what you don't know can hurt you
Showing 1 - 25 of 39 RSS Feed

Files Date: 2020-05-12

Ubuntu Security Notice USN-4353-2
Posted May 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4353-2 - USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-12392, CVE-2020-12394
MD5 | 3245c740a022b08af03b652a81194a54
Red Hat Security Advisory 2020-2117-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2117-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include file overwrite and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10696, CVE-2020-8945
MD5 | a30805e65a6189698f194e65b261ae4d
Clam AntiVirus Toolkit 0.102.3
Posted May 12, 2020
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Multiple security issues have been addressed. A couple additional bug fixes have been applied.
tags | tool, virus
systems | unix
advisories | CVE-2020-3327, CVE-2020-3341
MD5 | 1577144c66f558fbd8ece3075ea2ac79
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Posted May 12, 2020
Authored by Brendan Coles, Chris Lyne | Site metasploit.com

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).

tags | exploit, arbitrary, local, tcp
systems | windows, 7
advisories | CVE-2019-3999
MD5 | c631ada55c0c2348cdd0af3ac42a8258
Netsweeper WebAdmin unixlogin.php Python Code Injection
Posted May 12, 2020
Authored by wvu | Site metasploit.com

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.

tags | exploit, root, php, python
systems | linux, centos
MD5 | f3a7e388a69ddecf6195fe24bcc68477
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution
Posted May 12, 2020
Authored by wvu, F-Secure | Site metasploit.com

This Metasploit module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.

tags | exploit, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-11651, CVE-2020-11652
MD5 | 4a1cf7e77cbab0ac7aee4e3cb68372dc
Adobe DNG SDK Memory Corruption
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.

tags | exploit
MD5 | 8765bb50cd9ee3abccbc2fb01d8b87fe
Adobe DNG SDK dng_lossless_decoder::DecodeImage Out-Of-Bounds Read
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.

tags | exploit, arbitrary
MD5 | a7f302c6df4c350ca29113200164e83b
Red Hat Security Advisory 2020-2116-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2116-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include a file overwrite vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10696, CVE-2020-1702
MD5 | fcd89f492c1ad8fc9eecdea78f6744e3
Ubuntu Security Notice USN-4355-1
Posted May 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4355-1 - PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-11931
MD5 | 5ba131bca4ff575b276cc2ce1396ff6d
Red Hat Security Advisory 2020-2081-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2081-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236
MD5 | 388f4d7ca7879f6e930eed7890b3b91d
LanSend 3.2 Buffer Overflow
Posted May 12, 2020
Authored by gurbanli

LanSend version 3.2 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | d93c9ce689c9dbb80b7d7b7be7c9bb4e
Red Hat Security Advisory 2020-2082-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2082-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, memory leak, null pointer, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2017-18595, CVE-2019-19768, CVE-2020-10711
MD5 | 969fa949c25645a5a7328b59a9ba8ec1
qdPM 9.1 Arbitrary File Upload
Posted May 12, 2020
Authored by Besim Altinok, Ismail Bozkurt

qdPM version 9.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | c0684c8ac1441ffc8176dc2bad26f3b4
Red Hat Security Advisory 2020-2068-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
MD5 | 417852390b6cb4870a493fb633f7bc3e
Cisco Digital Network Architecture Center 1.3.1.4 Cross Site Scripting
Posted May 12, 2020
Authored by Dylan Garnaud, Benoit Malaboeuf

Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
advisories | CVE-2019-15253
MD5 | feb8e9e65a6290bd7cb40a92790b9e16
Red Hat Security Advisory 2020-2085-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2085-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include double free, null pointer, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-18595, CVE-2019-19768, CVE-2020-10711
MD5 | fb45d9224e85ded8bf9bf110926bdba1
CuteNews 2.1.2 Authenticated Shell Upload
Posted May 12, 2020
Authored by Vigov5

CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 854221f3da517dea5c1d414090b7e5df
Red Hat Security Advisory 2020-2113-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2113-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for the Undertow package in Red Hat Single Sign-On 7.3.8. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-14371, CVE-2019-10174, CVE-2020-6950
MD5 | 2332b66522910d3a598e582170139c9c
Red Hat Security Advisory 2020-2112-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2112-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, information leakage, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2019-10172, CVE-2019-14900, CVE-2019-17573, CVE-2020-1695, CVE-2020-1718, CVE-2020-1719, CVE-2020-1724, CVE-2020-1757, CVE-2020-1758, CVE-2020-7226
MD5 | 0e42f6865cd6216d794ee75f6af3d933
Kerberos: Achieving Command Execution Using Silver Tickets
Posted May 12, 2020
Authored by Haboob Team

Whitepaper called Kerberos: Achieving Command Execution Using Silver Tickets.

tags | paper
MD5 | b6af3918f35480e03b99a605d40c2ec1
Red Hat Security Advisory 2020-2108-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2108-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
MD5 | 08b2922929fdbe0c7cf2b51dacce613f
Red Hat Security Advisory 2020-2106-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2106-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
MD5 | 6521ba99d4ddce3ee5dd208059263fd5
macOS 320.whatis Script Privilege Escalation
Posted May 12, 2020
Authored by Csaba Fitzl

macOS 320.whatis Script suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 888e4588e9eaeccacfd45fe2dba8845b
Red Hat Security Advisory 2020-2107-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2107-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
MD5 | 00ba2e2f174359d2ae59e1d429abc98a
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close