what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 50 RSS Feed

Files Date: 2017-06-21

Debian Security Advisory 3890-1
Posted Jun 21, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.

tags | advisory, remote, web, code execution
systems | linux, debian
advisories | CVE-2017-9736
SHA-256 | d3b0a2661564a655646fd83de4dcfdd1f7291ccd7b17246a3ca2f3735cf09e06
Ubuntu Security Notice USN-3338-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3338-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4997, CVE-2017-1000364
SHA-256 | 652aa8cb5ead97eef35be1bc0b0ca6db11e226fedaf3729f823ae1919d9b0983
Ubuntu Security Notice USN-3335-2
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3335-2 - USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

tags | advisory, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000364
SHA-256 | 1c33f5d44a14e69e5032c978bc430b7b99ada6ca5b272c9e9ca1f553dfe38e87
Ubuntu Security Notice USN-3336-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3336-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-7502
SHA-256 | 87a10d1a6596140376bd51b697cd26f1c93ce8377ca267a8940ec919fe60e175
Ubuntu Security Notice USN-3337-1
Posted Jun 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
SHA-256 | e6c74709da754ef4d68aa49426add68eaab64a9d7bccbf2cec70f93a55f14b37
Red Hat Security Advisory 2017-1558-01
Posted Jun 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1558-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. Security Fix: A cross-site scripting flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2017-7514
SHA-256 | f474229ebd1019436c6d96172292348fa67e7ab7f3fa98f5e4b35c7e2f1a7cd8
Red Hat Security Advisory 2017-1567-01
Posted Jun 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-1000364, CVE-2017-1000366, CVE-2017-7502
SHA-256 | a44f757946233e3a364bd96604e6658ea5f5335e5e0f8ec459d87aed6e053f59
Red Hat Security Advisory 2017-1561-01
Posted Jun 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1561-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
SHA-256 | 502ad26d007c53fa4eb41c7d2c2e6e3149dbaeb0df72f833d10b786f83e62751
Sitecore 7.1 / 7.2 Cross Site Scripting
Posted Jun 21, 2017
Authored by Hamed Izadi

Sitecore versions 7.1 and 7.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7cb804096789262362d1b2e7085815278e8c60bda09cf8641faa39c272e28205
Microsoft Security Bulletin CVE Update For June, 2017
Posted Jun 21, 2017
Site microsoft.com

This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2017-0173, CVE-2017-0193, CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, CVE-2017-0219, CVE-2017-0282, CVE-2017-0283, CVE-2017-0284, CVE-2017-0285, CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-0291, CVE-2017-0292, CVE-2017-0294, CVE-2017-0295, CVE-2017-0296, CVE-2017-0297, CVE-2017-0298, CVE-2017-0299, CVE-2017-0300, CVE-2017-8460, CVE-2017-8462, CVE-2017-8464, CVE-2017-8465, CVE-2017-8466
SHA-256 | 319f129f72880daf729fa0c2761541421d1e20100a405cb2c6d871449553c09c
EMC Isilon OneFS Privilege Escalation
Posted Jun 21, 2017
Site emc.com

EMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 7.1.x, 7.2.0 through 7.2.1.4, 8.0.0 through 8.0.0.3, and 8.0.1.0.

tags | advisory
advisories | CVE-2017-4988
SHA-256 | 3bfca004cf67807c5ac9d6b5dff8c4a178b1f8699f760613c830de6d1631f379
EMC Avamar File Upload / Authentication Bypass
Posted Jun 21, 2017
Site emc.com

EMC Avamar suffers from authentication bypass and remote file upload vulnerabilities.

tags | advisory, remote, vulnerability, file upload
advisories | CVE-2017-4989, CVE-2017-4990
SHA-256 | 7e89b48fe4f81cba31f75621518071ad79aa069b0533deee9712baf2abee8429
WordPress Download Manager 2.9.46 / 2.9.51 Cross Site Scripting
Posted Jun 21, 2017
Authored by Tom Adams

WordPress Download Manager plugin versions 2.9.46 and 2.9.51 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9de753843f33ce3f2dc9d5d13e262f6df0bb99ce7db35001b0177d5ed23072d8
WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal
Posted Jun 21, 2017
Authored by Tom Adams

WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 2e48b2bcd6a9011319d2820c216c197e008cdd23983c64c58a88c29df02fc36b
Unrar VMSF_DELTA Arbitrary Memory Write
Posted Jun 21, 2017
Authored by Thomas Dullien, Google Security Research

It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.

tags | exploit
SHA-256 | 3b8acd8becd11c0b8cca739d5aa19f140cbee2a41f1ddb62a46f97e63d344ea2
Bitdefender Malicious RAR Denial Of Service
Posted Jun 21, 2017
Authored by Thomas Dullien, Google Security Research

Bitdefender AV crashes when fed malicious RAR files from 2013.

tags | exploit
SHA-256 | 4caf1f040e3e33d6970a65f2cf9a0e578182d36dbed0cc6388947a286ae01457
Microsoft Windows Kernel nt!NtQueryInformationWorkerFactory Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0300
SHA-256 | 8640de8913ad18d001d4ce85d7df076bb0c01b500bd2537ba2946961cbb49999
Microsoft Windows Kernel ATMFD.DLL Malformed Index Out-Of-Bounds Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8483
SHA-256 | a21fad8c3cb205d4714174fdb1b13075f47dfb5639a4cd14a715e1e83f945c18
Microsoft Windows Kernel nt!NtQueryInformationResourceManager Stack Memory Disclosure
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationResourceManager (information class 0).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8481
SHA-256 | 6f83a7e9f97c7308a2e6094f5d2727a7e3be211ff7552afafb0056dfae675dc4
Microsoft Windows Uniscribe USP10!otlReverseChainingLookup::apply Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlReverseChainingLookup::apply.

tags | exploit
systems | windows
advisories | CVE-2017-0288
SHA-256 | be7fa96c387b2997b7b82606d8a4c2cada52908fcb4a818666cf5df429c14b22
Microsoft Windows Uniscribe USP10!otlValueRecord::adjustPos Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlValueRecord::adjustPos.

tags | exploit
systems | windows
advisories | CVE-2017-0289
SHA-256 | f9896fa3eb41012f8820a74bd403a8acde8a7832ac07ec863810cca161c5eecb
Microsoft Windows Uniscribe USP10!otlSinglePosLookup::getCoverageTable Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlSinglePosLookup::getCoverageTable.

tags | exploit
systems | windows
advisories | CVE-2017-0287
SHA-256 | 77094d2610c9aa8236ab477f043f6c4a1eb4a28b6fe581cf95b86f0738b3269d
Microsoft Windows Uniscribe USP10!NextCharInLiga Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!NextCharInLiga.

tags | exploit
systems | windows
advisories | CVE-2017-0286
SHA-256 | b305f68a67213890e4773eee3eb6c9f21ac9c97da9b5ecf5ca99a0309abc8272
Microsoft Windows Uniscribe USP10!CreateIndexTable Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!CreateIndexTable.

tags | exploit
systems | windows
advisories | CVE-2017-0282
SHA-256 | 2ea28f694f6036fc0bfdecb1286f1d6097f8970d0a0c9f6846a3fb287c9281da
Microsoft Windows Uniscribe USP10!SubstituteNtoM Out-Of-Bounds Memory Read
Posted Jun 21, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!SubstituteNtoM.

tags | exploit
systems | windows
advisories | CVE-2017-0285
SHA-256 | 5d4367e924b041d433fd9c255f4b18605cc555ec79a4482938bdf3a51448b386
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close