exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-09-17

Microsoft Spooler Local Privilege Elevation
Posted Sep 17, 2020
Authored by bwatters-r7, shubham0d, Yarden Shafir, Alex Ionescu | Site metasploit.com

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

tags | exploit
advisories | CVE-2020-1048
SHA-256 | 042eb96d4be3493ee746dfaae2491220ba9b12278e37c6ccaaa1b2d1f175f42f
Microsoft SQL Server Reporting Services 2016 Remote Code Execution
Posted Sep 17, 2020
Authored by West Shepherd

Microsoft SQL Server Reporting Services 2016 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-0618
SHA-256 | 93564e79a307b8bac5558370f2e6f6dbb0adb08abf21e7e8df7922faa0fca119
Ubuntu Security Notice USN-4518-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4518-1 - Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-13696
SHA-256 | b83a5dbb918547a3a862abcef406b6f226f58c7ff017305dda55f1e168dd2d24
Ubuntu Security Notice USN-4516-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4516-1 - It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to revert this behaviour.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-14855
SHA-256 | 36ff91a0f2fb5dcc08eeb0a84742193973063d8884dba6a61da8ab07da95f45b
Ubuntu Security Notice USN-4515-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4515-1 - Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-9274
SHA-256 | 1d2059f1accd9df4de8885389aa8e43c55860bc2ce9bf0bcc73935bcdbc2a6b6
Ubuntu Security Notice USN-4514-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4514-1 - It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-25219
SHA-256 | 305d35264ebd40676fb23e43a9f364314996f3e9125557aaed32a29d6129956a
Ubuntu Security Notice USN-4513-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4513-1 - Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled loading APNG files. An attacker could exploit this with a crafted APNG file to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-6960
SHA-256 | 595ff4c8229049eb36c58aa66aec5db11fe1eed616e9b350ddba359bef512a68
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution
Posted Sep 17, 2020
Authored by mr_me, wvu | Site metasploit.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. Additionally, the target user must have the "Data Loss Prevention" role assigned and an active mailbox. If the user is in the "Compliance Management" or greater "Organization Management" role groups, then they have the "Data Loss Prevention" role. Since the user who installed Exchange is in the "Organization Management" role group, they transitively have the "Data Loss Prevention" role. The specific flaw exists within the processing of the New-DlpPolicy cmdlet. The issue results from the lack of proper validation of user-supplied template data when creating a DLP policy. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Tested against Exchange Server 2016 CU14 on Windows Server 2016.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2020-16875
SHA-256 | 9c64ade1b9672eb090b36bc174f9f1a9a315ff2f06c304a01bbbea3b70e0d409
nfstream 6.1.2
Posted Sep 17, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Limited contention by excluding hyperthreading from scaling heuristic. Changed idle and active timeouts default values. Minor fixes and optimizations. Fixed Travis CI timeouts issues.
tags | tool, python
systems | unix
SHA-256 | 6d2372dacd075c32fe92ccd45a399a4225be02d000b268795e8731d545e7cc3d
Red Hat Security Advisory 2020-3779-01
Posted Sep 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3779-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include XML injection, bypass, and improper authorization vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2017-7658, CVE-2019-10172, CVE-2020-10672, CVE-2020-10673, CVE-2020-10714, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-1695, CVE-2020-1710, CVE-2020-1719, CVE-2020-1745, CVE-2020-1748, CVE-2020-1757, CVE-2020-8840, CVE-2020-9488, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
SHA-256 | bda9f859f02dbc7e3933821e8b9f636c5252aa584253a3ce3cca3733655cb6b0
Ubuntu Security Notice USN-4510-2
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4510-2 - USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. Various other issues were also addressed.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2020-1472
SHA-256 | aafb6bc46e88f588611de36fe13e2ea968b441a056900ec6d16c6f0f3b4df82b
Ubuntu Security Notice USN-4510-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4510-1 - Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Various other issues were also addressed.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2020-1472
SHA-256 | 84259729ff6e1a9d09cd66022b409b383b84a0da05d4de6be35934d6804f7f6d
Ubuntu Security Notice USN-4511-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4511-1 - Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14364
SHA-256 | 29f0ce6dc911aa64415e4299d4a5e1afef2fe8b59eec9f60cac0085c95489148
Ubuntu Security Notice USN-4512-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.

tags | advisory, arbitrary, local, bash
systems | linux, ubuntu
advisories | CVE-2018-7738
SHA-256 | 721b596b39c552a83413d7c73f21fa99895259ca2b06e7ee12a54af082236b77
Ubuntu Security Notice USN-4509-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4509-1 - It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-7490, CVE-2014-10401
SHA-256 | a2be9aca8b029983d55c57011b52eca4715053169e13c19de3de640965043602
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close