seeing is believing
Showing 1 - 25 of 12,616 RSS Feed

Local Files

FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIP Systems thermal cameras have an issues where Input passed through several parameters is not properly verified before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files from local resources.

tags | exploit, arbitrary, local
MD5 | 4332adce3a8ca1290398c21e9a461f0e
Gentoo Linux Security Advisory 201709-20
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-20 - A vulnerability in Postfix may allow local users to gain root privileges. Versions less than 3.1.6 are affected.

tags | advisory, local, root
systems | linux, gentoo
MD5 | 52755bd8a08016b2a85cec49eaaf5015
Gentoo Linux Security Advisory 201709-19
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-19 - A vulnerability in Exim may allow local users to gain root privileges. Versions less than 4.89-r1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000369
MD5 | c4cda9020eacdc18314d460e10c57921
Kernel Live Patch Security Notice LSN-030-1
Posted Sep 19, 2017
Authored by Benjamin M. Romer

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-1000251, CVE-2017-1000379, CVE-2017-10663
MD5 | f0f811c3905f66d55df59c33e5694479
Red Hat Security Advisory 2017-2760-01
Posted Sep 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2760-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2016-1583
MD5 | b0026adac8be54ca2168544c7eceabc0
Ubuntu Security Notice USN-3420-1
Posted Sep 19, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3420-1 - It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000251, CVE-2017-10663, CVE-2017-12762, CVE-2017-8831
MD5 | 50cbfd60ce8d412743faebabf34f8de2
TOR Virtual Network Tunneling Tool 0.3.1.7
Posted Sep 19, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.1.7 is the first stable release in the 0.3.1 series. With the 0.3.1 series, Tor now serves and downloads directory information in more compact formats, to save on bandwidth overhead. It also contains a new padding system to resist netflow-based traffic analysis, and experimental support for building parts of Tor in Rust (though no parts of Tor are in Rust yet). There are also numerous small features, bugfixes on earlier release series, and groundwork for the hidden services revamp of 0.3.2. Various other updates.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | ec7c9f588c9e1a42c09bcc097a1e55eb
Gentoo Linux Security Advisory 201709-11
Posted Sep 18, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-11 - Gentoo's GIMPS ebuilds are vulnerable to privilege escalation due to improper permissions. A local attacker could use it to gain root privileges. Versions less than 28.10-r1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-14484
MD5 | c88f541b6a168b9f0e88964c59cf0ef8
Gentoo Linux Security Advisory 201709-12
Posted Sep 18, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-12 - A vulnerability in module File::Path for Perl allows local attackers to set arbitrary mode values on arbitrary files bypassing security restrictions. Versions less than 5.24.1-r2 are affected.

tags | advisory, arbitrary, local, perl
systems | linux, gentoo
advisories | CVE-2017-6512
MD5 | 5620847c3a8f249a70ab67b6ec52b2b1
Ubuntu Security Notice USN-3419-1
Posted Sep 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3419-1 - It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000251, CVE-2017-7541
MD5 | 92aeaa436f6bfa57fe57572a3f55d3a8
Gentoo Linux Security Advisory 201709-05
Posted Sep 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-5 - A vulnerability in chkrootkit may allow local users to gain root privileges. Versions less than 0.50 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2014-0476
MD5 | 8e8deded30eaedbb8641385e2485f018
D-Link DIR8xx Router Firmware Upload
Posted Sep 15, 2017
Authored by embedi

D-Link DIR8xx routers suffer from a local firmware upload vulnerability.

tags | exploit, local, file upload
MD5 | cc414650b83164712d221b4de5b2d70f
Ubuntu Security Notice USN-3417-1
Posted Sep 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3417-1 - Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover Curve25519 private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-0379
MD5 | b53dce0804742619a936c13440f279b6
Red Hat Security Advisory 2017-2726-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2726-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. The following packages have been upgraded to a later upstream version: instack-undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | c60547b616ffff98053808d20f48c25e
Red Hat Security Advisory 2017-2693-01
Posted Sep 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2693-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | fd2e420f322e9ae9ae549aa78a8d6559
Red Hat Security Advisory 2017-2687-01
Posted Sep 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2687-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth .

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | 2342b8b7b1ca08c0a3b76053b00d585b
WiseGiga NAS CSRF / LFI / Command Execution
Posted Sep 11, 2017
Authored by Pierre Kim

WiseGiga NAS suffers from cross site request forgery, local file inclusion, command execution, and default credential vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 047939def71293ad9bd51f3067e33736
Red Hat Security Advisory 2017-2649-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2649-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. The following packages have been upgraded to a later upstream version: instack-undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | 48816aa15d562c358a7c782fae623777
Kernel Live Patch Security Notice LSN-0029-1
Posted Aug 30, 2017
Authored by Benjamin M. Romer

It was discovered that the Linux kernel did not honor the UEFI secure boot mode when performing a kexec operation. A local attacker could use this to bypass secure boot restrictions. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2015-7837, CVE-2017-7495
MD5 | e1cdddf8c51cfb6dc9e25a8466744db4
Red Hat Security Advisory 2017-2557-01
Posted Aug 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2557-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth .

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | eb6549b47b20bcfae458faf55439236f
Ubuntu Security Notice USN-3406-2
Posted Aug 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3406-2 - USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7914, CVE-2017-7261, CVE-2017-7273, CVE-2017-7487, CVE-2017-7495, CVE-2017-7616
MD5 | bcb9b54a8a5556c6daf2c16f77e97ad7
Ubuntu Security Notice USN-3406-1
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3406-1 - It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7914, CVE-2017-7261, CVE-2017-7273, CVE-2017-7487, CVE-2017-7495, CVE-2017-7616
MD5 | ab3d93c5b082693198c7dd03e2550762
Ubuntu Security Notice USN-3405-2
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3405-2 - USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, osx, ubuntu
advisories | CVE-2015-7837, CVE-2017-11176, CVE-2017-7495, CVE-2017-7541
MD5 | be8ba4251d1774d576a5d0cbdadc62c4
Ubuntu Security Notice USN-3405-1
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3405-1 - It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7837, CVE-2017-11176, CVE-2017-7495, CVE-2017-7541
MD5 | 179b8f597770848ddee280743b07f0a7
Ubuntu Security Notice USN-3404-2
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3404-2 - USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-7487
MD5 | a970f8e5eb195519cf353a052dfb1002
Page 1 of 505
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    18 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    2 Files
  • 25
    Sep 25th
    19 Files
  • 26
    Sep 26th
    12 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close