what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-05-09

Ubuntu Security Notice USN-3282-1
Posted May 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3282-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-8105, CVE-2017-8287
SHA-256 | c20e6157da255e5691fafdbd29651840fab9fa9b06cfa6230726306226742d1a
Ubuntu Security Notice USN-3281-1
Posted May 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3281-1 - Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

tags | advisory, remote, denial of service, xxe
systems | linux, ubuntu
advisories | CVE-2017-5661
SHA-256 | 96534975d89ea16447ab1b43e9819d07d885dc2eda79326467583591d02797af
Ubuntu Security Notice USN-3280-1
Posted May 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3280-1 - Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

tags | advisory, remote, denial of service, xxe
systems | linux, ubuntu
advisories | CVE-2017-5662
SHA-256 | e1e1e8865f980dc06df57b6325f1c29578143f1f4a46dd0d2421e9ca30d67d13
Ubuntu Security Notice USN-3279-1
Posted May 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3279-1 - It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-8743
SHA-256 | bbdfa79eba72bc753893522747a5eb3bf4a031465d01c2e221814594c43835ba
I, Librarian PDF Manager 4.6 / 4.7 Command Injection / SSRF / Enumeration
Posted May 9, 2017
Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh | Site sec-consult.com

I, Librarian PDF Manager versions 4.6 and below along with version 4.7 suffer from command injection, server-side request forgery, cross site scripting, and directory enumeration vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7c325bdc1f88a6aa340e376d6463a768c9678e77c7cc0d563169c21c0f5a558f
Veritas Netbackup 8.0 File Write / Remote Code Execution / Bypass
Posted May 9, 2017
Authored by Google Security Research, Sven Blumenstein, Xiaoran Wang

Veritas Netbackup version 8.0 suffers from remote command execution, file write, and DNS bypass vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | 9441d41af1473797296fc43ddefaf261661c75dd930e41a49cd61d55438c61b7
Google Nexus 9 SensorHub Firmware Downgrade
Posted May 9, 2017
Authored by Roee Hay

Google Nexus 9 SensorHub firmware suffers from a downgrade vulnerability.

tags | advisory
advisories | CVE-2017-0582
SHA-256 | 2e333ae95fe2406ff357ae559841fa415ab16be941f0e11c2c726abab2919d30
Debian Security Advisory 3846-1
Posted May 9, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3846-1 - Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802
SHA-256 | 577b9b3ad2543c0f2b7f98bfb730def0edccd26ed743626f08539aa256ff2d93
Debian Security Advisory 3845-1
Posted May 9, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3845-1 - Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2017-8779
SHA-256 | 7a8b8ee3c3a5ef9eae5d5ea439c099ab96484001aea09ca6539efce6324e98a8
Red Hat Security Advisory 2017-1204-01
Posted May 9, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1204-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
SHA-256 | 026a2f73a4a83285e782b73be66c71ff69818cef1c112b02e27f65761d6b2f98
Microsoft Security Bulletin Summary For May, 2017
Posted May 9, 2017
Site microsoft.com

This bulletin summary lists the security update for Microsoft Malware Protection Engine to address a recently discovered zero day vulnerability from May of 2017.

tags | advisory
SHA-256 | 11cdda08fce58e898bf956bec66db76fb7fa50ea4531e08200a7b627470148e8
WordPress Clean Login Cross Site Request Forgery
Posted May 9, 2017
Authored by Zhiyang Zeng

WordPress Clean Login plugin versions prior to 1.8 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 6d8f8eb3f120167733389394fe39eff5500ef278c7bbafa598e88a0410e386dc
LG mkvparser::Tracks Failed Pointer Initialization
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from a failure to initialize pointer in the mkvparser::Tracks constructor.

tags | exploit
SHA-256 | dc1f3e39b2a0f4669be5404225183524e54f78ef582455769f350076b5800172
LG mkvparser::Block::Block Heap Buffer Overflows
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple heap buffer overflow vulnerabilities in mkvparser::Block::Block.

tags | exploit, overflow, vulnerability
SHA-256 | 702a3130b0cc9fea19b21e7a228efefb25a5c5f5d437d3d4311fb47fdbfe04b2
LG liblg_parser_mkv.so Bad Allocation Calls
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

During EBML node parsing the EBML element_size is used unvalidated to allocate a stack buffer to store the element contents. Since calls to alloca simply compile to a subtraction from the current stack pointer, for large sizes this can result in memory corruption and potential remote-code-execution in the mediaserver process. Tested on an LG-G4 with firmware MRA58K.

tags | exploit, remote
SHA-256 | fead583452cca3b0aff0b1e5d1c60e83a1131d969e79b214c620dd57f7a19180
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close