what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-10-18

Suricata IDPE 4.0.1
Posted Oct 18, 2017
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This is regular bug fix release fixing various issues. Also added is much improved Napatech support.
tags | tool, intrusion detection
systems | unix
SHA-256 | 0e73edb2911791644d82a62ab4f75517bbed339c0f21aadc0eb307b313643885
Microsoft Windows GDFMaker 6.3.9600.16384 XXE Injection
Posted Oct 18, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows Game Definition File Editor (GDFMaker) version 6.3.9600.16384 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
systems | windows
SHA-256 | 10f87d3d1b9071caa4665070b4aa0e2d5a5dea176d6602bf53f8a85c7ceff9c0
WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption
Posted Oct 18, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ has had numerous security vulnerabilities addressed including arbitrary code execution, memory corruption, cookie theft, and various other issues.

tags | advisory, arbitrary, vulnerability, code execution
advisories | CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142
SHA-256 | 3a18e3f692c17224ea98fd036f7468cb2c7bfb6852fc969ed1c8f78cbe39dd1d
Apache Solr 7.0.1 XXE Injection / Code Execution
Posted Oct 18, 2017
Authored by Michael Stepankin, Olga Barinova

Apache Solar version 7.0.1 suffers from XML external entity injection and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xxe
advisories | CVE-2017-12629
SHA-256 | 329a2e9c8a0283ae00e021c2cda2241153ca88f96329701ff8bb3b1e24590293
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation
Posted Oct 18, 2017
Authored by Mark Wadham

Hashicorp vagrant-vmware-fusion versions 4.0.24 and below suffer from a local privilege escalation vulnerability. This is the same issue that affected the last version but the vendor failed to properly address the issue.

tags | exploit, local
advisories | CVE-2017-12579
SHA-256 | 2cb26079ab06ec8a05cd23e2aa7f7c6eade23fa70488b78f51502f1080d09a9c
Slackware Security Advisory - xorg-server Updates
Posted Oct 18, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187
SHA-256 | 00701a59a7ccfacff5f0b7c265dffab9bcd8df28608126b39ede7a33588c1267
Slackware Security Advisory - wpa_supplicant Updates
Posted Oct 18, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
SHA-256 | f7c456a7cfe81d5c9734a699a0a652dab3b12565a843c373d120f438a762b7de
Slackware Security Advisory - libXres Updates
Posted Oct 18, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libXres packages are available for Slackware 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1988
SHA-256 | ba4dee4196f1fd0039a52c066dad8f5928def70d4e1cdb78f9f3eece879723cc
Red Hat Security Advisory 2017-2913-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2913-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-tough-cookie. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2017-15010
SHA-256 | 207c9f5b3bfa8096b0ad3099446383171cdc1c188392fa25bf0c7d8733b6f491
Red Hat Security Advisory 2017-2912-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2912-01 - Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs-tough-cookie. Security Fix: Regular expression denial of service flaws were found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2016-1000232, CVE-2017-15010
SHA-256 | 15d05375027e414524dfcc71c88c277757bdd2644e884d5051db86ec3f021974
Red Hat Security Advisory 2017-2911-01
Posted Oct 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2911-01 - The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix: A new exploitation technique called key reinstallation attacks affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087
SHA-256 | ddcbb28cce8084e45243003d804c9765d7684845b992495ebc4aa25bdd7ef4af
Faraday 2.6.3
Posted Oct 18, 2017
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Updated Core Impact plugin to be compatible with 2016 version. Improved loading of fields request and website in Burp Plugin. Improved Nexpose Full plugin. Improved Acunetix plugin to avoid conflicts and missing imported data, and to correctly parse URLs and resolutions.
tags | tool, rootkit
systems | unix
SHA-256 | 8749dfb5916b82c6da453895e037b3417086d95623477cd4ab68ec4a0829ccf1
Career Portal 1.0 SQL Injection
Posted Oct 18, 2017
Authored by 8bitsec

Career Portal version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bb6523f38398e0d0f2e8e2af045462b6396038ed7689b6fab9425b758ff4f02a
WordPress Car Park Booking SQL Injection
Posted Oct 18, 2017
Authored by 8bitsec

WordPress Car Park Booking plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c86b381b1f4fd169219a8b898ead95fb7b0d6c40c0ed205f45b21138b4f9705f
Microsoft Security Bulletin CVE Revision Increment For October, 2017
Posted Oct 18, 2017
Site microsoft.com

This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-13080
SHA-256 | 1b927278ff93e0ef884d0b2ecb9b3c9214f1647b82ce8f6a2c763f4196246afd
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close