exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-09-16

Ubuntu Security Notice USN-4508-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4508-1 - It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-7040
MD5 | 3a173c8e1adaa02f65abf5fc9ae3a802
Ubuntu Security Notice USN-4507-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4507-1 - It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-9240
MD5 | ab3bfe7e87e99103331e759966ce1d69
nfstream 6.1.1
Posted Sep 16, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Fixed broken wheels.
tags | tool, python
systems | unix
MD5 | 0521079d34597ed89fd701d0b3bcfba0
Ubuntu Security Notice USN-4506-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4506-1 - It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-9928
MD5 | d0eefcefa486225d47bd0cc965a0c40b
Ubuntu Security Notice USN-4505-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4505-1 - Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-13625
MD5 | 46ec287f0b6d41563b065bf71592199c
Ubuntu Security Notice USN-4504-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida GarcĂ­a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, CVE-2020-1968
MD5 | f3b44e23570e906ce90abb2252627ce0
Mida Solutions eFramework ajaxreq.php Command Injection
Posted Sep 16, 2020
Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-15920
MD5 | 1b7215ff6d3355202c2e796fb94a2cac
1CRM 8.6.7 Insecure Direct Object Reference
Posted Sep 16, 2020
Authored by Andreas Sperber

1CRM versions 8.6.7 and below suffer from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2020-15958
MD5 | 664d037a79e2d8723d7d5d4b3092e00b
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
Posted Sep 16, 2020
Authored by Julien Ahrens | Site rcesecurity.com

Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2020-16171
MD5 | 91fb344eebf7d5d7a6562e49e011ffc4
Piwigo 2.10.1 Cross Site Scripting
Posted Sep 16, 2020
Authored by Iridium

Piwigo version 2.10.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-9467
MD5 | 90f9620f90a6434b4de66b7345b64f84
Zerologon Proof Of Concept
Posted Sep 16, 2020
Authored by Tom Tervoort, _dirkjan

Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2020-1472
MD5 | 1d075193b9c51dbeb9ca38bebe03fe52
Ubuntu Security Notice USN-4503-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4503-1 - It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2020-14392
MD5 | 958a8420e097c7d493f17f891bd131ac
Ubuntu Security Notice USN-4502-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4502-1 - It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-7663
MD5 | c563667327f276d584068ddbc1ee1247
Red Hat Security Advisory 2020-3727-01
Posted Sep 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3727-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10743, CVE-2020-14040
MD5 | 04cc4ee6cea2f294d7279dd41b84c6c3
Ubuntu Security Notice USN-4501-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4501-1 - It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-15890
MD5 | 5d05a6843c1b85d15a31054694f8bdaf
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close