what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files Date: 2020-07-22

ZenTao Pro 8.8.2 Remote Code Execution
Posted Jul 22, 2020
Authored by Daniel Monzon, Erik Wynter, Melvin Boers | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and 8.8.2 running on Windows 10 (XAMPP server).

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-7361
MD5 | 0c709d672ec84543f14645bf7ef4cccb
Logwatch 7.5.4
Posted Jul 22, 2020
Site logwatch.org

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 47b35a8e5efc415b4a775415255b8d1f
Ubuntu Security Notice USN-4428-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4428-1 - It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-14422
MD5 | 4b05b5d396d8fc25741cb5a3bea9105f
Ubuntu Security Notice USN-4430-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4430-1 - It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-10177
MD5 | 2aa282afbaddbd1638fe8d89bc52768c
Ubuntu Security Notice USN-4429-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4429-1 - It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-14928
MD5 | 10493727fb9930c2ba04bc1be080e7ad
Red Hat Security Advisory 2020-3098-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3098-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a bypass vulnerability.

tags | advisory, java, bypass
systems | linux, redhat
advisories | CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | 75b09f760ecac44ae411675531c507f2
Red Hat Security Advisory 2020-3105-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3105-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12689, CVE-2020-12690, CVE-2020-12691
MD5 | 0ef1af518027272cc85bbf78a3ef7f90
Red Hat Security Advisory 2020-3102-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3102-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692
MD5 | 89c2b38f5cb157537d02cdad4767f27b
Red Hat Security Advisory 2020-3099-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3099-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a bypass vulnerability.

tags | advisory, java, bypass
systems | linux, redhat
advisories | CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | 34eb26e67dd90ebc8d76dc3e7bc8c5e1
Red Hat Security Advisory 2020-3100-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3100-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.

tags | advisory, java, bypass
systems | linux, redhat
advisories | CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | ba08260c17dc510ea4927d5b3fce1325
Red Hat Security Advisory 2020-3101-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3101-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.

tags | advisory, java, bypass
systems | linux, redhat
advisories | CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | 5d26119f38f69cd2c63ae27bbd3c94d8
Docsify.js 4.11.4 Cross Site Scripting
Posted Jul 22, 2020
Authored by Amin Sharifi

Docsify.js version 4.11.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-7680
MD5 | c04ce1f9ca28c7b5d05da5e1c5f7e216
Red Hat Security Advisory 2020-3096-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3096-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12689, CVE-2020-12691
MD5 | 401a3dad543deb66e3e3169d63a788ac
Red Hat Security Advisory 2020-3090-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3090-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15104
MD5 | 83e97187a5c8c662b2154508382edb66
Red Hat Security Advisory 2020-3087-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3087-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12049, CVE-2020-14040
MD5 | f396d521cc1c781042429bec54224afa
WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection
Posted Jul 22, 2020
Authored by Vlad Vector

WordPress NexosReal Estate Theme version 1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2020-15363, CVE-2020-15364
MD5 | a895e629a2ee4014db883d892ac2e0c7
Ubuntu Security Notice USN-4425-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4425-1 - It was discovered that the network block device implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service. It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-16089, CVE-2019-19462, CVE-2020-11935, CVE-2020-15780
MD5 | e1761cf826ff6144d075ef68b7a8162d
Ubuntu Security Notice USN-4427-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4427-1 - It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information. Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-12380, CVE-2019-19947, CVE-2019-20810, CVE-2019-20908, CVE-2020-10732, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-11935, CVE-2020-13974
MD5 | f507315d6608e55168aa521403f99c05
Ubuntu Security Notice USN-4426-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4426-1 - Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-20908, CVE-2020-10757, CVE-2020-11935, CVE-2020-15780
MD5 | 214e26f4f8e9c0137ebda05513d8ff05
Red Hat Security Advisory 2020-3084-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3084-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
MD5 | 3074c7c70c5fc22136644cec1f1845d9
Sophos VPN Web Panel 2020 Denial Of Service
Posted Jul 22, 2020
Authored by Berk Kiras

Sophos VPN Web Panel 2020 denial of service proof of concept exploit.

tags | exploit, web, denial of service, proof of concept
MD5 | 00504c0026b87dc91f6dc60d478bb7f9
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close