what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-05-18

Ubuntu Security Notice USN-3291-2
Posted May 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3291-2 - USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific processors and cloud environments. Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7187, CVE-2017-7261, CVE-2017-7294, CVE-2017-7616
SHA-256 | f3e4d664cf8dd366e7bc5377123017cb95774c649163d1560d36a4167521a917
Red Hat Security Advisory 2017-1244-01
Posted May 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1244-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-7466, CVE-2017-7481
SHA-256 | 3429392f5b616768d19c2fc020ae31066a385e1385c90e913e643e01d4c2354d
Ubuntu Security Notice USN-3294-1
Posted May 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3294-1 - Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local, root, bash
systems | linux, ubuntu
advisories | CVE-2016-0634, CVE-2016-7543, CVE-2016-9401, CVE-2017-5932
SHA-256 | f45d68112bea29f65c3632f3d6b8227dff94e29452d9f3d29a6943cc82cb3905
Gentoo Linux Security Advisory 201705-10
Posted May 18, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-10 - Multiple vulnerabilities have been found in various GStreamer plug-ins, the worst of which could lead to the execution of arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10198, CVE-2016-10199, CVE-2016-9445, CVE-2016-9446, CVE-2016-9447, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807, CVE-2016-9808, CVE-2016-9809, CVE-2016-9810, CVE-2016-9811, CVE-2016-9812, CVE-2016-9813, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5846, CVE-2017-5847, CVE-2017-5848
SHA-256 | d19fb23ad4b2fc831938cabf73b2d4c43a373684b58cd407603dc6b3dd74a9a7
Gentoo Linux Security Advisory 201705-09
Posted May 18, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-9 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to privilege escalation. Versions less than 8.0.36 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-1240, CVE-2016-3092, CVE-2016-8745, CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
SHA-256 | 32a00eece0fedfca7e3d14c18c552d78e1bb762223bc097962ee70ea1c994b64
Ubuntu Security Notice USN-3282-2
Posted May 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3282-2 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
SHA-256 | 381a844ee3689fe73678d40fd67fbc2171199e7f32ce028e5d209333cd1478b4
Red Hat Security Advisory 2017-1243-01
Posted May 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1243-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The following packages have been upgraded to a later upstream version: openstack-heat. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-2621
SHA-256 | dd27621d26447152cd4f853d16404c73aed82e00072c9f603f5916d6d4834afa
Red Hat Security Advisory 2017-1242-01
Posted May 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1242-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Security Fix: A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default listening on 0.0.0.0 with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.

tags | advisory, tcp
systems | linux, redhat
advisories | CVE-2017-2637
SHA-256 | eecef16882ecdf2172b246b4f29d0d0f92e0c5811271f7aaa1acd083f012a868
Ubuntu Security Notice USN-3291-3
Posted May 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3291-3 - USN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7187, CVE-2017-7261, CVE-2017-7294, CVE-2017-7616
SHA-256 | 51051069812c39150231d9de00741a7e6ac9e2c8090bb322423e78bcd9f7cdb2
Oracle PeopleSoft XML External Entity / SYSTEM Remote Code Execution
Posted May 18, 2017
Authored by Ambionics Security

Oracle PeopleSoft suffers from an XML external injection vulnerability that allows for SYSTEM remote code execution.

tags | exploit, remote, code execution, xxe
SHA-256 | 8ea1552b5500186fdceab51a03b9a96efe05ec0e67c4fb4ae2ab5916f021c96a
Microsoft Windows ROTFLAGS_ALLOWANYCLIENT Privilege Escalation
Posted May 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a running object table register ROTFLAGS_ALLOWANYCLIENT privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0214
SHA-256 | 36f03383066ee290d05c378c215e41fa232689f697acdd92d4113874ffffea27
AntiRansom 3.02
Posted May 18, 2017
Authored by YJesus | Site security-projects.com

AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.

Changes: Fixed bug in Windows 10 'Creators' that makes AR crash. This release **** IS ONLY **** for Windows 10 Creators.
tags | tool
systems | unix
SHA-256 | 6110204660b122d1b83ddbc61070444a402748acbee48f692ce097455dcc7ff3
MacOS Insecure Swap File
Posted May 18, 2017
Authored by Google Security Research, Ian Beer

It turns out that even with SIP enabled a regular root user can write to the swapfile under /private/var/vm/swapfile0 on MacOS.

tags | advisory, root
advisories | CVE-2017-2494
SHA-256 | b4a5ae1e05cc0033bf98b39a84490ae7a0a1f8afb83c82d664cc8ddd98121f80
Mosca Analysis Tool 0.08
Posted May 18, 2017
Authored by coolervoid

Mosca is a tool that checks code for poor security practices akin to using grep against it for static analysis.

Changes: Various updates.
tags | tool, scanner
systems | unix
SHA-256 | f2d4ce323a764eca8ee522395754f0d1108bc86ca247eda5c1ff1a0aa6a9f746
Apple iOS Notifications API Denial Of Service
Posted May 18, 2017
Authored by Sem Voigtlander, Joseph Shenton, Vincent Desmurs

Apple iOS versions prior to 10.3.2 suffer from a notifications API denial of service vulnerability.

tags | exploit, denial of service
systems | apple, ios
advisories | CVE-2017-6982
SHA-256 | 29027c75a282ced872743a26249f8bc6a1222243f76ab7a6119a4c5ad36931cf
Microsoft Windows COM Aggregate Marshaler/IRemUnknown2 Privilege Escalation
Posted May 18, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0213
SHA-256 | 7d9306b31056624843b7596903b03f2850b51e4cdcc0f3b35afc516f0af1bec5
Stealing Windows Credentials Using Google Chrome
Posted May 18, 2017
Authored by Bosko Stankovic

This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it.

tags | paper
systems | windows
SHA-256 | 88f2619b5a29a05dfc2991bd8091e6af81c3ee03407380cea432941cad18af7a
Microsoft Windows 32-bit / 64-bit cmd.exe Shellcode
Posted May 18, 2017
Authored by Filippo Bersani

718 byte small Microsoft Windows 32-bit/64-bit cmd.exe shellcode.

tags | shellcode
systems | windows
SHA-256 | d22926562b5b0ac2e30ac709b50939384bfa98eedfd49cbd8ba8c5e45f922b67
MobaXterm Personal Edition 10.2 Directory Traversal
Posted May 18, 2017
Authored by sultan albalawi

MobaXterm Personal Edition version 10.2 suffers from an FTP remote file disclosure issue via a directory traversal vulnerability.

tags | exploit, remote
SHA-256 | 3ef071b88d048e1d6052c21289b32d7747d76ff50bd3df20848ab244a6cccf23
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close