what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

Files Date: 2020-04-16

Microsoft Windows Unquoted Service Path Privilege Escalation
Posted Apr 16, 2020
Authored by h00die, sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some software such as OpenVPN 2.1.1, OpenSSH Server 5, and others have the same problem.

tags | exploit
systems | windows
MD5 | 651248f88c9a58a75f48fa67abb2c31a
Packet Fence 10.0.0
Posted Apr 16, 2020
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added support for network anomaly detection through Fingerbank. New, fully integrated PacketFence PKI service. New service for automatic clustering issue resolution. New GUI for all filtering engines and switch templates. New API and Vue.js based step-by-step configurator. Added VMware Airwatch support. Various other enhancements.
tags | tool, remote
systems | unix
MD5 | 3951038b8ab7f21c80c519d33238682f
Nexus Repository Manager 3.21.1-01 Remote Code Execution
Posted Apr 16, 2020
Authored by Alvaro Munoz, wvu | Site metasploit.com

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.

tags | exploit, java
advisories | CVE-2020-10199
MD5 | a12c5c9c2a03e92f9658005e463fde70
Red Hat Security Advisory 2020-1493-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1493-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, denial of service, heap overflow, and null pointer vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-14895, CVE-2019-14901, CVE-2019-15031, CVE-2019-15099, CVE-2019-15666, CVE-2019-19922, CVE-2019-20054, CVE-2019-20095, CVE-2019-5108
MD5 | d23a11d29af809a4480f6714ad12414d
Red Hat Security Advisory 2020-1488-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1488-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | 663d6a16113565563d367a53a7ec16ee
Red Hat Security Advisory 2020-1489-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1489-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | c4d789c7db4a838a4dd734ccf1327636
Red Hat Security Advisory 2020-1487-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1487-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.92. Issues addressed include an out of bounds read vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6423, CVE-2020-6430, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, CVE-2020-6448, CVE-2020-6454, CVE-2020-6455, CVE-2020-6456
MD5 | 85b19248c553a606ac1aef4b395ef869
Red Hat Security Advisory 2020-1486-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1486-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2020-5208
MD5 | 46effd0fbc43ec0fb17e7586892db4d4
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    2 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    21 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close