what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-08-27

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
Posted Aug 27, 2020
Authored by T. Weber | Site sec-consult.com

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.

tags | exploit, vulnerability
advisories | CVE-2019-3422
SHA-256 | 4f066c4a8cdc5c194bf13e721d902a077e402bf503eb72e35b7aa253ae12cbc4
Eikon Thomson Reuters 4.0.42144 File Permissions
Posted Aug 27, 2020
Authored by Khalil Bijjou | Site sec-consult.com

Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.

tags | exploit, code execution
advisories | CVE-2019-10679
SHA-256 | cefd3a573b7ca1df14112830ceb07fbac0edea5f7fa5c698ca9c4056ae2633cc
Ubuntu Security Notice USN-4477-1
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4477-1 - Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. RĂ©gis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
SHA-256 | e30d35415018b5770194d1b9730378b888542946cf0e323dd1be4b7182755fd8
Ubuntu Security Notice USN-4476-1
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4476-1 - It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-12403
SHA-256 | 0cb861156c6c38c6bee4357a5840c4d3a167d2d9e2279055d791e5de14791c64
Red Hat Security Advisory 2020-3574-01
Posted Aug 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass and code execution vulnerabilities.

tags | advisory, web, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2020-10778, CVE-2020-10783, CVE-2020-14324, CVE-2020-14325
SHA-256 | 180aa53cbca05482454904febdf9c008320039952a59725600229f347d9d9357
Mida eFramework 2.9.0 Remote Code Execution
Posted Aug 27, 2020
Authored by elbae

Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-15920
SHA-256 | 1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a
ASX To MP3 Converter 3.1.3.7.2010.11.05 Buffer Overflow
Posted Aug 27, 2020
Authored by Paras Bhatia

ASX to MP3 Converter version 3.1.3.7.2010.11.05 .wax local buffer overflow proof of concept exploit with DEP and ASLR bypass.

tags | exploit, overflow, local, proof of concept
SHA-256 | 7f84c77ff7d0602ebf55956621de4d05257783b831769bc70810340d9c65606b
GNU Privacy Guard 2.2.22
Posted Aug 27, 2020
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Changed the default key algorithm to rsa3072. Added regular expression support for Trust Signatures on all platforms. Various other updates and fixes.
tags | tool, encryption
SHA-256 | 7c1370565e1910b9d8c4e0fb57b9de34aa062ec7bb91abad5803d791f38d855b
Ubuntu Security Notice USN-4475-1
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4475-1 - It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14367
SHA-256 | 2ba66b15a770c05e43d566a989f725061971e35aa3b6b84c1c86873791eeb251
Ubuntu Security Notice USN-4446-2
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4446-2 - USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676
SHA-256 | be7270eca51d9106f34f71c4e2558648d8f85a5fc7f6800b486c696796ffa772
Gentoo Linux Security Advisory 202008-16
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-16 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.12.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15664, CVE-2020-15669
SHA-256 | c474d40ff712accf1513fe181cb940306656297f6cb3abadea7fc678d95faed8
Gentoo Linux Security Advisory 202008-15
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-15 - A flaw in Docker allowed possible information leakage. Versions less than 19.03.12 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2020-13401
SHA-256 | e644d995ae441f4c24164f26fe3d2966d0636123a2802291141857a55dfe8a2e
Red Hat Security Advisory 2020-3541-01
Posted Aug 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16541, CVE-2020-13757, CVE-2020-1741, CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
SHA-256 | 42d044757ced55aee7edf9844bfad23fe95bf3c3141361f974b7050950a43c55
Gentoo Linux Security Advisory 202008-14
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-14 - A vulnerability in Wireshark could lead to a Denial of Service condition. Versions less than 3.2.6 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2020-17498
SHA-256 | 1e745d3f44450ee5f3ff173318a642583a2f861a43f9f1ec7f4117a0f3560687
Gentoo Linux Security Advisory 202008-13
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-13 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in privilege escalation. Versions less than 9.5.23:9.5 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14349, CVE-2020-14350
SHA-256 | b9ffeb065fa475ec938af85e828054d7d90b5d9a9259663a3d565b3d3bc786a1
Gentoo Linux Security Advisory 202008-12
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-12 - Multiple vulnerabilities have been found in Net-SNMP, the worst of which could result in privilege escalation. Versions less than 5.8.1_pre1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2019-20892, CVE-2020-15861, CVE-2020-15862
SHA-256 | 47b590361046f370f06a09b89dcc673424b68229c00713f89dedeb4d3d77f993
Gentoo Linux Security Advisory 202008-11
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-11 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 85.0.4183.83 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-6559, CVE-2020-6560, CVE-2020-6561, CVE-2020-6562, CVE-2020-6563, CVE-2020-6564, CVE-2020-6565, CVE-2020-6566, CVE-2020-6567, CVE-2020-6568, CVE-2020-6569, CVE-2020-6570, CVE-2020-6571
SHA-256 | 945bfec750bf63585fac49eee7a83a14fbd13374349c8480dfe005be75d41814
I2P 0.9.47
Posted Aug 27, 2020
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: This version enables new ECIES Encryption.
tags | tool
systems | unix
SHA-256 | dbccada6a353b54ceb844fe8cb0912c0363375a2f57214d23fcf463c4e6d2c4f
Debian Security Advisory 4751-1
Posted Aug 27, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4751-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling (leading to cache poisoning) and denial of service when processing crafted cache digest responses messages.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
SHA-256 | 3753426127834c4951d974e752f420e15ee85396cc43dfb685e0906f69a54744
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close