exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2020-07-07

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
Posted Jul 7, 2020
Authored by wvu, Mikhail Klyuchnikov | Site metasploit.com

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the root user.

tags | exploit, shell, root
advisories | CVE-2020-5902
SHA-256 | b44d37fd43f21d22264736cf20b07fbb9f84fe54d9af05cc6f7d295d6faf7c6a
Botan C++ Crypto Algorithms Library 2.15.0
Posted Jul 7, 2020
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed a memory leak in the CommonCrypto block cipher calls. Changed the HMAC key schedule to attempt to reduce the information leaked from the key schedule with regards to the length of the key, as this is at times (as for example in PBKDF2) sensitive information. Various other additions and updates.
tags | library
SHA-256 | d88af1307f1fefac79aa4f2f524699478d69ce15a857cf2d0a90ac6bf2a50009
Red Hat Security Advisory 2020-2863-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2863-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-11253
SHA-256 | 837191484782a05b314c701e73e9f52193d230d353fdf9841c1a8ce8fb2dd36a
Red Hat Security Advisory 2020-2861-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2861-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include cross site scripting, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11253, CVE-2020-12052, CVE-2020-12245, CVE-2020-13379, CVE-2020-13430, CVE-2020-7660, CVE-2020-7662
SHA-256 | 7d96fd5847793a13da10d62cd136d2c69b8b82bb97c74d6b0116ab9d53ef6f3e
Red Hat Security Advisory 2020-2864-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2864-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a resource exhaustion vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12603, CVE-2020-12604, CVE-2020-12605, CVE-2020-8663
SHA-256 | c2a59387431dac2f55c6e38414588e80c837589e0e7022c305e721290d399cfa
Applebot Incorrect Robots.txt Interpretation
Posted Jul 7, 2020
Authored by David Coomber

Applebot/0.1 does not fully obey robots.txt as it interprets allow entries for Googlebot as implied permission for Applebot.

tags | advisory
SHA-256 | 78ae053c4168117e295b49f3d21f45583932d75f34e82ed990e26f77540f353c
GRR 3.4.2.0
Posted Jul 7, 2020
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: New SplunkOutputPlugin to export Flow/Hunt results to Splunk. New NTFS virtual file system handler for file system parsing using libfsntfs. A couple new flows and multiple other updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 3232771035cbd0580621c3e72dee06ff39416a505e07281e82a2d72191e1bb05
MikroTik RouterOS Null Pointer Dereference / Division-By-Zero
Posted Jul 7, 2020
Authored by Qian Chen

MikroTik RouterOS versions prior to stable 6.47 suffer from multiple null pointer dereference vulnerabilities and one division-by-zero vulnerability.

tags | advisory, vulnerability
SHA-256 | f62eaf7184c39f0e8b90c063e78e3e3b83c3de4f01b45d8555571c1e7818d1df
CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure
Posted Jul 7, 2020
Authored by Pierre Kim

Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities.

tags | exploit, denial of service, shell, root, vulnerability
SHA-256 | 25ead8b8d6facee2b0e679c6d68a14a89d0c99b0b24923b75e4317730748e5e6
Ubuntu Security Notice USN-4420-1
Posted Jul 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4420-1 - David Hill and Eric Harney discovered that Cinder and os-brick incorrectly handled ScaleIO backend credentials. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-10755
SHA-256 | 9a5516719a6cd852208a09ce2e0c2fd9d5336c70a47a3ec7616bd35bbd6b1f26
Red Hat Security Advisory 2020-2854-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2854-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include denial of service, memory leak, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-16884, CVE-2019-11811, CVE-2019-15917, CVE-2019-18808, CVE-2019-19062, CVE-2019-19767, CVE-2019-20636, CVE-2019-9458, CVE-2020-10720, CVE-2020-11565, CVE-2020-12888, CVE-2020-8834
SHA-256 | 88b10b591e7d9aa17f5a3f9a69794ba0c6e72031e7fea8f23b71c9502215f507
Red Hat Security Advisory 2020-2842-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2842-01 - An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Sampling issues were addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-0543, CVE-2020-0548, CVE-2020-0549
SHA-256 | 13302dd0c178464aac1f730807510e7ab758da54a598b4507ab47b17801c43c5
Red Hat Security Advisory 2020-2840-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2840-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a file read vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-1938
SHA-256 | 469268d94d9874f83794d1799a19f37aef89e17a5c24f2b64ccaa65b8bf4715e
Red Hat Security Advisory 2020-2846-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2846-01 - The gettext packages provide a documentation for producing multi-lingual messages in programs, set of conventions about how programs should be written, a runtime library, and a directory and file naming organization for the message catalogs. Issues addressed include a double free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-18751
SHA-256 | abd78346ad688420cd8cfd177ae293b687744430001c8b706cc9bf2df1eac7a1
Red Hat Security Advisory 2020-2839-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2839-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2018-16396
SHA-256 | 5d0415863a7ac6ac661eb3ddbe07e712d47dda455f58ec5fd3e138424ef84c8a
Red Hat Security Advisory 2020-2838-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2838-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Issues addressed include an out of bounds read vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10360
SHA-256 | 1d71ed1e890c2f1f1ddb63e40502c901cb735a62ea971317d50e72edebe3957c
Red Hat Security Advisory 2020-2844-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2844-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an out of bounds access vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-8608
SHA-256 | 4999e4fd46f3504491e63ef0f0bc3cf682b401e214b56a282bbb6ccb74db88c2
Red Hat Security Advisory 2020-2833-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2833-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-14744
SHA-256 | cfe2f776112741a228438beaae6abbb11c05570959579901ea81fc916f2d8906
Red Hat Security Advisory 2020-2835-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2835-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include an underflow vulnerability.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
SHA-256 | 55475f2ac05404b0dbd6c71ae701acb5dd0454b103210a1d65fd0819888efc0c
Red Hat Security Advisory 2020-2851-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2851-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, memory leak, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-20169, CVE-2018-7191, CVE-2019-11487, CVE-2019-13233, CVE-2019-14821, CVE-2019-15916, CVE-2019-18660, CVE-2019-3901, CVE-2020-12888
SHA-256 | f605c3a284c143f78a257a18fb53f755d5eb05795ee953c04511eef9931e7052
Red Hat Security Advisory 2020-2852-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2852-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
SHA-256 | 1e24609706569805264896389d47a50da4b931bded85681c1a9784b359ee9210
Red Hat Security Advisory 2020-2848-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2848-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
SHA-256 | 01d7c988d318715dd14781e26eec5cc619ac01728927cd50142b32f5c9df60c2
Online Shopping Portal 3.1 SQL Injection
Posted Jul 7, 2020
Authored by gh1mau

Online Shopping Portal version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | eb7ead273e51bd644d976e45b7406df9d8353310a7af6f726aca2a9b8ae31227
Red Hat Security Advisory 2020-2849-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
SHA-256 | dc60f758491980ac3a11561215a4caff0c35e2289f85ed044b975b26538c56e1
Red Hat Security Advisory 2020-2847-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2847-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
SHA-256 | e5f4967b448d97773a801b2e8a80c6460ccfb6a255a99ae1e1723bed68884dab
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close