what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-05-16

Ubuntu Security Notice USN-3275-2
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3275-2 - USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.

tags | advisory, java, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
SHA-256 | 4f21667f05e9140f4f1c8350046f6031922bc511769015c43e35d6c0ce3b2c5c
Red Hat Security Advisory 2017-1232-01
Posted May 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-2636
SHA-256 | 5320ffedef283ff1f76aecce917fe67e21a02ba281439a96af56abccb5937cff
Red Hat Security Advisory 2017-1233-01
Posted May 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1233-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-2636
SHA-256 | aa5c908b13897fd2c9c4cf722fa84fe657869cd1437682227963a27f534ffa96
Ubuntu Security Notice USN-3272-2
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10217, CVE-2016-10219, CVE-2017-8291
SHA-256 | 89c2956bcc647b7f0010cbff3cb81eb6291d199296a26e5a2dd4b1eacc632b49
Ubuntu Security Notice USN-3289-1
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-7377, CVE-2017-7718, CVE-2017-7980, CVE-2017-8086, CVE-2017-8309, CVE-2017-8379
SHA-256 | dde5185a850c3ac4a506f63cc22dbe863cf22505aee84dd81835562d4980c02a
NextCloud / OwnCloud Cross Site Scripting
Posted May 16, 2017
Authored by Manuel Mancera

NextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected.

tags | exploit, xss
advisories | CVE-2017-0891
SHA-256 | 65879de6c3bc16a06a84fa76fc56c4fec014ee26d19bb377b0cde628a8e097a2
HP Wireless Mouse Spoofing Issue
Posted May 16, 2017
Authored by Micha Borrmann, Matthias Deeg | Site syss.de

HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.

tags | advisory
SHA-256 | 397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1b
Microsoft Windows win32k!xxxClientLpkDrawTextEx Memory Disclosure
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a stack memory disclosure vulnerability in win32k!xxxClientLpkDrawTextEx.

tags | exploit
systems | windows
advisories | CVE-2017-0245
SHA-256 | 58a16953958dd050621e1702b09e1edc735d52fbfcdb7a31a10af1e565faf705
Microsoft Windows Kernel nt!NtTraceControl Memory Disclosure
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

The handler of the nt!NtTraceControl system call (specifically the EtwpSetProviderTraitsUm functionality, opcode 0x1E) discloses portions of uninitialized pool memory to user-mode clients on Microsoft Windows 10 systems.

tags | exploit
systems | windows
advisories | CVE-2017-0259
SHA-256 | e4b83ed0279f0bf7126f660bff80c3238477bad783d8653366676ce865e7a606
Microsoft Windows Kernel DACL Descriptor Uninitialized Memory
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows kernel suffers from an uninitialized memory issue in the default DACL descriptor of system processes token.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0258
SHA-256 | 339b484718a60bc84bf91af536895aefacc2adfe2b2c1224af92554d1cd7c623
Microsoft Windows Kernel bind() Out-Of-Bounds Read
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Two related bugs have been discovered in the Microsoft Windows kernel code responsible for implementing the bind() socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the allocated pool-based buffer memory area, potentially allowing user-mode applications to disclose kernel-mode secrets. They can also be exploited to trigger a blue screen of death and therefore a denial of service condition.

tags | exploit, denial of service, kernel
systems | windows
advisories | CVE-2017-0175, CVE-2017-0220
SHA-256 | 9b41916531e305ccf017e5064b5a3412788fbaa21187262224130f6886d5a773
Falco 0.6.1
Posted May 16, 2017
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Small changes to token bucket used to throttle falco events. Various other fixes and changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | f1c664cfcf190edcaf95a44ac11285e6ef859e617d52126ee06f96bda526936e
Payload Mask 0.2
Posted May 16, 2017
Authored by coolervoid

Payload Mask is a payload editor that can mutate an initial dataset.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 305f7803a9c231582d3d54c3625bc4de03dbb62b3df631af072a7c95e42ed317
TOR Virtual Network Tunneling Tool 0.3.0.7
Posted May 16, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions of Tor 0.3.0.x, where an attacker could cause a Tor relay process to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; clients are not affected.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 9640c4448ef3cad7237c68ed6984e705db8fb2b9d6bb74c8815d01bb06527d02
Apple Security Advisory 2017-05-15-7
Posted May 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-05-15-7 - Safari 10.1.1 is now available and addresses denial of service, spoofing, code execution, and various other vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
SHA-256 | f184953a7037280d7e4e373cfd587685f3e1437bdc9f7b89a0745d9c829ee388
Apple Security Advisory 2017-05-15-6
Posted May 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-05-15-6 - iTunes 12.6.1 is now available and addresses memory corruption issues.

tags | advisory
systems | apple
advisories | CVE-2017-6984
SHA-256 | 15175fee8a41ad4cab3937c3fca580d717aedde85bec2691e3a21ba00c8dd8ef
Ubuntu Security Notice USN-3288-1
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3288-1 - It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802
SHA-256 | 0bd4647cbf3608a8faab43b87222895eed8cee87221307f7e8b473c98e823c9f
PlaySms 1.4 Remote Code Execution
Posted May 16, 2017
Authored by Touhid M.Shaikh

PlaySms version 1.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 9878587e8dfdd2451061b778be33b8def9e7dcb8aa71d1ad6556d9627a73ab36
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close