what you don't know can hurt you

Recent Files

Files RSS Feed
Internet Explorer jscript9.dll Memory Corruption
Posted May 13, 2021
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

tags | exploit, arbitrary
systems | windows
Ubuntu Security Notice USN-4952-1
Posted May 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4952-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
Ubuntu Security Notice USN-4932-2
Posted May 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4932-2 - USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
Firefox 72 IonMonkey JIT Type Confusion
Posted May 13, 2021
Authored by deadlock

Firefox 72 IonMonkey JIT type confusion exploit.

tags | exploit
ScadaBR 1.0 / 1.1CE Windows Shell Upload
Posted May 13, 2021
Authored by Fellipe Oliveira

ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.

tags | exploit, shell
systems | windows
Microsoft Internet Explorer 8/11 Use-After-Free
Posted May 13, 2021
Authored by deadlock

Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.

tags | exploit
ScadaBR 1.0 / 1.1CE Linux Shell Upload
Posted May 13, 2021
Authored by Fellipe Oliveira

ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.

tags | exploit, shell
systems | linux
OpenPLC WebServer 3 Remote Code Execution
Posted May 13, 2021
Authored by Fellipe Oliveira

OpenPLC WebServer version 3 authentication remote code execution exploit.

tags | exploit, remote, code execution
Dental Clinic Appointment Reservation System 1.0 SQL Injection
Posted May 13, 2021
Authored by Mesut Cetin

Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.

tags | exploit, remote, vulnerability, sql injection
ZeroShell 3.9.0 Remote Command Execution
Posted May 13, 2021
Authored by Fellipe Oliveira

ZeroShell version 3.9.0 remote command execution exploit.

tags | exploit, remote
Packet Fence 10.3.0
Posted May 13, 2021
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: New features include Static routes management via admin gui, Aruba CX support, Aruba 2930M Web Authentication and Dynamic ACL support, Meraki DPSK support, Ruckus DPSK support, and more.
tags | tool, remote
systems | unix
Windows Container Manager Service CmsRpcSrv_MapNamedPipeToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.

tags | exploit
ExifTool DjVu ANT Perl Injection
Posted May 12, 2021
Authored by Justin Steven, William Bowling | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.

tags | exploit, shell, perl
Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.

tags | exploit
Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.

tags | exploit
Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.

tags | exploit, arbitrary
Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution
Posted May 12, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
Red Hat Security Advisory 2021-1547-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1547-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2021-1546-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1546-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
Ubuntu Security Notice USN-4951-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4951-1 - Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement.

tags | advisory
systems | linux, ubuntu
Ubuntu Security Notice USN-4949-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4949-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-4948-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4948-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-4950-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4950-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
Red Hat Security Advisory 2021-1544-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1544-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2021-1540-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
View Older Files →

Recent News

News RSS Feed
Hackers Leverage Adobe Zero Day Bug Impacting Adobe Reader
Posted May 12, 2021

tags | headline, hacker, flaw, adobe, zero day
CISA Warns Over FiveHands File-Encrypting Malware Variant
Posted May 12, 2021

tags | headline, malware, cybercrime, fraud, cryptography
Washington DC Police Allegedly Offered $100k To Hackers To Stop Leak
Posted May 12, 2021

tags | headline, hacker, government, privacy, malware, usa, data loss
AWS Configuration Issues Lead To Exposure Of 5 Million Records
Posted May 12, 2021

tags | headline, privacy, amazon, data loss, flaw
Vulnerability Attacks Weakness In Microsoft Azure VM Extensions
Posted May 11, 2021

tags | headline, hacker, microsoft, flaw
Colonial Pipeline Ransomware Attack: Everything You Need To Know
Posted May 11, 2021

tags | headline, malware, cybercrime, fraud, cyberwar, cryptography
Lemon Duck Cryptojacking Botnet Changes Up Tactics
Posted May 11, 2021

tags | headline, malware, botnet
Finance Giant Plaid Paid People $500 For Their Employer Payroll Logins
Posted May 11, 2021

tags | headline, privacy, bank, data loss, fraud, password
Major U.S. Pipeline Crippled In Ransomware Attack
Posted May 10, 2021

tags | headline, malware, cybercrime, fraud, cryptography
Justice Department Quietly Seized Washington Post Reporters' Phone Records During Trump Era
Posted May 10, 2021

tags | headline, government, privacy, usa, phone, russia, spyware
View More News →

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close