Home / Exploit
black-hat-logo

Exploit

EXPLOIT DATABASE

PACKETSTORM DATABASE

  • 26 July 2017: MIMEDefang Email Scanner 2.80 - Files ≈ Packet Storm
    MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
  • 26 July 2017: Ubuntu Security Notice USN-3364-3 - Files ≈ Packet Storm
    Ubuntu Security Notice 3364-3 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
  • 25 July 2017: Ubuntu Security Notice USN-3365-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 3365-1 - It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.
  • 25 July 2017: Red Hat Security Advisory 2017-1802-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2017-1802-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.
  • 25 July 2017: Red Hat Security Advisory 2017-1801-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2017-1801-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.
  • 25 July 2017: WordPress FormCraft Form Builder 3.2.31 Cross Site Scripting - Files ≈ Packet Storm
    WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent cross site scripting vulnerability.
  • 25 July 2017: WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting - Files ≈ Packet Storm
    WordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.
  • 25 July 2017: Slackware Security Advisory - tcpdump Updates - Files ≈ Packet Storm
    Slackware Security Advisory - New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
  • 25 July 2017: Ubiquiti Networks Open Redirect - Files ≈ Packet Storm
    Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.
  • 25 July 2017: Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting - Files ≈ Packet Storm
    Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.
  • 25 July 2017: Kernel Live Patch Security Notice LSN-0026-1 - Files ≈ Packet Storm
    It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.
  • 25 July 2017: WebKit JSC ArgumentsEliminationPhase::transform Incorrect LoadVarargs Handling - Files ≈ Packet Storm
    WebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.
  • 25 July 2017: WebKit WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow - Files ≈ Packet Storm
    WebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.
  • 25 July 2017: WebKit WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free - Files ≈ Packet Storm
    WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.
  • 25 July 2017: WebKit WebCore::RenderObject Use-After-Free - Files ≈ Packet Storm
    WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.

CERT VULNERABILITY DATABASE

SECURITYFOCUS DATABASE