what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 45 RSS Feed

Files Date: 2017-12-12

MikroTik 6.40.5 Denial Of Service
Posted Dec 12, 2017
Authored by Hosein Askari

MikroTik version 6.40.5 kernel failure denial of service proof of concept exploit.

tags | exploit, denial of service, kernel, proof of concept
advisories | CVE-2017-17538
SHA-256 | 36f04caad4ac752ccca12cdf6117122b6b2396e310fadba93409a4509e2e9900
GRR 3.2.1.1
Posted Dec 12, 2017
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: The HTTPDatastore has been removed from GRR. GRR now supports MySQL out of the box (when installed from the server deb). Various other updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | c798a7e04fde047c322b64ac87b10d9b44c887327564be6cd62b5df1eadfa98c
MikroTik RouterBoard 6.39.2 / 6.40.5 DNS Denial Of Service
Posted Dec 12, 2017
Authored by Hosein Askari

MikroTik RouterBoard versions 6.39.2 and 6.40.5 DNS daemon denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2017-17537
SHA-256 | 88579439a2df3b04166fc4daa7d8edd3fdfa180e542fd56d1bc866fa43c3cc2a
Libraw 0.18.5 Denial Of Service
Posted Dec 12, 2017
Authored by Laurent Delosieres | Site secunia.com

Libraw version 0.8.15 suffers from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2017-16909, CVE-2017-16910
SHA-256 | edc5e60b75f274544b8c6f864088d7b512ec89fc5de9e0bcb020100658a95905
Debian Security Advisory 4058-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4058-1 - Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-1000229, CVE-2017-16938
SHA-256 | b84c1a921adc41bca979394f25eb0fe5dae0ff87622f79d61a9e6db554e19f04
Ubuntu Security Notice USN-3512-1
Posted Dec 12, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3512-1 - David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-3737, CVE-2017-3738
SHA-256 | a103b944d6f8a85749386afed57846e8edac57db3a95092b4bd3128777b3642f
Debian Security Advisory 4062-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4062-1 - It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.

tags | advisory, web
systems | linux, debian
advisories | CVE-2017-7843
SHA-256 | 79e6fa33d72f31becbc7e2b10a9a236b19e8b03007426e94a8f3eb202b023bb9
Debian Security Advisory 4061-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4061-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
SHA-256 | 172c96f61e24947755622149176d0f25a172d4a0fd3c02dbb07f0f536eae4917
Debian Security Advisory 4060-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4060-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

tags | advisory, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2017-11408, CVE-2017-13766, CVE-2017-17083, CVE-2017-17084, CVE-2017-17085
SHA-256 | baafb717d0e7867222f1233524c5fb4ed9a64ec234e5fccf38d9a6b0efdc6e24
Slackware Security Advisory - openssl Updates
Posted Dec 12, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-3737, CVE-2017-3738
SHA-256 | df944e02ba3ab7e2c344e82703dedcc6aaf7c147044b9875407518d20e3be9a5
FreeBSD Security Advisory - FreeBSD-SA-17:12.openssl
Posted Dec 12, 2017
Site security.freebsd.org

FreeBSD Security Advisory - Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. Various other issues were addressed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-3737, CVE-2017-3738
SHA-256 | bb3377d0fb3c1fc7d239e5446ade3da5c43af286b662042e0a558c54cd6d4ed5
Debian Security Advisory 4059-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4059-1 - It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2017-16612
SHA-256 | d7f9c24a8f07ce16763dcc954b7a6eb8900a35b776185c65a1fe94d1cc86b6b8
macOS / iOS Kernel IOSurfaceRootUserClient Double-Free
Posted Dec 12, 2017
Authored by Google Security Research, Ian Beer

macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.

tags | exploit, kernel
systems | cisco, ios
advisories | CVE-2017-13861
SHA-256 | 4314c9b3d4d919fbf8280f16f7d8de49f26550f782ad1c352b5a319dee587e69
macOS getrusage Stack Leak
Posted Dec 12, 2017
Authored by Jann Horn, Google Security Research

macOS suffers from a getrusage stack leak through struct padding.

tags | exploit
advisories | CVE-2017-13869
SHA-256 | f3c771e820e8f87d811a6417706be697870406b209dca5dce3bea7c2d48f9b1f
macOS necp_get_socket_attributes so_pcb Type Confusion
Posted Dec 12, 2017
Authored by Jann Horn, Google Security Research

macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.

tags | exploit
advisories | CVE-2017-13855
SHA-256 | f2be6f0616271669be7061d78a7fed3616c67d1ae20bdb5246c68bbfa933e85d
XNU Kernel Memory Corruption
Posted Dec 12, 2017
Authored by Google Security Research, Ian Beer

The XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms.

tags | exploit, overflow, kernel
advisories | CVE-2017-13876
SHA-256 | f7fc095e9ffc9005294cb0c5bdf1bae20905714fe9a1dccd5bb6d3e940f2bfd2
macOS / iOS IOTimeSyncClockManagerUserClient Use-After-Free
Posted Dec 12, 2017
Authored by Google Security Research, Ian Beer

macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.

tags | exploit, kernel, vulnerability
systems | cisco, ios
advisories | CVE-2017-13847
SHA-256 | 752bf8adfa42c1db21266f6817c3ff5c3ef4a4a157ab2fbb3882400fdc6fb035
macOS AppleIntelCapriController::GetLinkConfig Kernel Code Execution
Posted Dec 12, 2017
Authored by Google Security Research, Ian Beer

The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.

tags | exploit, kernel, code execution
advisories | CVE-2017-13875
SHA-256 | e6906ea2b28432c3baf84f42363204bf8884dc823824bf02ba0d05aa103772e9
macOS / iOS Kernel Double Free
Posted Dec 12, 2017
Authored by Google Security Research, Ian Beer

macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.

tags | exploit, kernel
systems | cisco, ios
advisories | CVE-2017-13867
SHA-256 | 0b5dfcc9863d0ed99660566f6392ccc4d9189ce7b6334fa7a00773db58a29596
XNU Kernel API Memory Disclosure
Posted Dec 12, 2017
Authored by Google Security Research, Ian Beer

There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn't a failure at writing a description.

tags | exploit, kernel
advisories | CVE-2017-13865
SHA-256 | ba49fa13feb0b9639612d9036d4af3a7b5d132687f6e588b7a54efb2a037d8ed
LibTIFF pal2rgb 4.0.9 Heap Overflow
Posted Dec 12, 2017
Authored by Jungun Baek

LibTIFF pal2rgb version 4.0.9 suffers from a heap buffer overflow.

tags | exploit, denial of service, overflow
advisories | CVE-2017-17095
SHA-256 | 486b62b720ef8bb312f7496bf8a372d21b851c675d409d0e2494af78258a9e14
Vanguard 1.4 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Vanguard version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4050fec86a07adc592c7299c588258f048bb826ca44a9118b6b5d7e1c39c9aab
Vanguard 1.4 Arbitrary File Upload
Posted Dec 12, 2017
Authored by Ihsan Sencan

Vanguard version 1.4 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 340dcf9e419ddec18c2ead2d41f2f2870ca3b82d0257efbb0a965d52e1d7ac79
Basic Job Site Script 2.0.5 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Basic Job Site Script version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 80baebb95e71ada1236a0c5b4a4a879d1d4f4d10da4e949b4df84ab9d4df3611
Resume Clone Script 2.0.5 SQL Injection
Posted Dec 12, 2017
Authored by Ihsan Sencan

Resume Clone Script version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 09e74ed1d5a067ee3ab3e2d475220b792c9359caa75c7655ae5b43dd269b0137
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close