what you don't know can hurt you

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-5073-2
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5073-2 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
Red Hat Security Advisory 2021-3556-01
Posted Sep 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3556-01 - Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements.

tags | advisory
systems | linux, redhat
Geutebruck instantrec Remote Command Execution
Posted Sep 17, 2021
Authored by Titouan Lazard, Ibrahim Ayadhi | Site metasploit.com

This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, overflow, cgi, root, code execution
Ubuntu Security Notice USN-5083-1
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5083-1 - It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, python
systems | linux, ubuntu
Windows Media Player 12.0.9600.19145 Improper Synchronization
Posted Sep 17, 2021
Authored by Ofir Moskovitch

Windows Media Player version 12.0.9600.19145 suffers from an improper synchronization vulnerability that cause a freeze or an exploitable buffer overrun crash and may potentially lead to code execution and information disclosure.

tags | advisory, overflow, code execution, info disclosure
systems | windows
Ubuntu Security Notice USN-5081-1
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5081-1 - It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
WordPress WooCommerce Booster 5.4.3 Authentication Bypass
Posted Sep 17, 2021
Authored by Sebastian Kriesten

WordPress WooCommerce Booster plugin version 5.4.3 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
Ubuntu Security Notice USN-5071-2
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5071-2 - USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 20.04 LTS for Ubuntu 18.04 LTS. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
Library Management System 1.0 SQL Injection
Posted Sep 17, 2021
Authored by Bobby Cooke, Adeeb Shah

Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
Ubuntu Security Notice USN-5082-1
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5082-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
Cloudron 6.2 Cross Site Scripting
Posted Sep 17, 2021
Authored by Akiner Kisa

Cloudron version 6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Ubuntu Security Notice USN-5080-2
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5080-2 - USN-5080-1 fixed several vulnerabilities in Libgcrypt. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.

tags | advisory, vulnerability
systems | linux, ubuntu
Simple Attendance System 1.0 SQL Injection
Posted Sep 17, 2021
Authored by Abdullah Khawaja

Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
Git git-lfs Remote Code Execution
Posted Sep 16, 2021
Authored by Dawid Golunski, jheysel-r7, space-r7 | Site metasploit.com

This Metasploit modules exploits a critical vulnerability in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, which allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository using a vulnerable Git version control tool.

tags | exploit, remote, code execution
systems | windows
GNU Privacy Guard 2.2.31
Posted Sep 16, 2021
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

Changes: Over a dozen bug fixes.
tags | tool, encryption
Red Hat Security Advisory 2021-3555-01
Posted Sep 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3555-01 - Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

tags | advisory
systems | linux, redhat
Ubuntu Security Notice USN-5080-1
Posted Sep 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5080-1 - It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.

tags | advisory
systems | linux, ubuntu
Ubuntu Security Notice USN-5078-2
Posted Sep 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5078-2 - USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
Microsoft Windows cmd.exe Stack Buffer Overflow
Posted Sep 16, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows cmd.exe suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
Impress CMS 1.4.2 Remote Code Execution
Posted Sep 16, 2021
Authored by Halit Akaydin

Impress CMS version 1.4.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
elFinder Archive Command Injection
Posted Sep 15, 2021
Authored by Shelby Pace, Thomas Chauchefoin | Site metasploit.com

elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and enables the execution of arbitrary commands as the www-data user.

tags | exploit, arbitrary, php
Ubuntu Security Notice USN-5079-2
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
Ubuntu Security Notice USN-5079-1
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
Red Hat Security Advisory 2021-3548-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
Red Hat Security Advisory 2021-3547-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3547-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

tags | advisory, kernel
systems | linux, redhat
View Older Files →

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close