what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-04-19

Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8593
SHA-256 | ad7e67926b83c12120e3c277cb7491ca34beb0d29e83be6e3165d8265314ea5b
WordPress Ultimate Form Builder Cross Site Scripting
Posted Apr 19, 2017
Authored by DefenseCode, Neven Biruski

WordPress Ultimate Form Builder plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 30c734953a6cfd9df5dcae72d534c2b88c1405d19bf866e0a857c0cb8bc6351b
OpenText Documentum Content Server Privilege Evaluation
Posted Apr 19, 2017
Authored by Andrey B. Panfilov

OpenText Documentum Content Server suffers from a privilege evaluation issue using crafted RPC save commands. Two proof of concepts included.

tags | exploit, proof of concept
advisories | CVE-2017-7220
SHA-256 | 580ee53cae3ceeb71bd5061ead172f398e5ed685fc4484fea0430f1ba5208097
Squirrelmail 1.4.22 Remote Code Execution
Posted Apr 19, 2017
Authored by Filippo Cavallarin

Squirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7692
SHA-256 | 4b0dc2d246cc3a9756582983ff8531774c490e3ea2b7ddb569f8e43f1a06c2dc
Slackware Security Advisory - minicom Updates
Posted Apr 19, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-7467
SHA-256 | 65ed27397a070cbe6e570a99ec7f60b265e6481a766dc4e473b659efcd02c532
Red Hat Security Advisory 2017-1095-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1095-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-3136, CVE-2017-3137
SHA-256 | c4571355414950b77877a51816a24f66565ec135fb82f79a4c69cf27e893d96d
Red Hat Security Advisory 2017-1097-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1097-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.0 serves as a replacement for Red Hat JBoss Data Grid 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-4970, CVE-2017-2638
SHA-256 | 1bd54df02b3b691ae55756f86658de99780ae24abd48d537e4ba901842bb0fa6
Dmitry 1.3a Local Stack Buffer Overflow
Posted Apr 19, 2017
Authored by Hosein Askari

Dmitry (Deepmagic Information Gathering Tool) version 1.3a suffers from a local stack buffer overflow vulnerability.

tags | exploit, overflow, local
advisories | CVE-2017-7938
SHA-256 | 014a2fe2f2202855bfad57c085ec71bcb8a2fd0c4311035acad667319a851c16
Microsoft RTF Remote Code Execution
Posted Apr 19, 2017
Authored by Bhadresh Patel

Microsoft RTF CVE-2017-0199 proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2017-0199
SHA-256 | 94860eb2041748a74ccdfe99ad24e8276e83a03535808e480542e01b7dde6104
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
Posted Apr 19, 2017
Authored by Jann Horn, Google Security Research

VirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.

tags | exploit, kernel
advisories | CVE-2017-3576
SHA-256 | f38ab6ac7db1ac5c9f60c3a076a685885892333cd88c3211cc5704218296d743
VirtualBox Guest-To-Host Out-Of-Bounds Write
Posted Apr 19, 2017
Authored by Jann Horn, Google Security Research

VirtualBox suffers from a guest-to-host out-of-bounds write via virtio-net.

tags | advisory
advisories | CVE-2017-3575
SHA-256 | 6ce8ba01f3d08279ba5be7564eae4a3179b9004819f77937f69394a783defd7b
WebKit operationSpreadGeneric Universal Cross Site Scripting
Posted Apr 19, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a universal cross site scripting vulnerability in operationSpreadGeneric.

tags | exploit, xss
SHA-256 | 6d9e305dd9fc16577996089d04a9e8ca38f2b5124a99b6df7e83db1c04d4e35e
Microsoft Windows IEETWCollector Arbitrary Directory / File Deletion Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2017-0165
SHA-256 | 430a53cd94edd4e0e498a42cca519bca58b5345139e6f34fe55a3fac5ac08ac8
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me | Site metasploit.com

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).

tags | exploit, cgi, vulnerability, bypass
advisories | CVE-2016-7547, CVE-2016-7552
SHA-256 | 035399021ac947492b961a04ac25a5a12f67bebc47e9858ba91b9e72dfccdc17
VirtualBox Host User To Host Kernel Privilege Escalation
Posted Apr 19, 2017
Authored by Jann Horn, Google Security Research

VirtualBox suffers from an unprivileged host user to host kernel privilege escalation vulnerability via environment and ioctl.

tags | exploit, kernel
advisories | CVE-2017-3561
SHA-256 | 5ae11d5da89c21fa2ec3f008d6534c457837c34c5f2d020a423a08192ddfde0a
VirtualBox Guest-To-Host Local Privilege Escalation
Posted Apr 19, 2017
Authored by Jann Horn, Google Security Research

VirtualBox suffers from a guest-to-host local privilege escalation vulnerability via broken length handling in slirp copy.

tags | exploit, local
advisories | CVE-2017-3558
SHA-256 | 79cd9c11d5258beceede4e3ea94c22037f513ff968d9ae2a19eeefa0afadf459
Red Hat Security Advisory 2017-0988-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0988-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | ebcca6155666f270a5597b98c7f537ba5ae9df4825a50bc8efbf6d0ff9163a4e
Red Hat Security Advisory 2017-0987-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0987-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | 644727d84aca416d3dd02e5d12fd3896099ec52380e4c5ba4156e4de68fa4cd4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close