Debian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.
82f7dc777ed288bd4614a107d13dbf01Aerohive AP340 HiveOS versions prior to 6.1r5 suffers from a local file inclusion vulnerability that allows for remote code execution.
23f7f0efaf290260644702d2fc4ec176HP PageWide and OfficeJet Pro printers suffer from an arbitrary code execution vulnerability.
a8e3c5652705c68dd39f5cc06033ff1eGoogle Chrome V8 private property arbitrary code execution exploit.
1e4aedd6967c580b0f8730f077203977Logpoint versions prior to 5.6.4 suffer from an unauthenticated root remote code execution vulnerability.
14ffb04867769127d6cce81e8bf12416IPFire version 2.19 suffers from a remote code execution vulnerability.
07501206610f720cf49a0aa2c7c43c0bHP Security Bulletin HPESBUX03759 1 - Potential security vulnerabilities have been identified in HPE HP-UX CIFS server using Samba. The vulnerabilities can be exploited remotely to allow authentication bypass, code execution, and unauthorized access. Revision 1 of this advisory.
70b2f0b10396b6408e75b0caa2c10d63On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.
0e04e472a5f9e98389f5f1e13ec2bf50Home Web Server version 1.9.1 build 164 suffers from a remote code execution vulnerability.
348747640730fcabaf3acc2d3b4ed476Red Hat Security Advisory 2017-1390-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
55c70f2d912f6723c0088653bd802993Parallels Desktop version 12.2.0 and below suffer from a vulnerability that allows remote file sharing to be leveraged against the host operating system for arbitrary code execution.
69a4be4fd7692e5549456f998744139aSamba versions 3.5.0 through 4.4.14, 4.5.10, and 4.6.4 is_known_pipename() remote code execution exploit.
c2c66a5bb051e948f784722c97b5b28dOV3 Online Administration version 3.0 suffers from an authenticated remote code execution vulnerability.
4836439cfaece2fea647cf5c5b5bc314KEMP LoadMaster version 7.135.0.13245 suffers from persistent cross site scripting and remote code execution vulnerabilities.
05f5ea97f61f9b6d72385ba9076f9126Trend Micro Deep Security version 6.5 suffers from XML external entity injection, local privilege escalation, and remote code execution vulnerabilities.
14d6ad8c29d1b68a5710f229a32f0da6TerraMaster F2-420 NAS TOS version 3.0.30 suffers from an unauthenticated remote root code execution vulnerability.
2719a3913cd96f69928a95ca4f994342Ubuntu Security Notice 3303-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
5bef6c3431fc241e7202efca881ef4deWebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.
b14cd9d7fa2fef7e690a45930f9d4746HP Security Bulletin HPESBHF03751 1 - A potential vulnerability in HPE Aruba AirWave Glass 1.0.0 and 1.0.1 could be remotely exploited to allow remote code execution. Revision 1 of this advisory.
7ca551d4e6257bb6a081772f154ac71aSamba version 3.5.0 remote code execution exploit. Written in python.
41ffefbd48bcfa44529690cb6def4f0dRed Hat Security Advisory 2017-1273-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
a5c35c931da0132252fc9ee55a715e33Red Hat Security Advisory 2017-1270-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
9cc4ca59c5a615f17f06510220042224Red Hat Security Advisory 2017-1271-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
f9c993e55c6a3a152927e0c5dea4dcf0Red Hat Security Advisory 2017-1272-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.
43908ff1724829b62333098835788917Pegasus version 4.72 build 572 suffers from a mailto link remote code execution vulnerability.
62206811a23bfaf378f90ac03ede6589
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed