exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-09-06

Red Hat Security Advisory 2017-2669-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2669-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8839, CVE-2016-10088, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7533, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077
SHA-256 | e48d45b3299e25794baf01efaba70783d2cc37c96df4e1cb6cd794ff41e25ad0
Red Hat Security Advisory 2017-2665-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2665-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9265
SHA-256 | dbb8e5ff887b13c00ddd81935c1f2e73c939e1862f657cd32f27cfed814787a9
Red Hat Security Advisory 2017-2649-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2649-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. The following packages have been upgraded to a later upstream version: instack-undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2017-7549
SHA-256 | f1cf66a24c3b858623d5485c3174d54b7d05ab366eb7384c6deaf6eebecbed77
Red Hat Security Advisory 2017-2648-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2648-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this flaw to cause a remote DoS. In Open vSwitch, while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-9214, CVE-2017-9263, CVE-2017-9264, CVE-2017-9265
SHA-256 | a89207e2a95563240c607a5d5422b72c90ed390784fb1efbcfddd8431ef00b24
Red Hat Security Advisory 2017-2645-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2645-01 - Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: A cross-site scripting flaw was found in how an organization name is displayed in Satellite 5. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2017-7538
SHA-256 | 8a992e6dd8e54952cf48342e3ad578d56ba1d845d4c319843d490666ba635f7e
Ubuntu Security Notice USN-3410-2
Posted Sep 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3410-2 - USN-3410-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that the GD Graphics Library incorrectly A handled certain malformed PNG images. A remote attacker could use this A issue to cause the GD Graphics Library to crash, resulting in a denial A of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | 5f6af102e745a7efbde4209d2f971a4b18d9b2a59182e9dc21150660abdb9939
Ubuntu Security Notice USN-3410-1
Posted Sep 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3410-1 - It was discovered a double-free vulnerability in GD library. A remote attacker could write arbitrary values in memory spaces or made programs to crash.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | 14fc988aa2ac0d1a59fd89c749d2eaa1e34b6ce8dd8d2d767dc92aca1ca4390f
Red Hat Security Advisory 2017-2638-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2638-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.17. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

tags | advisory, remote, web, arbitrary, udp, tcp
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-5664, CVE-2017-7525
SHA-256 | 148f1b5b157bb85b98e7fc15fbd63bb479cc20446692ce26b0423ee096234e56
Red Hat Security Advisory 2017-2637-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2637-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

tags | advisory, java, remote, arbitrary, udp, tcp
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-5664, CVE-2017-7525
SHA-256 | 34b7987ca7a0081dd32bf5d091ad597a3a30a88a1adc46d70b82c05b55ec0b73
Red Hat Security Advisory 2017-2635-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2635-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

tags | advisory, java, remote, arbitrary, udp, tcp
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-5664, CVE-2017-7525
SHA-256 | 98a346cb549f75e737c9f822095d637e791aba17b8c506b7ef6f23549bc4bcd1
Ubuntu Security Notice USN-3411-1
Posted Sep 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3411-1 - Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | 1cd6ecc4d0c2f2a2272daab0fc85768c17ed8a7f56b2b81b5bb39734a54dbc27
Red Hat Security Advisory 2017-2596-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2596-01 - Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix: Multiple object deserialization flaws were discovered in the MethodClosure class in Groovy. A specially crafted serialized object deserialized by an application using the Groovy library could cause the application to execute arbitrary code.

tags | advisory, java, arbitrary, python, ruby
systems | linux, redhat
advisories | CVE-2015-3253, CVE-2016-6814
SHA-256 | 9a3fe90d165c0f480786cf6cfcb7b902170219f6b47a31b1d9f3126027706526
WordPress Gym Management System 07-05-2017 Code Execution / Cross Site Scripting
Posted Sep 6, 2017
Authored by 8bitsec

WordPress Gym Management System versions 07-05-2017 and below suffer from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
SHA-256 | 9efa019c1cb620e30e7a52c8ef49d39c2f643c366a86adc046a9b08d976e3754
WordPress Ads Pro 3.4 Cross Site Scripting / SQL Injection
Posted Sep 6, 2017
Authored by 8bitsec

WordPress Ads Pro plugin versions 3.4 and below suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 5001a2df25b2d3215d089d2ac91b25d0b038d813923b7691e688c609af5e99c8
FiberHome Unauthenticated ADSL Router Factory Reset
Posted Sep 6, 2017
Authored by Ibad Shah

FiberHome suffers from an unauthenticated ADSL router factory reset vulnerability.

tags | exploit, bypass
advisories | CVE-2017-14147
SHA-256 | f551008561f7bbf94967cb06dab25dca8114151ace31bc1ba50b3bc12f82f2ea
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close