exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-10-06

Red Hat Security Advisory 2020-4186-01
Posted Oct 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4186-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-14355
MD5 | ba4ba3635bf8280334825059efc88c7e
Ubuntu Security Notice USN-4572-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4572-1 - Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14355
MD5 | 10fa47bbba4baa38f799be96ba28941f
Ubuntu Security Notice USN-4567-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4567-1 - It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters.

tags | advisory, bypass
systems | linux, ubuntu
advisories | CVE-2019-16378
MD5 | a2e9268df566af8fb0bbf4f25c5f5e29
Ubuntu Security Notice USN-4566-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, arbitrary, local, imap
systems | linux, ubuntu
advisories | CVE-2019-11356, CVE-2019-19783
MD5 | 24a0f0b0c12ffc0d122c2f3854f8df99
Ubuntu Security Notice USN-4565-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4565-1 - It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service.

tags | advisory, web, denial of service, overflow
systems | linux, ubuntu
advisories | CVE-2019-16239
MD5 | 414bf529f860a809a39b585c211f127f
Ubuntu Security Notice USN-4564-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4564-1 - It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1950
MD5 | 4e06099738e8627335558f73c553a534
Red Hat Security Advisory 2020-4185-01
Posted Oct 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4185-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-14355
MD5 | a849b8037514f307d923d5ad88c19bdc
Red Hat Security Advisory 2020-4181-01
Posted Oct 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4181-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12662, CVE-2020-12663
MD5 | ba318f51fbf2e90da3a766e29f437070
Red Hat Security Advisory 2020-4187-01
Posted Oct 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4187-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-14355
MD5 | b203d80c8c55ae18dacedf384c62a662
Lynis Auditing Tool 3.0.1
Posted Oct 6, 2020
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Many detections and changes added.
tags | tool, scanner
systems | unix
MD5 | ac984258e89b88c86e8c1c5395de8a15
Botan C++ Crypto Algorithms Library 2.16.0
Posted Oct 6, 2020
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Now userspace PRNG objects (such as AutoSeeded_RNG and HMAC_DRBG) use an internal lock, which allows safe concurrent use. This however is purely a precaution in case of accidental sharing of such RNG objects; for performance reasons it is always preferable to use a RNG per thread if a userspace RNG is needed. DL_Group and EC_Group objects now track if they were created from a known trusted group (such as P-256 or an IPsec DH parameter). If so, then verification tests can be relaxed, as compared to parameters which may have been maliciously constructed in order to pass primality checks. Various other additions and updates.
tags | library
MD5 | 88bbb33f5e13efb5e9019cb990a81e27
Hashicorp Vault GCP IAM Integration Authentication Bypass
Posted Oct 6, 2020
Authored by Google Security Research, Felix Wilhelm

HashiCorp Vault's GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE instances, by creating a JWT token with a faked compute_engine struct, using an arbitrary attacker controlled service account.

tags | exploit, arbitrary
advisories | CVE-2020-16251
MD5 | 7b83f776aff7e235a44aa2d4f4125bb8
Hashicorp Vault AWS IAM Integration Authentication Bypass
Posted Oct 6, 2020
Authored by Google Security Research, Felix Wilhelm

HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.

tags | exploit, arbitrary, spoof
advisories | CVE-2020-16250
MD5 | c2e3c92a813a0ec7ee985df9b624b079
Krpano Panorama Viewer 1.20.8 Cross Site Scripting
Posted Oct 6, 2020
Authored by Adriano Marcio Monteiro

Krpano Panorama Viewer versions 1.20.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1d171ea16420ddbe30719e82a37be067
Recon Informer 1.2
Posted Oct 6, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

Changes: Fixed minor window title bug and removed a module.
tags | tool
systems | linux, windows, unix
MD5 | 01e3fdb17ce9ebb4bdd944a17576de40
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close