what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-09-16

Ubuntu Security Notice USN-4508-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4508-1 - It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-7040
MD5 | 3a173c8e1adaa02f65abf5fc9ae3a802
Ubuntu Security Notice USN-4507-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4507-1 - It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-9240
MD5 | ab3bfe7e87e99103331e759966ce1d69
nfstream 6.1.1
Posted Sep 16, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Fixed broken wheels.
tags | tool, python
systems | unix
MD5 | 0521079d34597ed89fd701d0b3bcfba0
Ubuntu Security Notice USN-4506-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4506-1 - It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-9928
MD5 | d0eefcefa486225d47bd0cc965a0c40b
Ubuntu Security Notice USN-4505-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4505-1 - Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-13625
MD5 | 46ec287f0b6d41563b065bf71592199c
Ubuntu Security Notice USN-4504-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida GarcĂ­a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1551, CVE-2019-1563, CVE-2020-1968
MD5 | f3b44e23570e906ce90abb2252627ce0
Mida Solutions eFramework ajaxreq.php Command Injection
Posted Sep 16, 2020
Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-15920
MD5 | 1b7215ff6d3355202c2e796fb94a2cac
1CRM 8.6.7 Insecure Direct Object Reference
Posted Sep 16, 2020
Authored by Andreas Sperber

1CRM versions 8.6.7 and below suffer from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2020-15958
MD5 | 664d037a79e2d8723d7d5d4b3092e00b
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
Posted Sep 16, 2020
Authored by Julien Ahrens | Site rcesecurity.com

Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2020-16171
MD5 | 91fb344eebf7d5d7a6562e49e011ffc4
Piwigo 2.10.1 Cross Site Scripting
Posted Sep 16, 2020
Authored by Iridium

Piwigo version 2.10.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-9467
MD5 | 90f9620f90a6434b4de66b7345b64f84
Zerologon Proof Of Concept
Posted Sep 16, 2020
Authored by Tom Tervoort, _dirkjan

Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2020-1472
MD5 | 1d075193b9c51dbeb9ca38bebe03fe52
Ubuntu Security Notice USN-4503-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4503-1 - It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2020-14392
MD5 | 958a8420e097c7d493f17f891bd131ac
Ubuntu Security Notice USN-4502-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4502-1 - It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-7663
MD5 | c563667327f276d584068ddbc1ee1247
Red Hat Security Advisory 2020-3727-01
Posted Sep 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3727-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10743, CVE-2020-14040
MD5 | 04cc4ee6cea2f294d7279dd41b84c6c3
Ubuntu Security Notice USN-4501-1
Posted Sep 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4501-1 - It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-15890
MD5 | 5d05a6843c1b85d15a31054694f8bdaf
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close