what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-09-16

Ubuntu Security Notice USN-4508-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4508-1 - It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-7040
SHA-256 | f62b15c1dbb028a8d75a166252979fa71b09b0d3a10e31191e0fcd5eb314597d
Ubuntu Security Notice USN-4507-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4507-1 - It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-9240
SHA-256 | 08577ffb1f5bb31d28b1e77f6c7b3e0d92d47aacca0777045cf1bf76dec2e9d6
nfstream 6.1.1
Posted Sep 16, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Fixed broken wheels.
tags | tool, python
systems | unix
SHA-256 | 2ad96c811a898ad3c579fb0ce3c2aedebfce2690d63ecad79fa0a2d447fa5245
Ubuntu Security Notice USN-4506-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4506-1 - It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-9928
SHA-256 | 12fae38142404ee5c65426380254267a12eb97e830b1b0ea662d573300d381f1
Ubuntu Security Notice USN-4505-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4505-1 - Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-13625
SHA-256 | b2d484281a33a4d7727e87e97f4ad0a528c3f167a6f30c779515d02b96bffeb5
Ubuntu Security Notice USN-4504-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida GarcĂ­a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, CVE-2020-1968
SHA-256 | a453c91247c0c8b05f0a70b1a3674ee04e7e21eea70c71f8885d6de34ed4c9a3
Mida Solutions eFramework ajaxreq.php Command Injection
Posted Sep 16, 2020
Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-15920
SHA-256 | 4878a731edc0be4c0ac00692ed93b267a31861eb08b009ecca9a7586cc59c464
1CRM 8.6.7 Insecure Direct Object Reference
Posted Sep 16, 2020
Authored by Andreas Sperber

1CRM versions 8.6.7 and below suffer from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2020-15958
SHA-256 | 87cb32db18ce1f54b344437d794e6aca77b053d63b126e1e6366b2c525c1716a
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
Posted Sep 16, 2020
Authored by Julien Ahrens | Site rcesecurity.com

Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2020-16171
SHA-256 | 5776367a895d7236549ae9bed6615f059a8c84f1ee0883489602ba985f741b60
Piwigo 2.10.1 Cross Site Scripting
Posted Sep 16, 2020
Authored by Iridium

Piwigo version 2.10.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-9467
SHA-256 | 810101722470e2fc7e7b71d7e31a1dbaaa3c34991cf47fdf4e50dadba4053788
Zerologon Proof Of Concept
Posted Sep 16, 2020
Authored by Tom Tervoort, _dirkjan

Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2020-1472
SHA-256 | c33a65409db7ea9ced3d7e9d9df80a4e2cef77b787ac47ff949764da970ec602
Ubuntu Security Notice USN-4503-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4503-1 - It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2020-14392
SHA-256 | ec2effb1de801697da892a0a1fc170dac06bbc8c10fa1660712df98a0b63ea00
Ubuntu Security Notice USN-4502-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4502-1 - It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-7663
SHA-256 | cb283a5499e58bc7850ad73234317ce25342ba85d67bbd64fcc3eaa072e477ad
Red Hat Security Advisory 2020-3727-01
Posted Sep 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3727-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10743, CVE-2020-14040
SHA-256 | 9b8cb278c0d21a3f67b9aa928505210b8c164d31a327f55ca3116f94d7ce2053
Ubuntu Security Notice USN-4501-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4501-1 - It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-15890
SHA-256 | ba53d475216adaed42ea49c48faf5fe21906266788d2796ade3a529b8f07b93f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close