what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-12-14 to 2017-12-15

Red Hat Security Advisory 2017-3470-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3470-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | efb4335c9408229c495f95ad12044120be9a1e15087a66ae9adce3583c29740d
Gentoo Linux Security Advisory 201712-01
Posted Dec 14, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-1 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Versions less than 2.18.3 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
SHA-256 | 32a6a6bff020e5e331002d89377e2a56a25905507ff282e33df24d6f1ef4e1de
Red Hat Security Advisory 2017-3463-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3463-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2017-15041, CVE-2017-15042
SHA-256 | 34fc4cb4409bacd861fabab79b86a4ada6ca60f08cdf7237d43f8b4401e9eae2
Red Hat Security Advisory 2017-3471-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3471-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | 6c949e978f3129a4fa9524d05a3e6a59fc158b36609c374f54dd21fcdd7bb992
Debian Security Advisory 4064-1
Posted Dec 14, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4064-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2017-15407, CVE-2017-15408, CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15413, CVE-2017-15415, CVE-2017-15416, CVE-2017-15417, CVE-2017-15418, CVE-2017-15419, CVE-2017-15420, CVE-2017-15423, CVE-2017-15424, CVE-2017-15425, CVE-2017-15426, CVE-2017-15427
SHA-256 | 7d0e4cd3d3c5dd5c3b29957e44a289f54af873db69adb1158d9dff1610da210b
Microsoft Office DDE Payload Delivery
Posted Dec 14, 2017
Authored by Mumbai | Site metasploit.com

This Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server.

tags | exploit, web
SHA-256 | c78e1c6fecbebe56444e1bea5963cf977f091c6e851633f4e7b05b3de8fff37b
Asterisk Project Security Advisory - AST-2017-012
Posted Dec 14, 2017
Authored by Joshua Colp, Tzafrir Cohen, Vitezslav Novy | Site asterisk.org

Asterisk Project Security Advisory - If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash.

tags | advisory
SHA-256 | ad570e142eb4ed64ce1d02cb9f2d12edb9da7bbfbc9262b5c740e7b5ad1dc490
WordPress WooPay Inicis 1.1.3 Cross Site Scripting
Posted Dec 14, 2017
Authored by Ricardo Sanchez

WordPress WooPay Inicis plugin version 1.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8f5e2628d12376dd320e1b0adaf823b98f0f5181d77ec8bcf44e0693143102d9
WordPress WordApp Mobile 2.0.3 Cross Site Scripting
Posted Dec 14, 2017
Authored by Ricardo Sanchez

WordPress WordApp Mobile App plugin version 2.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3676a99218434ed451a6b893a3010c3d8dc84c177e96d5d6bfc67c5dc5a1f3e1
WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting
Posted Dec 14, 2017
Authored by Ricardo Sanchez

Wordpress Qiniu Cloudtuchuang (七牛云图床) plugin version 1.8 is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

tags | exploit, xss
SHA-256 | f4bd2905852b0a1b3ce77319befd9d8b6de05261e4c403b77caaa24f86ee7186
Red Hat Security Advisory 2017-3458-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3458-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.1.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2016-4993, CVE-2016-5406, CVE-2016-6311, CVE-2016-7046, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656, CVE-2016-9589, CVE-2017-12165, CVE-2017-12167, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670, CVE-2017-7525, CVE-2017-7536, CVE-2017-7559
SHA-256 | a6bc536fb4e9a0a5347c1f3d161bd02b0c46b316d4a5e926a1fc2455bbb97398
Red Hat Security Advisory 2017-3455-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3455-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2016-4993, CVE-2016-5406, CVE-2016-6311, CVE-2016-7046, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656, CVE-2016-9589, CVE-2017-12165, CVE-2017-12167, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670, CVE-2017-7525, CVE-2017-7536, CVE-2017-7559
SHA-256 | eb03f49d76de756a7684d3922ce2c0add51cd14586df2064a9bd1e0d59a01ffc
Red Hat Security Advisory 2017-3454-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3454-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2016-4993, CVE-2016-5406, CVE-2016-6311, CVE-2016-7046, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656, CVE-2016-9589, CVE-2017-12165, CVE-2017-12167, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670, CVE-2017-7525, CVE-2017-7536, CVE-2017-7559
SHA-256 | 12cf1837656dfd68a114723efd474d6ce65db36dfdd284c5ac3bfd17e3d2b387
Red Hat Security Advisory 2017-3456-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3456-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2016-4993, CVE-2016-5406, CVE-2016-6311, CVE-2016-7046, CVE-2016-7061, CVE-2016-7066, CVE-2016-8627, CVE-2016-9589, CVE-2017-12165, CVE-2017-12167, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670, CVE-2017-7525, CVE-2017-7536, CVE-2017-7559
SHA-256 | 28a3ebd18bae2ae54a432880cb23717b5cd055b67867d19ac18aa8f011ca235d
Red Hat Security Advisory 2017-3453-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3453-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345
SHA-256 | 5cdbf5273d807c44144081264433f64aca62c27845caebf77dc83aeda8dbc521
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close