exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2017-04-20

Ubuntu Security Notice USN-3261-1
Posted Apr 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3261-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10028, CVE-2016-10029, CVE-2016-10155, CVE-2016-7907, CVE-2016-8667, CVE-2016-8669, CVE-2016-9381, CVE-2016-9602, CVE-2016-9603, CVE-2016-9776, CVE-2016-9845, CVE-2016-9846, CVE-2016-9907, CVE-2016-9908, CVE-2016-9911, CVE-2016-9912, CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916, CVE-2016-9921, CVE-2016-9922, CVE-2017-2615, CVE-2017-2620, CVE-2017-2633, CVE-2017-5525, CVE-2017-5526, CVE-2017-5552
SHA-256 | 59e4c93cf0110c0dfbf04c8437a5671ce02bce5e5d84b925280c13d41fc38a3b
WordPress Connection Information Cross Site Request Forgery
Posted Apr 20, 2017
Authored by Yorick Koster, Securify B.V.

The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.

tags | exploit, csrf
SHA-256 | b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4db
Safari Browser Memory Corruption
Posted Apr 20, 2017
Authored by Google Security Research, natashenka

Safari suffers from an out-of-bounds memcpy in Array.concat that can lead to memory corruption.

tags | exploit
advisories | CVE-2017-2464
SHA-256 | 6db1ba6357b6b2691d74c0fe51123d940627a490bc8ab5b483b0f2bce87edc4d
Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF
Posted Apr 20, 2017
Authored by Roman Shalymov

Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2017-3546
SHA-256 | 81aa80e8e24be6f11845f3fa0201b4cd2ffe96706536ef956f09b8e1e3273132
Oracle E-Business Suite 12.2.3 SQL Injection
Posted Apr 20, 2017
Authored by Dmitry Chastuhin

Oracle E-Business Suite version 12.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-3549
SHA-256 | fdf11a3dbf17bfa298933d15dd12fc9860d85cbb06c02b150b5ba4663131b3fa
Oracle PeopleSoft HCM 9.2 XXE Injection
Posted Apr 20, 2017
Authored by Nadya Krivdyuk

Oracle PeopleSoft HCM version 9.2 on PeopleTools version 8.55 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2017-3548
SHA-256 | 6363b44c5b3ced6660487c0a4fe15d05600db5204a0187bd979e6984d878d6d5
Microsoft Windows IFEO Winlogin SYSTEM Backdooring Exploit
Posted Apr 20, 2017
Authored by Todor Donev

Microsoft Windows IFEO Winlogin SYSTEM backdooring exploit.

tags | exploit
systems | windows
SHA-256 | 1fc463280ed7deb7ca3c298d64a41c7d6fa69fba4c36a4d6a020e8902bc1b58f
Hack In The Box GSEC 3 Call For Papers
Posted Apr 20, 2017
Site gsec.hitb.org

Final call for the third annual Hack In The Box (HITB) GSEC conference in Singapore. HITB GSEC is a 2-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for.

tags | paper, conference
SHA-256 | 85d61afc8c13b8580a663c330c843f7ac599313b9049451e804b39ca62cf0a0a
October CMS 1.0.412 Code Execution / Shell Upload
Posted Apr 20, 2017
Authored by Anti Rais

October CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss
SHA-256 | f133ae1a00c61dc5828a8d5a4a01eaa1cff8d008fd292fc06836a939242285de
Red Hat Security Advisory 2017-1105-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1105-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-3136, CVE-2017-3137
SHA-256 | 750af2cfd7077f5aa560bd12ea85be9ce9139025ffa43ec631dfd047484d2561
Debian Security Advisory 3831-1
Posted Apr 20, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3831-1 - Multiple security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, web, denial of service, overflow, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469
SHA-256 | 9f8afcaa8534d688f0dd1dd3c0d064eef7b1fcae026986da712b8b6b03fe1800
Red Hat Security Advisory 2017-1104-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1104-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469
SHA-256 | 9350a027ac8628e3af82814a68c801c0d7e4f4e003b6f5c9e5bdf5490ce62adc
Red Hat Security Advisory 2017-1103-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1103-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
SHA-256 | 8879a424bb1c3928b3b4f7e204a7098732401cbad6c42ca0fc9c718c5bf6c221
Red Hat Security Advisory 2017-1102-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1102-01 - The nss-util packages provide utilities for use with the Network Security Services libraries. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
SHA-256 | c7f230b0e58e5d451f7aa479cc74be262fbf2586e9cbac99fa85bbfd783237d0
Red Hat Security Advisory 2017-1101-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1101-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
SHA-256 | 204e849c347141be42c022cef5fff520849da9d78fcb1d02c4964d1fc214cbdb
Red Hat Security Advisory 2017-1100-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1100-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer upstream version: nss, nss-util. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-5461
SHA-256 | 16fa2b2d78a669af78b0ace268f81e3cdcfdd64198ae4f91dbb9192f2b5545a1
Packet Fence 7.0.0
Posted Apr 20, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added provisioning support for SentinelOne. Added MariaDB Galera cluster support. All services are now handled by systemd. Various other updates and improvements.
tags | tool, remote
systems | unix
SHA-256 | 99b70cdb729b092207b71d1d88efce8610c32e7c46bc6d523820f386ee2b5ed3
VirtualBox 5.0.32 Windows Process COM Injection Privilege Escalation
Posted Apr 20, 2017
Authored by Google Security Research, forshaw

The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.

tags | exploit, arbitrary
advisories | CVE-2017-3563
SHA-256 | 354c5c8d7eae3710b64e963597225ed3690fa9c1db8f9c46391d756eae87a99d
Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-8584
SHA-256 | f3d0c6f0cf0554ddc299fbc8d195e141b856a55387d41d3608fe3e2b833dc7a6
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.

tags | exploit, cgi, info disclosure
advisories | CVE-2016-7547
SHA-256 | 2b95ab05b45548336e8b0ff756872ed3b5e7c96533959277415f4b7a3ac66de3
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion
advisories | CVE-2016-7552
SHA-256 | 2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
SHA-256 | 831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
SHA-256 | 02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8586
SHA-256 | af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48be
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8587
SHA-256 | 31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close