what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2020-12-15

Microsoft Windows DrawIconEx Local Privilege Escalation
Posted Dec 15, 2020
Authored by timwr, bee13oy, Yoav Alon, Netanel Ben-Simon | Site metasploit.com

This Metasploit module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx within win32k. The out of bounds write can be used to overwrite the pvbits of a SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code execution as the SYSTEM user. This module has been tested against a fully updated Windows 7 x64 SP1. Offsets within the exploit code may need to be adjusted to work with other versions of Windows.

tags | exploit, arbitrary, kernel, code execution
systems | windows, 7
advisories | CVE-2020-1054
MD5 | a2dcd90d07d8ceca312311ee5cfc7a43
American Fuzzy Lop plus plus 3.0c
Posted Dec 15, 2020
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site thc.org

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: Dozens of updates and improvements.
tags | tool, fuzzer
systems | unix
MD5 | 9e7399c5944f88ee9afc3364c765d2a3
Red Hat Security Advisory 2020-5437-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5437-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer over-read and null pointer vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643
MD5 | a9adb00fdf3060ebc8ad1db7ead3643d
Red Hat Security Advisory 2020-5453-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5453-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-25654
MD5 | b4a93cbe7feddaa610fd869f5a2f9e43
Qualcomm Adreno GPU PID Reuse Mapping Leak
Posted Dec 15, 2020
Authored by Google Security Research, hawkes

Qualcomm Adreno GPU PID reuse can lead to a shared mapping leak vulnerability.

tags | exploit
advisories | CVE-2020-11311
MD5 | 35acf4ac51c404442520651898879148
Solaris SunSSH 11.0 x86 libpam Remote Root
Posted Dec 15, 2020
Authored by Hacker Fantastic

Solaris SunSSH versions 10 through 11.0 on x86 libpam remote root exploit.

tags | exploit, remote, x86, root
systems | solaris
advisories | CVE-2020-14871
MD5 | 8fbea7fde1a23252954cc85134e98724
Red Hat Security Advisory 2020-5434-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5434-01 - The targetcli package contains an administration shell for configuring Internet Small Computer System Interface, Fibre Channel over Ethernet, and other SCSI targets, using the Target Core Mod/Linux-IO kernel target subsystem. FCoE users also need to install and use the fcoe-utils package.

tags | advisory, shell, kernel
systems | linux, redhat
advisories | CVE-2020-13867
MD5 | 02b3a817779e433309bbe12539106bef
Alumni Management System 1.0 Shell Upload
Posted Dec 15, 2020
Authored by Valerio Alessandroni

Alumni Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2020-28072
MD5 | 58e5a6073467f6ef3371ca7df9cb3f1b
Red Hat Security Advisory 2020-5439-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5439-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a memory leak vulnerability.

tags | advisory, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-14318, CVE-2020-14323, CVE-2020-1472
MD5 | 09ad68c5da84561a3ab39c5abc59b5c7
Gitlab 11.4.7 Remote Code Execution
Posted Dec 15, 2020
Authored by Fortunato Lodari

Gitlab version 11.4.7 authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | a36b219bfdec49346a92f4b0b0fb2c32
Red Hat Security Advisory 2020-5443-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5443-01 - GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-5766
MD5 | 448530d61ca769dd4d0cb7b8f4d986dc
libbabl 0.1.62 Broken Double-Free Detection
Posted Dec 15, 2020
Authored by Carter Yagemann

libbabl version 0.1.62 broken double-free detection proof of concept exploit.

tags | exploit, proof of concept
MD5 | 8f0462ded515b336ad89248fa739c3ad
Red Hat Security Advisory 2020-5441-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5441-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a buffer over-read vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643
MD5 | 1fa9786d8c7f010130f92053363a7d32
PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting
Posted Dec 15, 2020
Authored by Andrea Intilangelo

PHPJabbers Appointment Scheduler 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-35416
MD5 | 4724272dad99ec23c01c10b8be8c1633
Red Hat Security Advisory 2020-5435-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5435-01 - The python-rtslib package provides a Python library to configure the kernel target subsystem, using the configfs file system.

tags | advisory, kernel, python
systems | linux, redhat
advisories | CVE-2020-14019
MD5 | 56d1d50074fe127fb1d660e83103422c
Task Management System 1.0 Local File Inclusion
Posted Dec 15, 2020
Authored by Ismail Bozkurt

Task Management System version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 34b7e2cf93770d5be340a0dc747d2533
Red Hat Security Advisory 2020-5422-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5422-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
MD5 | 588ab13976fae7accde7976fc5ed2d08
Red Hat Security Advisory 2020-5416-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5416-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2020-12321
MD5 | d5930d53acabf232a39bfa0ec6bba585
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
Posted Dec 15, 2020
Authored by Freakyclown

Cisco ASA version 9.14.1.10 and FTD version 6.6.0.1 path traversal exploit. Original discovery of this vulnerability is attributed to 3ndG4me in October of 2020.

tags | exploit, file inclusion
systems | cisco
advisories | CVE-2020-3452
MD5 | 7cf23b4f5854a2f296a17705db8fae41
Red Hat Security Advisory 2020-5418-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5418-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-16166
MD5 | b296e93ac28fdd884df21d55fe6e12d9
Red Hat Security Advisory 2020-5430-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5430-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-18551, CVE-2019-19447, CVE-2019-20636, CVE-2019-9454, CVE-2020-12770
MD5 | c896c8f848b67edef1480cb39f3ee884
Red Hat Security Advisory 2020-5420-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5420-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser.

tags | advisory, perl, protocol
systems | linux, redhat
advisories | CVE-2020-15862
MD5 | 1cfbc017c0d01b8d386cfbe7ab5d5b00
Online Marriage Registration System 1.0 Remote Code Execution
Posted Dec 15, 2020
Authored by Andrea Bruschi

Online Marriage Registration System version 1.0 authenticated remote code execution exploit. Original discovery of remote code execution in this version was discovered by Selim Enes Karaduman.

tags | exploit, remote, code execution
MD5 | b2e2851076deae38beb369428e4efccf
Red Hat Security Advisory 2020-5417-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5417-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2020-8177
MD5 | ed3b8867e3ce2e9d660210cfcc6a644b
Red Hat Security Advisory 2020-5423-01
Posted Dec 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5423-01 - The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-25654
MD5 | d926c7696d9a762d6499f87ef0ae8e38
Page 1 of 2
Back12Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close