what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2017-05-10

SAP SAPCAR 721.510 Buffer Overflow
Posted May 10, 2017
Authored by Core Security Technologies, Martin Gallo, Maximiliano Vidal

Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.

tags | exploit, local, code execution
advisories | CVE-2017-8852
SHA-256 | a3d3c8ab85600ad227bf0c9e7815c6b6891b9a726516893c8a904650f83bd791
Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
Posted May 10, 2017
Authored by Tim Herres, Stefan Pietsch | Site foxmole.com

Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2017-7886, CVE-2017-7887, CVE-2017-7888, CVE-2017-8879
SHA-256 | 67e466b14aa97ac21950629117eb4c52ee558b2a3430fa6644da1913cbe9299e
Side Channel Attack Countermeasures In Cryptographic Systems
Posted May 10, 2017
Authored by James Fell

Side channel attacks against cryptographic systems involve identifying ways in which their physical implementations leak useful information. A cryptographic algorithm may be secure on paper but when implemented on physical hardware some of the secret data, such as key bits, may potentially be recovered by an attacker by measuring various physical properties whilst encryption or decryption is being performed. This essay reviews the most successful countermeasures that can be used to make different classes of side channel attacks as difficult as possible. An understanding of basic principles of cryptography is assumed.

tags | paper
SHA-256 | 291a3d1be421c2c85288ddda1845bef8abe134544fe137f42cec5bfcdd6661a4
ASUS Routers CSRF / Information Disclosure
Posted May 10, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

ASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300, RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), and RT-N66W.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf
advisories | CVE-2017-5891, CVE-2017-5892
SHA-256 | c234e4d0097a292327004469b2284cab90e82e534ca260fba018cd3bf48a7f3c
MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution
Posted May 10, 2017
Authored by Juan Sacco

SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. This exploit leverages this vulnerability as described in MS17-010.

tags | exploit, remote, code execution
SHA-256 | a8aa061521a024a2681c43faf9e0f6857ab4aabefda62ecf82da7a024aea3165
Microsoft OneDrive iOS App 8.13 Insecure URI Scheme Handling
Posted May 10, 2017
Authored by Siddhartha Tripathy | Site sec-consult.com

Microsoft OneDrive iOS App version 8.13 suffers from insecure handling of URI schemes.

tags | exploit
systems | ios
SHA-256 | 96331267202453f8bfd241fa5ca12ebd55aa736445faad81735248a4b2b85409
Apache Cordova Android 5.2.2 Information Leak
Posted May 10, 2017
Authored by Mark Ward

Apache Cordova Android versions 5.2.2 and below suffer from an internal system information leak.

tags | advisory
advisories | CVE-2016-6799
SHA-256 | 6d19a43b5483e62b92528c2faf17a5b1fc33d7214f66d7e7ceca23a6b2c3bfd2
Microsoft Security Bulletin Summary For May, 2017
Posted May 10, 2017
Site microsoft.com

This bulletin summary lists 65 critical and 9 important security updates in May, 2017.

tags | advisory
SHA-256 | 29fa485905d0e964fdda0ff2a99ad7bd6074bdef64b59a4fbf3bd355598a59a5
Red Hat Security Advisory 2017-1206-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1206-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
SHA-256 | b02b7173440f427f717685ada5dc95c4b660786f94efef1453ce77af5eac1c51
Red Hat Security Advisory 2017-1205-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1205-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
SHA-256 | 402bb60cbd271f30307359df59a64ca74bc2ac977bcc7313118c66cbb1746a97
Red Hat Security Advisory 2017-1218-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1218-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.3 serves as a replacement for Red Hat JBoss BPM Suite 6.4.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-2674, CVE-2017-7463
SHA-256 | cff127c367e1d9f07b839da483ccc990572a78972f8acfe89e50b9742aa1e162
Red Hat Security Advisory 2017-1217-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1217-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.3 serves as a replacement for Red Hat JBoss BRMS 6.4.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-2674, CVE-2017-7463
SHA-256 | 37af96bbce8aa2373781f64ac81ae8fba02650437693f617e2e04efa4216c603
Red Hat Security Advisory 2017-1216-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1216-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-2183, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3511, CVE-2016-3598, CVE-2016-5542, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259
SHA-256 | 84dd0e9308948c7a415adab659e14d620e0b251a8ae7e925fb16b9d7d3d57359
Red Hat Security Advisory 2017-1209-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1209-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | 2f16680716ad6b5f3fd9b91582d4e0d857c960d828bb14bce374dcbc21b0cbf1
Red Hat Security Advisory 2017-1220-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1220-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
SHA-256 | 093434611ec59119366abea5905399c4e5d1951e04db5c774902cad99f0c8748
Red Hat Security Advisory 2017-1221-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1221-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
SHA-256 | d31a1f3f9663cabb8c237233a9de29b2d5c0712ffe13e391fa754587ba4a28c9
Red Hat Security Advisory 2017-1222-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1222-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP45. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
SHA-256 | 27e1ec4c169d95aad8170c48e9f29e62fed856fda2cf35a34bbd58810fd27feb
Debian Security Advisory 3848-1
Posted May 10, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3848-1 - Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

tags | advisory, shell
systems | linux, debian
advisories | CVE-2017-8386
SHA-256 | d5f4d0dbda23cd7fe43f7014ea89b1af9edd308f0898afd4ecd6d344ec21d543
Ubuntu Security Notice USN-3283-1
Posted May 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3283-1 - Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8270, CVE-2015-8271, CVE-2015-8272
SHA-256 | 13d52bf2c2e32ad2dfb653a2395a3fa6099672a82c8c915815b0de2533e2fc8e
Debian Security Advisory 3847-1
Posted May 10, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3847-1 - Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2016-10013, CVE-2016-10024, CVE-2016-9932, CVE-2017-7228
SHA-256 | ef39c1de6d0ec5018cfe4cea5d3d68ce3dd8f308f08223198e250746818448e3
HPE Security Bulletin HPESBST03739 1
Posted May 10, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBST03739 1 - A potential security vulnerability with Brocade Fabric OS (FOS) has been addressed in HPE StoreFabric B-series Switches. The vulnerability could be remotely exploited to allow an authenticated attacker to elevate the privileges of user accounts. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-8202
SHA-256 | 2e1f5bfed0e3930e58642e19199648ca36ef536663f558ec1eaefc853e74459f
Red Hat Security Advisory 2017-1219-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1219-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.171. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
SHA-256 | 53ae1e257a4ca37b01620988805dd0abd58622b017a285879d5e563ba770f0d1
Gentoo Linux Security Advisory 201705-08
Posted May 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-8 - Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. Versions less than 11.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3395, CVE-2015-3417, CVE-2016-1897, CVE-2016-1898, CVE-2016-2326, CVE-2016-3062
SHA-256 | 66d25d00a1abbc2cdd8a675bbfd3581b789314e3a5329b638213870cf197f768
Gentoo Linux Security Advisory 201705-07
Posted May 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-7 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 45.8.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410
SHA-256 | 93159ecbb12bbc05425aef215d67626d9e4093241fba87c387238cb78823b3ae
Gentoo Linux Security Advisory 201705-06
Posted May 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-6 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 45.8.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410
SHA-256 | 5c6278b966f1faccd5cb8c0f3e153671aa8023269f93b652fd1be783ab33112b
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close