exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

Files Date: 2020-04-16

Microsoft Windows Unquoted Service Path Privilege Escalation
Posted Apr 16, 2020
Authored by h00die, sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some software such as OpenVPN 2.1.1, OpenSSH Server 5, and others have the same problem.

tags | exploit
systems | windows
MD5 | 651248f88c9a58a75f48fa67abb2c31a
Packet Fence 10.0.0
Posted Apr 16, 2020
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added support for network anomaly detection through Fingerbank. New, fully integrated PacketFence PKI service. New service for automatic clustering issue resolution. New GUI for all filtering engines and switch templates. New API and Vue.js based step-by-step configurator. Added VMware Airwatch support. Various other enhancements.
tags | tool, remote
systems | unix
MD5 | 3951038b8ab7f21c80c519d33238682f
Nexus Repository Manager 3.21.1-01 Remote Code Execution
Posted Apr 16, 2020
Authored by Alvaro Munoz, wvu | Site metasploit.com

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.

tags | exploit, java
advisories | CVE-2020-10199
MD5 | a12c5c9c2a03e92f9658005e463fde70
Red Hat Security Advisory 2020-1493-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1493-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, denial of service, heap overflow, and null pointer vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-14895, CVE-2019-14901, CVE-2019-15031, CVE-2019-15099, CVE-2019-15666, CVE-2019-19922, CVE-2019-20054, CVE-2019-20095, CVE-2019-5108
MD5 | d23a11d29af809a4480f6714ad12414d
Red Hat Security Advisory 2020-1488-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1488-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | 663d6a16113565563d367a53a7ec16ee
Red Hat Security Advisory 2020-1489-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1489-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | c4d789c7db4a838a4dd734ccf1327636
Red Hat Security Advisory 2020-1487-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1487-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.92. Issues addressed include an out of bounds read vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6423, CVE-2020-6430, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, CVE-2020-6448, CVE-2020-6454, CVE-2020-6455, CVE-2020-6456
MD5 | 85b19248c553a606ac1aef4b395ef869
Red Hat Security Advisory 2020-1486-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1486-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2020-5208
MD5 | 46effd0fbc43ec0fb17e7586892db4d4
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close