb
Gentoo Linux Security Advisory 201710-15
Posted Oct 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-15 - A null pointer dereference in GnuTLS might allow attackers to cause a Denial of Service condition. Versions less than 3.5.13 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2017-7507
MD5 | dbd46e99c24c841b535c05c00b35903a
HP Security Bulletin MFSBGN03786 1
Posted Oct 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03786 1 - A potential security vulnerability has been identified in the HPE Connected Backup agent. This vulnerability could be exploited locally to allow escalation of privilege. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2017-14355
MD5 | 3f40492114eb8006949961e603cd62fb
Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers
Posted Oct 14, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box.

tags | exploit
advisories | CVE-2017-11809
MD5 | 18e6e8dec6b5f143ccd448fce096def8
Microsoft Edge Chakra JIT Failed RegexHelper::StringReplace Call
Posted Oct 14, 2017
Authored by Google Security Research, lokihardt

The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating "ImplicitCallFlags". But "RegexHelper::StringReplace" calls the replace function without updating the flag. Therefore it fails to detect if a user function was called.

tags | exploit
advisories | CVE-2017-11802
MD5 | 59bdc94ef54bad4cc587d3c9269d17cb
Page 2 of 9
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    11 Files
  • 19
    Oct 19th
    3 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close