all things security
Showing 51 - 75 of 12,651 RSS Feed

Local Files

Red Hat Security Advisory 2017-2687-01
Posted Sep 13, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2687-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth .

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | 2342b8b7b1ca08c0a3b76053b00d585b
WiseGiga NAS CSRF / LFI / Command Execution
Posted Sep 11, 2017
Authored by Pierre Kim

WiseGiga NAS suffers from cross site request forgery, local file inclusion, command execution, and default credential vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 047939def71293ad9bd51f3067e33736
Red Hat Security Advisory 2017-2649-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2649-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. The following packages have been upgraded to a later upstream version: instack-undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | 48816aa15d562c358a7c782fae623777
Kernel Live Patch Security Notice LSN-0029-1
Posted Aug 30, 2017
Authored by Benjamin M. Romer

It was discovered that the Linux kernel did not honor the UEFI secure boot mode when performing a kexec operation. A local attacker could use this to bypass secure boot restrictions. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2015-7837, CVE-2017-7495
MD5 | e1cdddf8c51cfb6dc9e25a8466744db4
Red Hat Security Advisory 2017-2557-01
Posted Aug 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2557-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth .

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
MD5 | eb6549b47b20bcfae458faf55439236f
Ubuntu Security Notice USN-3406-2
Posted Aug 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3406-2 - USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7914, CVE-2017-7261, CVE-2017-7273, CVE-2017-7487, CVE-2017-7495, CVE-2017-7616
MD5 | bcb9b54a8a5556c6daf2c16f77e97ad7
Ubuntu Security Notice USN-3406-1
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3406-1 - It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7914, CVE-2017-7261, CVE-2017-7273, CVE-2017-7487, CVE-2017-7495, CVE-2017-7616
MD5 | ab3d93c5b082693198c7dd03e2550762
Ubuntu Security Notice USN-3405-2
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3405-2 - USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, osx, ubuntu
advisories | CVE-2015-7837, CVE-2017-11176, CVE-2017-7495, CVE-2017-7541
MD5 | be8ba4251d1774d576a5d0cbdadc62c4
Ubuntu Security Notice USN-3405-1
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3405-1 - It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7837, CVE-2017-11176, CVE-2017-7495, CVE-2017-7541
MD5 | 179b8f597770848ddee280743b07f0a7
Ubuntu Security Notice USN-3404-2
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3404-2 - USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-7487
MD5 | a970f8e5eb195519cf353a052dfb1002
Ubuntu Security Notice USN-3404-1
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3404-1 - A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-7487
MD5 | 0c10766d1d75847f4d3bc58da124b0a0
Sandboxie 5.20 Denial Of Service
Posted Aug 24, 2017
Authored by Anurag Srivastava

Sandboxie version 5.20 local denial of service exploit.

tags | exploit, denial of service, local
MD5 | 05150330f083538add84d997e99fa119
Debian Security Advisory 3951-1
Posted Aug 23, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3951-1 - Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation.

tags | advisory, local
systems | linux, debian
advisories | CVE-2017-8849
MD5 | cd62ea77e544e3c16423e462608118a7
VMware VDP Known SSH Key
Posted Aug 22, 2017
Authored by phroxvs | Site metasploit.com

VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password.

tags | exploit, local
advisories | CVE-2016-7456
MD5 | 78afbce4852e1d46d51d532f9a44d891
Red Hat Security Advisory 2017-2492-01
Posted Aug 22, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2492-01 - XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Security Fix: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service.

tags | advisory, web, denial of service, local, info disclosure
systems | linux, redhat
advisories | CVE-2017-1000061
MD5 | 819cb939df0a91198cf7f34e6d3f07d8
MS05-051 Scan 1.0 Buffer Overflow
Posted Aug 18, 2017
Authored by Anurag Srivastava

MS05-039 Scan version 1.0 hostname / IP field local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
MD5 | 220466729f7d646f04bfa6d4f96f833a
MS05-039 Scan 1.0 Buffer Overflow
Posted Aug 18, 2017
Authored by Anurag Srivastava

MS05-039 Scan version 1.0 Hostname / IP field local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
MD5 | 394e9ea4b3eb977bf9e15c2d5d678161
Kernel Live Patch Security Notice LSN-0028-1
Posted Aug 18, 2017
Authored by Benjamin M. Romer

Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, udp
systems | linux
advisories | CVE-2017-1000111, CVE-2017-1000112
MD5 | c8908f6bf286f4cf4b1a6341a51852ff
Ubuntu Security Notice USN-3392-1
Posted Aug 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3392-1 - USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000365, CVE-2017-10810, CVE-2017-7482, CVE-2017-7533
MD5 | ffd40fa2f174465003ab0558d699709a
Red Hat Security Advisory 2017-2477-01
Posted Aug 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2477-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3254, CVE-2017-5637, CVE-2017-7525
MD5 | 37d93b84d3edb7ddc8db9bcf386e93c5
Xamarin Studio For Mac 6.2.1 (Build 3) / 6.3 (Build 863) Privilege Escalation
Posted Aug 14, 2017
Authored by Yorick Koster, Securify B.V.

Xamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 0eb7c4204f9e48e3f70079bf8624f7da
Ubuntu Security Notice USN-3382-1
Posted Aug 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3382-1 - It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, local, php
systems | linux, ubuntu
advisories | CVE-2015-8994, CVE-2016-10397, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11362, CVE-2017-11628, CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
MD5 | 984ca408a3f1b29c60c732d8e6ab82d4
Ubuntu Security Notice USN-3386-2
Posted Aug 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3386-2 - USN-3386-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, udp, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000111, CVE-2017-1000112
MD5 | 245b433e13a5564b7156e05c3370eec7
Ubuntu Security Notice USN-3386-1
Posted Aug 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3386-1 - Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2017-1000111, CVE-2017-1000112
MD5 | db8abfde2995ca9573a601d639910c06
Ubuntu Security Notice USN-3385-2
Posted Aug 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3385-2 - USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, udp, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000111, CVE-2017-1000112
MD5 | 2947313225a541781e5aabb22f271277
Page 3 of 506
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close