what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2020-12-09

Microsoft Windows WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level Bypass
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached signed leading to a bypass of UMCI.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17139
MD5 | 6ef17e92e2a41526202eea6e0a2e23cb
Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2020-17103
MD5 | 1dedadce5dfb6b98c3be28c5271c765b
Microsoft Windows Cloud Filter HsmpAccessCheck Bypass / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter access check does not take into account restrictions such as Mandatory Labels allowing a user to bypass security checks.

tags | exploit
systems | windows
advisories | CVE-2020-17134
MD5 | 294319a3f3e1683a3a6a445f71aca87b
Microsoft Windows Cloud Filter Arbitrary File Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter driver can be abused to create arbitrary files and directories leading to elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17136
MD5 | f7cc7661ed092a8d29bb9c6c8f666a6e
Ubuntu Security Notice USN-4666-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-1 - It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
MD5 | e97ad9d2b142cb39ff0e56851b058ee8
Ubuntu Security Notice USN-4665-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
MD5 | 9b9a20e2d0e66756f1b80b9137edad83
Tibco ObfuscationEngine 5.11 Fixed Key Password Decryption
Posted Dec 9, 2020
Authored by Tess Sluijter

Tibco ObfuscationEngine version 5.11 uses a fixed key for decryption operations, making it pointless.

tags | exploit
MD5 | f887a9296448f3d4584b64004c043e21
Ubuntu Security Notice USN-4664-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4664-1 - Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-16128, CVE-2020-27349
MD5 | c6db7b60afa25c512c2223fdd54af63d
Task Management System 1.0 Cross Site Scripting
Posted Dec 9, 2020
Authored by Saeed Bala Ahmed

Task Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | de1d48cf3e1fa164194a36f3cc9821c1
Task Management System 1.0 Shell Upload
Posted Dec 9, 2020
Authored by Saeed Bala Ahmed

Task Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 108d5bc7b1ec887b810d69669584a122
Task Management System 1.0 SQL Injection
Posted Dec 9, 2020
Authored by Saeed Bala Ahmed

Task Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9ad71287c4acd9ff7d0faff391b74159
Ubuntu Security Notice USN-4663-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4663-1 - Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-29385
MD5 | 89f97a063439553e6b46dce751806c53
SmarterMail 6985 Remote Code Execution
Posted Dec 9, 2020
Authored by Soroush Dalili, 1F98D

SmarterMail build version 6985 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-7214
MD5 | c71b8312e48f7d45d14c777ba15af640
Employee Performance Evaluation System 1.0 Insecure Direct Object Reference
Posted Dec 9, 2020
Authored by Manish Solanki

Employee Performance Evaluation System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
MD5 | c7f4bc95e0f9623845d5e474ff17c55e
Ubuntu Security Notice USN-4662-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4662-1 - David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1971
MD5 | 9254e91b7f032d7e0e00f066128a85d1
Dup Scout Enterprise 10.0.18 Buffer Overflow
Posted Dec 9, 2020
Authored by Andres Roldan

Dup Scout Enterprise version 10.0.18 SEH remote buffer overflow exploit.

tags | exploit, remote, overflow
MD5 | ad65b6d67bc5cc5541d92ed69ec669d0
Mobile App Security
Posted Dec 9, 2020
Authored by SunCSR, Nghia Van Le

This is a brief whitepaper discussing best practices in mobile application security.

tags | paper
MD5 | 077ad6207fbdc6a00700a76feb4cde0c
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    11 Files
  • 19
    Jun 19th
    1 Files
  • 20
    Jun 20th
    3 Files
  • 21
    Jun 21st
    2 Files
  • 22
    Jun 22nd
    21 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close