CVE-2017-1092

Related Files

Gentoo Linux Security Advisory 201710-17

Posted Oct 17, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-17 - Multiple vulnerabilities have been found in Xen, the worst of which may allow local attackers to escalate privileges. Versions less than 4.7.3 are affected.

tags | advisory, local, vulnerability

systems | linux, gentoo

advisories | CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10918, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922

SHA-256 | 9484e589a56881408d4c0766dd0c78bd8f82e19aea09b18a0919672dda99ea6b

Download | Favorite | View

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution

Posted Aug 22, 2017

Authored by securiteam | Site metasploit.com

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'new_home_page' parameter of the 'saveHomePage' method allowing arbitrary PHP code to be written to the config.php file. The config.php file is executed in most pages within the application, and accessible directly via the web root, resulting in code execution. This Metasploit module has been tested successfully on IBM OpenAdmin Tool 3.14 on Informix 12.10 Developer Edition (SUSE Linux 11) virtual appliance.

tags | exploit, remote, web, arbitrary, root, php, code execution

systems | linux, suse

advisories | CVE-2017-1092

SHA-256 | cb6e9a3b36f0f3954b25245916aa392a5a80294c27ec99178fffa5ccf236d183

Download | Favorite | View

Ubuntu Security Notice USN-3363-1

Posted Jul 24, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3363-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service

systems | linux, ubuntu

advisories | CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188, CVE-2017-11352, CVE-2017-11360, CVE-2017-11447, CVE-2017-11448, CVE-2017-11449, CVE-2017-11450, CVE-2017-11478, CVE-2017-9261, CVE-2017-9262, CVE-2017-9405, CVE-2017-9407, CVE-2017-9409, CVE-2017-9439, CVE-2017-9440, CVE-2017-9501

SHA-256 | 0d473eb083bcd86c94caf39c0fb9c06426aef9aa6f82ebc89985e654cd408cb1

Download | Favorite | View

Debian Security Advisory 3914-1

Posted Jul 18, 2017

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3914-1 - memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.

tags | advisory, denial of service, arbitrary

systems | linux, debian

advisories | CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188, CVE-2017-11360, CVE-2017-9439, CVE-2017-9440, CVE-2017-9500, CVE-2017-9501

SHA-256 | 0f034f310d2383ee144c6075970bf32287ef618568e6f3447ec99ae371fb0055

Download | Favorite | View

IBM Informix Dynamic Server DLL Injection / Code Execution

Posted May 31, 2017

Site securiteam.com

IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.

tags | exploit, overflow, php, vulnerability

advisories | CVE-2016-2183, CVE-2017-1092

SHA-256 | ac5d0ef0f10cad9d7b9a1524abc605c6815ee7dc5254833cf12c5cdbb411f95b

Download | Favorite | View