exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2020-05-12

Ubuntu Security Notice USN-4353-2
Posted May 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4353-2 - USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-12392, CVE-2020-12394
SHA-256 | 2ad6c6f21676c8432c028bb99a830683e79e2514839c0c7e020b5d17aeaa07ed
Red Hat Security Advisory 2020-2117-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2117-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include file overwrite and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10696, CVE-2020-8945
SHA-256 | 5944b7f5075e90779cb4a1259685235624c7f4a0a9aef1002db944795d4e2225
Clam AntiVirus Toolkit 0.102.3
Posted May 12, 2020
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Multiple security issues have been addressed. A couple additional bug fixes have been applied.
tags | tool, virus
systems | unix
advisories | CVE-2020-3327, CVE-2020-3341
SHA-256 | ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Posted May 12, 2020
Authored by Brendan Coles, Chris Lyne | Site metasploit.com

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).

tags | exploit, arbitrary, local, tcp
systems | windows
advisories | CVE-2019-3999
SHA-256 | 12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319
Netsweeper WebAdmin unixlogin.php Python Code Injection
Posted May 12, 2020
Authored by wvu | Site metasploit.com

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.

tags | exploit, root, php, python
systems | linux, centos
SHA-256 | dcae513897070a9218f0bedaca27c407e24184902dfdcf5421907f51081acf14
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution
Posted May 12, 2020
Authored by wvu, F-Secure | Site metasploit.com

This Metasploit module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.

tags | exploit, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-11651, CVE-2020-11652
SHA-256 | 8a5e7d31040e1c21ab99f881d936f3d17aadab8f8786980255feab1b1b628534
Adobe DNG SDK Memory Corruption
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.

tags | exploit
SHA-256 | 5e0cb4cf3dda82ee681cc340b6ee9c3fd167c5e730a49ac40effd6914c779db6
Adobe DNG SDK dng_lossless_decoder::DecodeImage Out-Of-Bounds Read
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.

tags | exploit, arbitrary
SHA-256 | 10f9d909a875c4ab314d16a0b9077d0dc02afff41825b02a198cf4fd6e780afd
Red Hat Security Advisory 2020-2116-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2116-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include a file overwrite vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10696, CVE-2020-1702
SHA-256 | 2a226335bce3fad5ce8862d10b30050a43eb4dc8c72a66263f726842da26ad4a
Ubuntu Security Notice USN-4355-1
Posted May 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4355-1 - PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-11931
SHA-256 | f89ac9f3c1fcc6d7de8801e0741e6d014ce643cf7b4fbe897dbd51b69a85ad9c
Red Hat Security Advisory 2020-2081-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2081-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236
SHA-256 | 53767ad5352ed20cb8ca7c3918fe2dda72fa748930d38fe6c8f1a01451dc060f
LanSend 3.2 Buffer Overflow
Posted May 12, 2020
Authored by gurbanli

LanSend version 3.2 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | aea9ad2b46bc92ead403dc4a49108f5c7b285ef6a058e44d905615a2e913ba0f
Red Hat Security Advisory 2020-2082-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2082-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, memory leak, null pointer, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2017-18595, CVE-2019-19768, CVE-2020-10711
SHA-256 | 438552c618e8448c249b09fd48a41683780f74a25b518e02c76eaa8a1fe4f389
qdPM 9.1 Arbitrary File Upload
Posted May 12, 2020
Authored by Besim Altinok, Ismail Bozkurt

qdPM version 9.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875
Red Hat Security Advisory 2020-2068-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | 87966f1f0dcdbef82c708d2e11bbdf46353bf73a365411cf42ea50c58ea945dd
Cisco Digital Network Architecture Center 1.3.1.4 Cross Site Scripting
Posted May 12, 2020
Authored by Dylan Garnaud, Benoit Malaboeuf

Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
advisories | CVE-2019-15253
SHA-256 | b79e78cd34f779177fdeb2527036085286faae53fc72ed9b3b21853e608b7b38
Red Hat Security Advisory 2020-2085-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2085-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include double free, null pointer, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-18595, CVE-2019-19768, CVE-2020-10711
SHA-256 | 1da5837554e325f987c40003b0a17d619fa93c955d1672b81131b48541ccb998
CuteNews 2.1.2 Authenticated Shell Upload
Posted May 12, 2020
Authored by Vigov5

CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 1bf71f9d33300d7dc2cc4132c6b15db181f3b4df8f6712432611c28b8929c56a
Red Hat Security Advisory 2020-2113-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2113-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for the Undertow package in Red Hat Single Sign-On 7.3.8. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-14371, CVE-2019-10174, CVE-2020-6950
SHA-256 | 26efab94d24870b9ab7810a8bd4a6b16d6f150f94c6d348c6eb4606ad8bf0c9f
Red Hat Security Advisory 2020-2112-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2112-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, information leakage, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2019-10172, CVE-2019-14900, CVE-2019-17573, CVE-2020-1695, CVE-2020-1718, CVE-2020-1719, CVE-2020-1724, CVE-2020-1757, CVE-2020-1758, CVE-2020-7226
SHA-256 | cc25bf894d12d246c2a3f85d3a74da7c30344c59ca8d3e461341a2ae169d64d6
Kerberos: Achieving Command Execution Using Silver Tickets
Posted May 12, 2020
Authored by Haboob Team

Whitepaper called Kerberos: Achieving Command Execution Using Silver Tickets.

tags | paper
SHA-256 | 83cd3b8ff1c0604296dc343f1d6082284f701d9ad005d072d420258dfcc14ab5
Red Hat Security Advisory 2020-2108-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2108-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
SHA-256 | 5edb2247cdeab3fa4150ea254918bb506fc07b138b4f1d06fda1e55d9770a09d
Red Hat Security Advisory 2020-2106-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2106-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
SHA-256 | fbf785a9c43f0e6569e247edd1c52b25ef1e2189473f712011893953db6a523d
macOS 320.whatis Script Privilege Escalation
Posted May 12, 2020
Authored by Csaba Fitzl

macOS 320.whatis Script suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | e578f65b68fcf2548e910793e37c196e060d6250ff94cec53221209d10a3ca20
Red Hat Security Advisory 2020-2107-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2107-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
SHA-256 | d0a4b775eee67f93fddb98238afbecc709605a831e21690397f64ea7095fb680
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close