all things security
Showing 101 - 125 of 26,104 RSS Feed

Vulnerability Files

Ubuntu Security Notice USN-3313-2
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3313-2 - USN-3313-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the trace subsystem in the Linux kernel. A privileged local attacker could use this to execute arbitrary code.

tags | advisory, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0605
MD5 | 4f0559a9b5b369d078354a8eeb81aff4
EternalBlue Exploit Analysis And Port To Microsoft Windows 10
Posted Jun 7, 2017
Authored by Sean Dillon, Dylan Davis

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.

tags | paper, remote, kernel, vulnerability, code execution
systems | windows, xp, 7
MD5 | 0e04e472a5f9e98389f5f1e13ec2bf50
Robert 0.5 CSRF / XSS / Directory Traversal / SQL Injection
Posted Jun 7, 2017
Authored by Cyril Vallicari

Robert version 0.5 suffers from cross site request forgery, cross site scripting, remote SQL injection, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion, csrf
MD5 | cfd060cdd873a90420373f8cc4f97108
Gentoo Linux Security Advisory 201706-05
Posted Jun 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-5 - Multiple vulnerabilities in D-Bus might allow an attacker to overwrite files with a fixed filename in arbitrary directories or conduct a symlink attack. Versions less than 1.10.18 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
MD5 | b11c3e4971c7add6b31d77460e60ad40
Gentoo Linux Security Advisory 201706-03
Posted Jun 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-3 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.9.0-r2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-9603, CVE-2017-7377, CVE-2017-7471, CVE-2017-7493, CVE-2017-7718, CVE-2017-7980, CVE-2017-8086, CVE-2017-8112, CVE-2017-8309, CVE-2017-8379, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330
MD5 | 8fed197672d9b924dba0615240e3f96b
Gentoo Linux Security Advisory 201706-02
Posted Jun 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-2 - Multiple vulnerabilities have been found in Shadow, the worst of which might allow privilege escalation. Versions less than 4.4-r2 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2016-6252, CVE-2017-2616
MD5 | 72a0bba7fe45a0a45659cc3c714a204b
Gentoo Linux Security Advisory 201706-08
Posted Jun 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-8 - Multiple vulnerabilities have been found in MuPDF, the worst of which allows remote attackers to cause a Denial of Service condition or have other unspecified impact. Versions less than 1.11-r1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10221, CVE-2017-5991, CVE-2017-6060
MD5 | 97d60f4b0f62277d738ba98d1327e602
Gentoo Linux Security Advisory 201706-06
Posted Jun 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-6 - Multiple vulnerabilities have been found in ImageWorsener, the worst of which allows remote attackers to cause a Denial of Service condition or have other unspecified impact. Versions less than 1.3.1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-7452, CVE-2017-7453, CVE-2017-7454, CVE-2017-7939, CVE-2017-7940, CVE-2017-7962, CVE-2017-8325, CVE-2017-8326, CVE-2017-8327
MD5 | 5925380b1e2c7f1b7d65b30ad069528a
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
Posted Jun 5, 2017
Authored by Eric Sesterhenn, Claus Overbeck

Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2017-8835, CVE-2017-8836, CVE-2017-8837, CVE-2017-8838, CVE-2017-8839, CVE-2017-8840, CVE-2017-8841
MD5 | 36d56c06b635fb1596ea43530b5b607e
HP Security Bulletin HPESBHF03756 1
Posted Jun 5, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03756 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 500b8f2098c44c7b3a1c12a8c1e13b95
WordPress Tribulant Newsletters 4.6.4.2 XSS / File Disclosure
Posted Jun 2, 2017
Authored by DefenseCode, Neven Biruski

WordPress Tribulant Newsletters plugin versions 4.6.4.2 and below suffer from cross site scripting and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b670de76da3bd53baa8500a2963d55cf
Debian Security Advisory 3870-1
Posted Jun 1, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3870-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.

tags | advisory, remote, web, vulnerability, xss, csrf
systems | linux, debian
advisories | CVE-2017-8295, CVE-2017-9061, CVE-2017-9062, CVE-2017-9063, CVE-2017-9064, CVE-2017-9065
MD5 | 34393add3f849a2fcd80e1d68c82c1e4
OV3 Online Administration 3.0 SQL Injection
Posted May 31, 2017
Authored by LiquidWorm | Site zeroscience.mk

OV3 Online Administration version 3.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | b45182a216390d5400da665f979cc9ad
WordPress Simple Slideshow Manager 2.2 Cross Site Scripting
Posted May 31, 2017
Authored by DefenseCode, Neven Biruski

WordPress Simple Slideshow Manager plugin versions 2.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 6cafb010fb20043a5898706c8f032a6d
KEMP LoadMaster 7.135.0.13245 XSS / Code Execution
Posted May 31, 2017
Site securiteam.com

KEMP LoadMaster version 7.135.0.13245 suffers from persistent cross site scripting and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss
MD5 | 05f5ea97f61f9b6d72385ba9076f9126
IBM Informix Dynamic Server DLL Injection / Code Execution
Posted May 31, 2017
Site securiteam.com

IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.

tags | exploit, overflow, php, vulnerability
advisories | CVE-2016-2183, CVE-2017-1092
MD5 | acf1047cf6ec465e6ff49df652940fd6
Trend Micro Deep Security 6.5 XXE / Code Execution
Posted May 31, 2017
Site securiteam.com

Trend Micro Deep Security version 6.5 suffers from XML external entity injection, local privilege escalation, and remote code execution vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution
MD5 | 14d6ad8c29d1b68a5710f229a32f0da6
uc-httpd Local File Inclusion / Traversal
Posted May 31, 2017
Authored by keksec

uc-httpd suffers from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 1ea3e2779de86530c91d5d4ec0c8c541
Ubuntu Security Notice USN-3212-2
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3212-2 - USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | b1541180d4f9a3a4648f847e91a05154
Debian Security Advisory 3866-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3866-1 - Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-9022, CVE-2017-9023
MD5 | e141168c88faa0836967ffd625995f62
RealPlayer 18.1.7.344 Memory Corruption
Posted May 29, 2017
Authored by Cody Sixteen

RealPlayer version 18.1.7.344 suffers from memory corruption vulnerabilities.

tags | exploit, vulnerability
MD5 | 016abfd3fbb9683bb3cb4c4d5b774f1e
Acunetix Web Vulnerability Scanner 11 Privilege Escalation
Posted May 29, 2017
Authored by Florian Bogner

Acunetix Web Vulnerability Scanner 11 suffers from multiple local privilege escalation vulnerabilities.

tags | advisory, web, local, vulnerability
MD5 | 8287d902a52c6f50355d39a24e2b843b
WebKitGTK+ Code Execution / DoS / UXSS
Posted May 27, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
MD5 | b14cd9d7fa2fef7e690a45930f9d4746
HP Security Bulletin HPESBHF03730 1
Posted May 27, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03730 1 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
advisories | CVE-2017-5647, CVE-2017-5824, CVE-2017-5825, CVE-2017-5826, CVE-2017-5827, CVE-2017-5828, CVE-2017-5829
MD5 | 400a1bf074861dc3b0aaf57d0d05eeb7
HP Security Bulletin HPESBHF03750 1
Posted May 26, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03750 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5, Comware 7 and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158
MD5 | 692c408c7a93199bb791312c95aec51b
Page 5 of 1,045
Back34567Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close