what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2021-01-12

GNU Privacy Guard 2.2.27
Posted Jan 12, 2021
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Fixed --gpgconf-list case with no conf files at all. Fixed description of two new options. Minor permission fix in wkd for created files.
tags | tool, encryption
SHA-256 | 34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399
Cloud Filter Arbitrary File Creation / Privilege Escalation
Posted Jan 12, 2021
Authored by Grant Willcox, James Foreshaw | Site metasploit.com

This Metasploit module exploits a vulnerability in cldflt.sys. The Cloud Filter driver on Windows 10 v1803 and later, prior to the December 2020 updates, did not set the IO_FORCE_ACCESS_CHECK or OBJ_FORCE_ACCESS_CHECK flags when calling FltCreateFileEx() and FltCreateFileEx2() within its HsmpOpCreatePlaceholders() function with attacker controlled input. This meant that files were created with KernelMode permissions, thereby bypassing any security checks that would otherwise prevent a normal user from being able to create files in directories they don't have permissions to create files in. This module abuses this vulnerability to perform a DLL hijacking attack against the Microsoft Storage Spaces SMP service, which grants the attacker code execution as the NETWORK SERVICE user. Users are strongly encouraged to set the PAYLOAD option to one of the Meterpreter payloads, as doing so will allow them to subsequently escalate their new session from NETWORK SERVICE to SYSTEM by using Meterpreter's "getsystem" command to perform RPCSS Named Pipe Impersonation and impersonate the SYSTEM user.

tags | exploit, code execution
systems | windows
advisories | CVE-2020-1170, CVE-2020-17136
SHA-256 | 5bdffeb4ef0091f8099814e9f3a61b1346960497efc651c7566901fb62b98d96
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
Posted Jan 12, 2021
Authored by h00die | Site metasploit.com

WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.

tags | exploit, remote, arbitrary, shell, php
SHA-256 | a2f6c8a1b2abcf88e7b1c36398324f80a14ac661d3acd2771b420e43bc493668
Flawfinder 2.0.15
Posted Jan 12, 2021
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Fixed some release problems in 2.0.14. Improved handling of LoadLibraryEx.
tags | tool
systems | unix
SHA-256 | 0a65cf93b1d380669476e576abbb04ea0766a557ce2bf75d9e71f387fcd74406
Red Hat Security Advisory 2021-0083-01
Posted Jan 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0083-01 - The rhceph-4.2 image is based on Red Hat Ceph Storage 4.2 and Red Hat Enterprise Linux. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379, CVE-2020-1971, CVE-2020-24659
SHA-256 | e943336edc5347bcba6786ff67a9a3dc7132f73006690c613ae8589772698114
Ubuntu Security Notice USN-4689-2
Posted Jan 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4689-2 - USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-1052, CVE-2021-1053, CVE-2021-1056
SHA-256 | 8fa7b2a182e0cfc181d62db06e7fd59c168a59abfc4167bc3f2ed185a52cadb7
Blind SSRF With Shellshock Exploitation
Posted Jan 12, 2021
Authored by Hardik Tyagi, Aman Saxena

Whitepaper called Blind SSRF with Shellshock Exploitation. It discusses how an attacker can leverage shellshock to also perform server-side request forgery attacks.

tags | paper
SHA-256 | 7135db566d6a1f125f17694d97ca08918b679ef937c65f279dc51bdf3a889d01
Gila CMS 2.0.0 Remote Code Execution
Posted Jan 12, 2021
Authored by Selim Enes Karaduman

Gila CMS version 2.0.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | baac0ad09f52215b94d7ad8822490662b04b1082c3a35d1db98b5bc1b61cdc2a
Red Hat Security Advisory 2021-0081-01
Posted Jan 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0081-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. This package contains a new implementation of the original libtirpc, transport-independent RPC library for NFS-Ganesha. NFS-GANESHA is a NFS Server running in user space. It comes with various back-end modules provided as shared objects to support different file systems and name-spaces.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25660, CVE-2020-25677, CVE-2020-27781
SHA-256 | 17dce88e2e15a0cea165212958e4b057227b0cd6687f9a062344666603c0b458
Ubuntu Security Notice USN-4649-2
Posted Jan 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4649-2 - USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 79e434b3d5161ef8b4a9c1024ba23581111740f2363f424d310f5f8ac06d8093
Cemetery Mapping And Information System 1.0 SQL Injection
Posted Jan 12, 2021
Authored by Mesut Cetin

Cemetery Mapping and Information System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 40e1e673642e14af2c8069226e362f586d21f7718897c803bc60edd70017beea
Red Hat Security Advisory 2021-0073-01
Posted Jan 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0073-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2020-25641
SHA-256 | 30a56656b9939c4184ff2377144d222707dc3ea6d2d36267e95b717759769b58
A Hands-On Approach To Linux Privilege Escalation
Posted Jan 12, 2021
Authored by Tanishq Sharma, Shikhar Saxena

Whitepaper called A Hands-On Approach To Linux Privilege Escalation. This document is intended to provide multiple techniques that a pentester can use to escalate their privileges and gain access to higher roles.

tags | paper
systems | linux
SHA-256 | 310fda8af6653a1631b701e34fda63984b79da47abf4d0c694660655c07035b4
Ubuntu Security Notice USN-4689-1
Posted Jan 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4689-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-1052, CVE-2021-1053, CVE-2021-1056
SHA-256 | 078f744a01ac8a9dccee8e3d48f25750611b00cab1a2b1b8a61c167f06729bcf
SmartAgent 3.1.0 Privilege Escalation
Posted Jan 12, 2021
Authored by Orion Hridoy

SmartAgent version 3.1.0 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 1855c6e4cc74e6ac9dd81e5951850b048ebc290da392f2be0d4d8038cbc51b96
Red Hat Security Advisory 2021-0072-01
Posted Jan 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0072-01 - Red Hat OpenShift Serverless 1.9.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-15586, CVE-2020-16845
SHA-256 | b98edb1818cab937031c0c01d31deed62dc8aef9f50b47acdf1cc20f4d2d85ca
Backdoor.Win32.Zombam.a MVID-2021-0022 Remote Stack Buffer Overflow
Posted Jan 12, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zombam.a malware suffers from a remote stack buffer overflow vulnerability.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 933ad0c7eaa00a4038e30992a463e6a35b6fb00aaf7b35c2dc9d821ed74449e0
Ubuntu Security Notice USN-4668-4
Posted Jan 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-4 - USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, python
systems | linux, ubuntu
advisories | CVE-2020-27351
SHA-256 | 0382de499cf879a6925d74c2f74b7c57504aa84bcb858cf715fb06a53d46e591
Ubuntu Security Notice USN-4667-2
Posted Jan 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4667-2 - USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-27350
SHA-256 | b8f1070fd082e227089866f984e524e9c9c45a838b83b360922bd1566c6f1679
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close