This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.
051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159dKarjaSoft Sami FTP server version 2.0.2 USER/PASS remote buffer overflow SEH exploit.
06ce9ca76804b0440a127ed19b7ae0cd94303737e937f7a3f96b13a929bb813cA specially crafted webpage can cause Microsoft Internet Explorer to reallocate a memory buffer in order to grow it in size. The original buffer will be copied to newly allocated memory and then freed. The code continues to use the freed copy of the buffer.
3dcbd15f1686902d2440fd693ec5986ce00f13147b6d267999345ec3f1440334Moodle CMS versions 3.1.2 and below suffer from cross site scripting and file upload vulnerabilities.
662d1fe9fb791dc762b4fbfc2bbea2278cd8e07fe05e4b90cb09f317c959adfbThe fifth internal conference on cyber security, cyber welfare, and digital forensics (CyberSec2017) has announced its call for papers. It will be held April 22nd through the 24th, 2017 at St. Mary's University, Addis Ababa, Ethiopia.
73bd800ee9253aabe73160432aeb3cf61367159859ee4d875b5aff7d6d90d50ddotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities.
a54ada06f8d6aa3e53325d0f82db718e690aa6788d01901bab2662c50fa64311Ubuntu Security Notice 3119-1 - Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
3ac1d66d227d070f6e891d027b432ac51f46ad9faf3252f68da449a428acc1b7Red Hat Security Advisory 2016-2135-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.6 was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.6 EUS after October 31, 2016.
8aabf1804c1e098aaaadd3172ea9d3f091fc857803d19d7872e139967e085b92Red Hat Security Advisory 2016-2134-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016.
6742c624d777b256beaaa004e299cadaa818865ca22a7523f299820985d91684Ubuntu Security Notice 3118-1 - It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. Various other issues were also addressed.
86d40e7046763552f68f7f4ae496da340a76291e0d1557f6f720fe8ac4909166Ubuntu Security Notice 3116-1 - It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue is only exposed to unprivileged users when the fix for CVE-2015-0245 is not applied, hence this issue is only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated as a preventative measure in the event that a new attack vector for this issue is discovered. Various other issues were also addressed.
67101c4e6507897aa7f48d3358d4f1aa0de30612b876d3ed686adc70d4abfbe2Ubuntu Security Notice 3115-1 - Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. Aymeric Augustin discovered that Django incorrectly validated hosts when being run with the debug setting enabled. A remote attacker could possibly use this issue to perform DNS rebinding attacks. Various other issues were also addressed.
5c1c9d1d1e38a457538fe86e55cd49a207d781efdf2c75c50ac71022097da8d7Ubuntu Security Notice 3117-1 - Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
36e583c160832db3a4221ebf8d72c02ad396a5f1f28cd42e11a199e883783275Freefloat FTP server version 1.0 ABOR command buffer overflow exploit.
48c6ed89fb8dc559cf6d3291717e23ae718ef6db6b49460499c04a0e0db25422Freefloat FTP server version 1.0 RMD command buffer overflow exploit.
37de51e9985c33bdae2ffcaa78076d254ce24c6f1eceb18d35d68b8e0240a6dbFreefloat FTP server version 1.0 HOST command buffer overflow exploit.
f3fe1473914d09edce88d1f31a06d226e83ceb97a6bf6db957302ec0c144b034PCMAN FTP server version 2.0.7 DELETE command buffer overflow exploit.
fea5685929f405c5b19e46232f7cdde7a186d60d7bd7e618a62ff01b1a1b7556My Little Forum version 2.3.7 suffers from a file disclosure vulnerability.
c18a6203a9e4bb5eeebc96801127f2d75d2c82759b99576601ec24b90ef855ddMy Little Forum version 2.3.7 suffers from backup disclosure, cross site request forgery, and multiple cross site scripting vulnerabilities.
a59ee3903fda11c485d0df52fb168d32bef192bfabf5d14bf386c76c4cb86a02Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174Mounting a crafted EXT4 image as read-only leads to a kernel panic. Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB-device is required.
011b753ceacca2ffb6904932ea2a749ae06dce8d32cca4a615dce413d005e946The Hack In The Box 2017 AMS Call For Papers is now open. The conference will be held at the NH Grand Krasnapolsky in Amsterdam from the 10th till the 14th of April.
43d29aea51be8516f249247179e78053bcaeda6c26946509691bdc2f4ab79d2eSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
a2454cab6bc2da100e2ddc5b02ac8b8001b701b62fe5ce589884aaff9478fd69Slackware Security Advisory - New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
ef93f6a939a6068bbeaf1303f22af5dfc3a18cc982d6a9887ba77453a429439fSlackware Security Advisory - New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
f8fcc22375b6604ef5e4a963a7b595a0d29db47e446fdba9f545ace0f1e0f696
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed