exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2017-07-31

Red Hat Security Advisory 2017-1839-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1839-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-7525
SHA-256 | 1ce77e8008f791047c59b64f6f67fd895b63b533efb776d873bda60eee68a8aa
Ubuntu Security Notice USN-3372-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3372-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-7502
SHA-256 | e388acc86dcf59e73c62e313ac038fabb06265810beaf16fd3db321a90afdfb4
Red Hat Security Advisory 2017-1834-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1834-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
SHA-256 | 8f515b16a851986c500ddf4ed6503d67dd3f7d5c26eead92d7b32eb5b1479c75
Red Hat Security Advisory 2017-1837-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1837-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.7.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
SHA-256 | dc07b245ad6d917f3af654df1bff7e1343625687d28a626a8a04cd51b5dee892
Red Hat Security Advisory 2017-1838-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1838-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
SHA-256 | b8da1a65f0ca936bedb76c56b840e6863ef2bc0aa2a3073a608795956545a09a
Ubuntu Security Notice USN-3373-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3373-1 - Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components function for use by third-party modules. Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection during an HTTP request to an HTTPS port. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679
SHA-256 | 4a9a5dea68311374e8d780883cdb344eae2007b3b5ebe311aa079e3e743f2f21
Red Hat Security Advisory 2017-1835-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1835-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
SHA-256 | 3691e18fee16447c266d5cd96d4cb0974d75008e1132ec48a76ce9bcac67a084
Ubuntu Security Notice USN-3374-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3374-1 - It was discovered that RabbitMQ incorrectly handled MQTT authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-9877
SHA-256 | 447342daddaff1041b3b306feeb7a80790814f09559f4b1da0e7811886211c50
Red Hat Security Advisory 2017-1840-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1840-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-7525
SHA-256 | ddd84e1c28044f497afd84cb2e121261164c88de9c73f5305489781ccea648d2
libvorbis 1.3.5 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis version 1.3.5 can cause a denial of service (OOM) via a crafted wav file.

tags | exploit, denial of service
SHA-256 | 7579257c139a0255d0050c599ca09747f8e3646f71f6269c586a92c46e5abf32
Ubuntu Security Notice USN-3363-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3363-2 - USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | af6b57c695da99e12cc3f5ab75ad730a6c23b4ed2482af57284cd813dc18ec32
Sound eXchange (SoX) 14.4.2 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The startread function in wav.c in Sound eXchange(SoX) version 14.4.2 can cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

tags | exploit, denial of service
SHA-256 | af14da524a2fb01df11b7535dcdaae5b1869c70f4a3349cfc2f7fa546f6b8d34
Salutation Responsive 3.0.15 Cross Site Scripting
Posted Jul 31, 2017
Authored by Tom Adams

Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 436fa0bce96b432cc53cebe95a1a22ae31fb0609f0f4a08f9049bd7a51546ec4
TiMidity++ 2.14.0 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The insert_note_steps function in readmidi.c in TiMidity++ version 2.14.0 can cause a denial of service (divide-by-zero error and application crash) via a crafted mid file.

tags | exploit, denial of service
SHA-256 | 22dd3ae9d9d61dac3e51d459d2c11efba61808fc42ebf8b08223e5399db6479e
Libid3tag 0.15.1b Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The id3_ucs4_length function in ucs4.c in libid3tag version 0.15.1b can cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.

tags | exploit, denial of service
SHA-256 | b165ba6c2059549e131498730a65033270647ae0d9f87b03e7f8557fecc87b97
MEDHOST Connex Hardcoded Password
Posted Jul 31, 2017
Authored by Allen Franks

MEDHOST Connex contains a hard-coded Mirth Connect administrative credential that is used for customer Mirth Connect management access.

tags | exploit
advisories | CVE-2017-11743
SHA-256 | cda33f4b8f74ced06fc2e4ed54419dc5dfee4468eadbb61de781b387fcd999b6
libmad 0.15.1b Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The mad_decoder_run function in decoder.c in libmad version 0.15.1b can cause a denial of service (memory corruption) via a crafted mp3 file.

tags | exploit, denial of service
SHA-256 | c6cce95ec4be2cbec7c267429a6a982988b373f894144e141477d2b2b2f28f67
Ubuntu Security Notice USN-3366-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3366-2 - USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
SHA-256 | e9581a312ef7c1eb2dedb9df0dc68f52b06260cac0f6b85c8b55f77958b4e34e
libao 1.2.0 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The _tokenize_matrix function in audio_out.c in Xiph.Org libao version 1.2.0 can cause a denial of service (memory corruption) via a crafted mp3 file.

tags | exploit, denial of service
SHA-256 | 2d194a8acef51dcd0b21a341eb04a87880fd0a401aeeab8b4fdd34e06cecce1b
ALZip 8.51 Buffer Overflow
Posted Jul 31, 2017
Authored by James Lee

ALZip version 8.51 suffers from buffer overflow and file creation vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | c12e8fcc5c3c680d7dde2ca1257975ec8e0e2540c23524db4d6266b0322dd514
vorbis-tools oggenc 1.4.0 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

The wav_open function in oggenc/audio.c in vorbis-tools version 1.4.0 can cause a denial of service (memory allocation error) via a crafted wav file.

tags | exploit, denial of service
SHA-256 | 842a04f4decc33b5213edeb39b31fccf5962ed48f9b3b5285d2bc91479c0f279
Red Hat Security Advisory 2017-1833-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1833-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.3112.78. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000
SHA-256 | ad472c82dc102ba322984772143f99c483ca21f4adddbeb37cb9a6d3f0ecdd3e
DivFix++ 0.34 Denial Of Service
Posted Jul 31, 2017
Authored by qflb.wu

DivFix++ version 0.34 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a846092067346222e8d5593d32693e3acab6715c2e2ab5b4dd74c2f099b968f2
Red Hat Security Advisory 2017-1833-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1833-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.3112.78. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000
SHA-256 | 1353fd8d2deddb910e8700dee9e46a94525d8a937157e32db4ea34204c38bf58
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close