Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
f9daa3938a428933d87d2f38eacb02277da3445ce8d514999769195bbafa2057Virtuozzo Power Panel (VZPP) and Automator version 6.1.2 suffers from a buffer over-read vulnerability.
7be26c32161b9c5bdd16002cd161843f760e5431f129b4470ea901ed6ebe8986Lepide Auditor Suite suffers from a createdb() web console database injection remote code execution vulnerability.
462ffdb5d3af8b3ae934289941c334f34e94bc504a64e25a18c7caf15d6b2b24This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds are available from goautodial.org. Currently, the hardcoded command injection payload is an encoded reverse-tcp bash one-liner and the handler should be setup to receive it appropriately.
94721ce87cbcec20c3b6fb430d3119351af84675d49a97004d25f1efe7edfa5dPDNS Manager from Git master 3bf4e28 (2016-12-12) through 2bb00ea (2017-05-22) suffer from a remote command execution vulnerability.
4cb7a145d0b426916656de00ed970ff40d01438a3a5fda816ce6c6a34d716786IoT mDNS/DNS-SD QM amplification distributed denial of service exploit.
829d5b4b9383437aaeac7661f98d63ab35d4e672ae7ecb5b1326d2ff6c60dbc1rpcinfo portmap DUMP call amplification distributed denial of service exploit.
f4c72483776e35cbdaa2e0c400929b80a1b74c705cb72a50c5e2b790ff8dd263Red Hat Security Advisory 2017-1682-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator built with Network Block Device Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server.
18a519924fa584c24f05625223d5a771d0270edaa219c73b508dc67762f9135bRed Hat Security Advisory 2017-1681-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: Quick Emulator built with Network Block Device Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server.
6a0f0db85d0b3ab11f750d9cd2a542ddc3b81e51f32d439a7ae926d97d30b9a3Red Hat Security Advisory 2017-1680-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.
ae6f1d26e065f8c55d963620aa808f7d613ede3c6c4756db295cb2df8c1ef7a0Red Hat Security Advisory 2017-1679-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.
3ebff34db87fde92646e5a398e546eebc9e1e0a93bcbd0c13de2e9b93373c4c0Red Hat Security Advisory 2017-1678-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.
92dc2804c54c12caa0fcc7c0463d985618fd0263c14dbf07a2a9d646635de31cRed Hat Security Advisory 2017-1677-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.
6a2a2bbb20f6e4a8d8c3e38008887bf59099e8071cb8e8af51234ac3b21fa488Gentoo Linux Security Advisory 201707-1 - Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Versions less than 3.4.0 are affected.
0623e4d3abca09377537db725ce4ff922ab591a92df4341620aa94a4e2072b3c67 bytes small Linux/x86 reverse TCP shellcode.
d6dc1cae7a2cc667976e1d4e52e97ec06499a822f1dcca007550bc4aef67c23b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed