exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-12-04

Arq Backup 5.9.6 Local Root Privilege Escalation
Posted Dec 4, 2017
Authored by Mark Wadham

Arq Backup versions 5.9.6 and below suffer from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2017-15357
SHA-256 | a8078489ae3112377e923fe44809106e30c34682850a4d772cca05762de49e97
Ubuntu Security Notice USN-3503-1
Posted Dec 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3503-1 - It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000159
SHA-256 | d201d39d2c1d2e1dd7df93da31a662f8729f1bb83bd87f72a0835d00eb9267ce
Ubuntu Security Notice USN-3498-2
Posted Dec 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3498-2 - USN-3498-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-8817
SHA-256 | 79d356ac424465ef01183fafcb141ab4f90d0f1d251560a42551d753495ae1fa
Red Hat Security Advisory 2017-3382-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3382-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-7843
SHA-256 | 2324e95575ad13c5583017748ce56a49920dd2b8c7fd3bc8aea8d907e070afdc
Red Hat Security Advisory 2017-3379-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3379-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix: It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

tags | advisory, remote, local
systems | linux, redhat
advisories | CVE-2017-12173
SHA-256 | dea99acda0368239d3aafad33e3fc3ca13f9ec7dc4fe436b72b967535a811c17
Red Hat Security Advisory 2017-3375-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3375-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.2 was retired as of November 30, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.2 EUS after November 30, 2017.

tags | advisory
systems | linux, redhat
SHA-256 | ac590f84fc989afb28d216e52afec1e31806d31279d556a1a0c5106a9c331c05
Red Hat Security Advisory 2017-3376-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3376-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.5 was retired as of November 30, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.5 TUS after November 30, 2017.

tags | advisory
systems | linux, redhat
SHA-256 | b82cb752a46cf1a6813549e6ea109a70eeeb635fe08dba14bc05ec91648cc8d9
Amazon Audible DLL Hijacking
Posted Dec 4, 2017
Authored by Himanshu Mehta

Amazon Audible suffers from a dll hijacking vulnerability.

tags | exploit
advisories | CVE-2017-17069
SHA-256 | d06335d1506e97d7df0b428d5f73ff5ba77d5927e57dc2c61decf3c756986aa6
0d1n 2.5
Posted Dec 4, 2017
Authored by Cooler

0d1n is a web security tool for fuzzing various HTTP/S payloads. It's written in C and uses libcurl.

Changes: Various updates.
tags | tool, web, scanner
systems | unix
SHA-256 | b5f6f8044dd14a4c09f0287b29a8ead5e3e80ad65b1270dc22eaa09ca077c1dc
TOR Virtual Network Tunneling Tool 0.3.1.9
Posted Dec 4, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.1.9 backports important security and stability fixes from the 0.3.2 development series.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 6e1b04f7890e782fd56014a0de5075e4ab29b52a35d8bca1f6b80c93f58f3d26
Red Hat Security Advisory 2017-3372-01
Posted Dec 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3372-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
SHA-256 | 6b1d275afe40471b45a0ce2400da019aa8aa6e21260f9401fa33d98774aa13aa
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
Posted Dec 4, 2017
Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh | Site sec-consult.com

OpenEMR version 5.0.0 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
SHA-256 | cb323afd4eb9936c8fd21b2415f3e7b565e714471a0bae50bb61af03fdd63c92
WAGO PFC 200 Series Authentication Bypass
Posted Dec 4, 2017
Authored by T. Weber | Site sec-consult.com

WAGO PFC 200 Series suffers from multiple unauthenticated access bypass vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 2c11a47b7528a16c740e127eb7874b0b322256809e96287c94d0d4c80bcc54cf
FortiGate SSL VPN Portal 5.x Cross Site Scripting
Posted Dec 4, 2017
Authored by Stefan Viehboeck | Site sec-consult.com

FortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14186
SHA-256 | b2d5f1ba485a9729c93cfe8c29db752eb3863fb1cf9c67796c558e28b07dd9e9
Asterisk Project Security Advisory - AST-2017-013
Posted Dec 4, 2017
Authored by Juan Sacco | Site asterisk.org

Asterisk Project Security Advisory - If the chan_skinny (AKA SCCP protocol) channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind.

tags | advisory, protocol
SHA-256 | 6c078a611791f3370bae6360f94dc066396a952b66d50dee0290bc8009744060
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close