what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2020-11-06

Ubuntu Security Notice USN-4621-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-1513, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812
SHA-256 | 505a42b4d8cc358df017a8d138c2f348f0946ebc27b59443993f76b899094ba8
Asterisk Project Security Advisory - AST-2020-002
Posted Nov 6, 2020
Authored by Ben Ford, Sebastian Damm, Ruslan Lazin | Site asterisk.org

Asterisk Project Security Advisory - If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.

tags | advisory
SHA-256 | 7b5bf722297267d2f92ffbd9c74ee0315153dc145925d137aff58dbd10bcf95e
Asterisk 17.6.0 / 17.5.1 Denial Of Service
Posted Nov 6, 2020
Authored by Sandro Gauci | Site enablesecurity.com

Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.

tags | exploit, denial of service, tcp
SHA-256 | 16f54da5d3c7145bd5aa998e183688a666211433fed046580666ec3e14e0913e
Ubuntu Security Notice USN-4620-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4620-1 - It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2017-11107
SHA-256 | 526e7f8e00d6eb231a95e84c7d80a713dd12c7e29924f5be6116e1bf8120904b
Microsoft Windows 8.1 Cleanmgr Race Condition / Security Bypass
Posted Nov 6, 2020
Authored by Ofir Moskovitch

Microsoft Windows version 8.1 suffers from a Cleanmgr race condition that allows for a security feature bypass in the firewall.

tags | advisory
systems | windows
SHA-256 | e34f9c77d3fa5b6af6eea024b5217fe213e1fce1f2dfe5608312e84b77adaaf0
CMSUno 1.6.2 Remote Code Execution
Posted Nov 6, 2020
Authored by Fatih Celik

CMSUno version 1.6.2 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 2d5cd620fd25ae62b4e39b1064c735631aab8541458656a7ea918a744f2ddbd3
Asterisk Project Security Advisory - AST-2020-001
Posted Nov 6, 2020
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

tags | advisory
SHA-256 | 0ffdabc3873921af089a27d73efac1246b61b827d0d4706a0053ec41b4494fd6
Ubuntu Security Notice USN-4599-3
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4599-3 - USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
SHA-256 | 3e66ec4967ce3c55fc7fafb147509cb6b999fcd2428eda191419ecfbee8d5e69
Sentrifugo 3.2 Remote Code Execution
Posted Nov 6, 2020
Authored by Fatih Celik

Sentrifugo version 3.2 assets authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 41a4da39a646db1e5569159b75bf374af4d4a5b558417c1df54d4ccc95321c8f
Sentrifugo 3.2 Remote Code Execution
Posted Nov 6, 2020
Authored by Fatih Celik

Sentrifugo version 3.2 announcements authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 709c9539c9907be9c7d88b1d4168327b4a6f5362099d9231861cf25451f20da3
Ubuntu Security Notice USN-4619-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4619-1 - Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000632
SHA-256 | 8811267ce4069d8fe5cf28d9c899a4bbd6040492be72350f1903c43c1d710157
Red Hat Security Advisory 2020-4961-01
Posted Nov 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4961-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2019-17566, CVE-2020-10683, CVE-2020-10693, CVE-2020-10714, CVE-2020-1748, CVE-2020-1945, CVE-2020-1954, CVE-2020-2875, CVE-2020-2933, CVE-2020-2934
SHA-256 | 9e803345c368e5e07879631b2fd7da4a26d21dfe3fc72747393433b0e760cbb0
git-lfs Remote Code Execution
Posted Nov 6, 2020
Authored by Dawid Golunski

Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2020-27955
SHA-256 | 0c8177c46d702e8d2020c52ea4e282b0e930192714df192331520c8802c41440
BlogEngine 3.3.8 Cross Site Scripting
Posted Nov 6, 2020
Authored by Andrey Stoykov

BlogEngine version 3.3.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aa9030bfadf39927f86c29d447c3d4d846efbfc9fa4bf002e5a8f9a03481201f
Red Hat Security Advisory 2020-4960-01
Posted Nov 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4960-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2019-17566, CVE-2020-10683, CVE-2020-10693, CVE-2020-10714, CVE-2020-1748, CVE-2020-1945, CVE-2020-1954, CVE-2020-2875, CVE-2020-2933, CVE-2020-2934
SHA-256 | 37587b054821cd3932803c66a9745ffe99b9249c67263ca98730dfebbedf9bda
SmartBlog 2.0.1 Blind SQL Injection
Posted Nov 6, 2020
Authored by C0wnuts

SmartBlog version 2.0.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1b9bc7c4cc68e2eaf0ccbd5ae61da8c71602a8b848f30ac1ee4bd1b5864513fe
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close