Showing 1 - 16 of 16

Files Date: 2018-05-17

AF_PACKET packet_set_ring Privilege Escalation: Posted May 17, 2018; Authored by Brendan Coles, Andrey Konovalov | Site metasploit.com; This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.; tags | exploit, kernel, root; systems | linux, ubuntu; advisories | CVE-2017-7308; SHA-256 | 7b4f48c24e371972810721c416bade431b286fec0e3a136c171f4ecb92af8692; Download | Favorite | View

Red Hat Security Advisory 2018-1609-01: Posted May 17, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1609-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. Issues addressed include a privilege escalation vulnerability.; tags | advisory, java; systems | linux, redhat; advisories | CVE-2016-8656, CVE-2016-8657; SHA-256 | 81f5ab6bbe3c288da5788fe603447f302cec9bd2a7e2d9c7e23024337456cad5; Download | Favorite | View

Slackware Security Advisory - php Updates: Posted May 17, 2018; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues.; tags | advisory, php; systems | linux, slackware; advisories | CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549; SHA-256 | d1aa5a62111a07197a2aaccfb382dbb33114dcf775f441d2e865493d97ae346a; Download | Favorite | View

Intelbras NCLOUD 300 1.0 Authentication Bypass: Posted May 17, 2018; Authored by Pedro Aguiar; Intelbras NCLOUD 300 version 1.0 suffers from an authentication bypass vulnerability.; tags | exploit, bypass; advisories | CVE-2018-11094; SHA-256 | c0b2d400e49ff299100c1fc673ba05c78e1e22446fb3832ba3efe604e0003060; Download | Favorite | View

Red Hat Security Advisory 2018-1607-01: Posted May 17, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1607-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0. Issues addressed include a code execution vulnerability.; tags | advisory, java, code execution; systems | linux, redhat; advisories | CVE-2017-12149; SHA-256 | 0b9cc24c539472cc37d25940db03c9b6a46a9a8e7eee652e38751c575832d809; Download | Favorite | View

Red Hat Security Advisory 2018-1593-01: Posted May 17, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1593-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2017-12155, CVE-2018-1000115; SHA-256 | 152b29ed1fc7877b224d7421750f311465cf5de3926f88af2eb5b25c7f3447e0; Download | Favorite | View

Slackware Security Advisory - curl Updates: Posted May 17, 2018; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.; tags | advisory; systems | linux, slackware; advisories | CVE-2018-1000300, CVE-2018-1000301; SHA-256 | 995df06ea509e3ba0623ef636ade9ddadf80140e6d9d607242983d794e83bac1; Download | Favorite | View

Nanopool Claymore Dual Miner 7.3 Remote Code Execution: Posted May 17, 2018; Authored by ReverseBrain; Nanopool Claymore Dual Miner version 7.3 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2018-1000049; SHA-256 | 53609dc34126d348a5caadd8991b65475a0d5a9df21934fb6121d47c9df2b23f; Download | Favorite | View

Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery: Posted May 17, 2018; Authored by t4rkd3vilz; Powerlogic/Schneider Electric IONXXXX Series suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; advisories | CVE-2016-5809; SHA-256 | cbfadb4f6124af0d04a94c69b20b073ca62f7db4a2dc725a2377d3bf720c262f; Download | Favorite | View

Red Hat Security Advisory 2018-1608-01: Posted May 17, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1608-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for JBoss invoker in Red Hat JBoss Enterprise Application Platform 5.2.0. Issues addressed include a code execution vulnerability.; tags | advisory, java, code execution; systems | linux, redhat; advisories | CVE-2017-12149; SHA-256 | 36eb1033325725ffeeae126499491998e537e07309b7bad0357e9748cfa7387e; Download | Favorite | View

Red Hat Security Advisory 2018-1593-01: Posted May 17, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1593-01 - Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2017-12155, CVE-2018-1000115; SHA-256 | 152b29ed1fc7877b224d7421750f311465cf5de3926f88af2eb5b25c7f3447e0; Download | Favorite | View

SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection: Posted May 17, 2018; Authored by Borna Nematzadeh; SuperCom Online Shopping Ecommerce Cart 1 suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection, csrf; SHA-256 | fa826216901fe5358126b5e3b35d5aaaf8215eae09454a01da916568498f33ea; Download | Favorite | View

NodAPS 4.0 Cross Site Request Forgery / SQL Injection: Posted May 17, 2018; Authored by Borna Nematzadeh; NodAPS version 4.0 suffers from cross site request forgery and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection, csrf; SHA-256 | 5e77b51a868cbd53c3a7643bc0b4f70c3c7bf616e963ca796d9a818ad5853e41; Download | Favorite | View

Red Hat Security Advisory 2018-1605-01: Posted May 17, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1605-01 - Red Hat OpenStack Platform Operational Tools provides the facilities for monitoring a private or public Red Hat OpenStack Platform cloud. collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. Security fix: collectd: double free in csnmp_read_table function in snmp.c.; tags | advisory; systems | linux, redhat; advisories | CVE-2017-16820; SHA-256 | 6b52920846053a63aee72c41ceb0f57b8c3b419aaf4a351a62eab41155b4bf82; Download | Favorite | View

Red Hat Security Advisory 2018-1606-01: Posted May 17, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1606-01 - Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Security fix: Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text. For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Issues addressed include a failed redaction issue.; tags | advisory; systems | linux, redhat; advisories | CVE-2018-1000060; SHA-256 | 45e99473cc6898aca3f57360cc0eb1aacd5d41ec12447f5148adf26ed2382d7e; Download | Favorite | View

Debian Security Advisory 4202-1: Posted May 17, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.; tags | advisory; systems | linux, debian; advisories | CVE-2018-1000301; SHA-256 | 90a8bd88a40752bf5d9068f391d79df7a3cd320bafb58ab2092469b30f208678; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Files Date: 2018-05-17

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems