exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

Files Date: 2020-11-12

Ubuntu Security Notice USN-4632-1
Posted Nov 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4632-1 - It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service or potentially execute arbitrary code. It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service or potentially execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-7039, CVE-2020-8608
MD5 | 4a371d27b914f9fc59555d745600a57f
Ubuntu Security Notice USN-4631-1
Posted Nov 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4631-1 - It was discovered that libmaxminddb incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause applications using libmaxminddb to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-28241
MD5 | 96a1b75e7558c82535b3824b6bd2bd8e
Ubuntu Security Notice USN-4171-6
Posted Nov 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-6 - USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.

tags | advisory, denial of service, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | bf6d214866122a7e4c574dda44e1251b
Logitech Solar Keyboard Service Unquoted Service Path
Posted Nov 12, 2020
Authored by Jair Amezcua

Logitech Solar Keyboard Service suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | a1d7ebb003efe084c7a66fdb48fa979c
OATH Toolkit 2.6.4
Posted Nov 12, 2020
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: Various improvements.
tags | tool
systems | unix
MD5 | 7aeb11fd9fe064827181f0823ec94470
SaltStack Salt REST API Arbitrary Command Execution
Posted Nov 12, 2020
Authored by wvu, KPC | Site metasploit.com

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5, 2019.2.5, 2019.2.6, 3000.3, 3000.4, 3001.1, 3001.2, and 3002. Tested against 2019.2.3 from Vulhub and 3002 on Ubuntu 20.04.1.

tags | exploit, root
systems | linux, ubuntu
advisories | CVE-2020-16846, CVE-2020-25592
MD5 | b5fa316062251df66e88495b91093b20
Red Hat Security Advisory 2020-5104-01
Posted Nov 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5104-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | c5ea2bf32bf79d19ddcea1ce8c6420f8
Red Hat Security Advisory 2020-5099-01
Posted Nov 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5099-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | 34fbe156466903f901565edeef88bad1
Red Hat Security Advisory 2020-5100-01
Posted Nov 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5100-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | e37a8da7a260131a50afef5f294ce719
Ubuntu Security Notice USN-4628-2
Posted Nov 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4628-2 - USN-4628-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
MD5 | b4d60c46b0b2f4b8fe17f44c9de38a83
WordPress Good LMS 2.1.4 SQL Injection
Posted Nov 12, 2020
Authored by Abdulazeez Alaseeri

WordPress Good LMS plugin versions 2.1.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9bbed742fa8c8c3131f171c267ebfd1e
Water Billing System 1.0 SQL Injection
Posted Nov 12, 2020
Authored by Sarang Tumne

Water Billing System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 851dedf47fd4bd28e7b16069015cd160
Sifter 11
Posted Nov 12, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: GHunt added for email reconnaissance. DeadTrap has been readded. Various other updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 2f14f230c864cc0ae600f8a638d40a88
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close