what you don't know can hurt you
Showing 1 - 25 of 465 RSS Feed

Files Date: 2021-01-01 to 2021-01-31

Gentoo Linux Security Advisory 202101-38
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-38 - A vulnerability was discovered in NSD which could allow a local attacker to cause a Denial of Service condition. Versions less than 4.3.4 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
advisories | CVE-2020-28935
MD5 | 966f120d946325517cbc311ac7388e47
Ubuntu Security Notice USN-4714-1
Posted Jan 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell, code execution
systems | linux, ubuntu
advisories | CVE-2020-26217, CVE-2020-26258, CVE-2020-26259
MD5 | 3cdeed73f8b46410b7481e928cd50ec1
Metasploit Framework 6.0.11 Command Injection
Posted Jan 29, 2021
Authored by Justin Steven

Metasploit Framework version 6.0.11 msfvenom APK template command injection exploit.

tags | exploit
advisories | CVE-2020-7384
MD5 | ce36ed561470b74e683b1ec17a2437bb
Packed.Win32.Katusha.o Insecure Permissions
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Packed.Win32.Katusha.o suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
MD5 | 9790aabb0b7e4fca980f0e90fbe84713
Backdoor.Win32.MiniBlackLash Denial Of Service
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.MiniBlackLash malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
MD5 | c1db00d324b6ac51dca2d3d86731ecb6
Online Voting System 1.0 Authorization Bypass
Posted Jan 29, 2021
Authored by Richard Jones

Online Voting System version 1.0 suffers from an authorization bypass vulnerability that allows for the password change of other users.

tags | exploit, bypass
MD5 | 16768c5f888788b48538184a138bb0bb
Red Hat Security Advisory 2021-0299-01
Posted Jan 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0299-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
MD5 | 286384cab756e2967e146adf2bf096db
BloofoxCMS 0.5.2.1 Cross Site Scripting
Posted Jan 29, 2021
Authored by LiPeiYi

BloofoxCMS version 0.5.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1d34a2c178c0c391065322b48b36129b
Gentoo Linux Security Advisory 202101-37
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-37 - A buffer overflow in VLC might allow remote attacker(s) to execute arbitrary code. Versions less than 3.0.12.1 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2020-26664
MD5 | 96e16d024738b165decb6bd77604791b
Gentoo Linux Security Advisory 202101-36
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-36 - A vulnerability in ImageMagick's handling of PDF was discovered possibly allowing code execution. Versions less than 6.9.11.41-r1 are affected.

tags | advisory, code execution
systems | linux, gentoo
advisories | CVE-2020-29599
MD5 | 328eb106c4e9bca305c1f09e2167bc13
Online Grading System 1.0 SQL Injection
Posted Jan 29, 2021
Authored by Ruchi Tiwari

Online Grading System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 46066bfcde6d6cef417b561ad0b94450
Backdoor.Win32.Mhtserv.b Missing Authentication
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Mhtserv.b malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
MD5 | 85e523d3eb22be0386798576ad173264
Red Hat Security Advisory 2021-0298-01
Posted Jan 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0298-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
MD5 | fa853bb8cb813ea7fdd700c5a9aba5cb
Quick.CMS 6.7 Remote Code Execution
Posted Jan 29, 2021
Authored by mari0x00

Quick.CMS versions 6.7 and below suffer from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-35754
MD5 | 38281cb7d1c19fc0da47fcc9734d6159
Home Assistant Community Store 1.10.0 Path Traversal
Posted Jan 29, 2021
Authored by Lyghtnox

Home Assistant Community Store (HACS) version 1.10.0 suffers from a path traversal vulnerability that allows for account takeover.

tags | exploit, file inclusion
MD5 | 2e4344a9f1aa53aed3bf84cb9d2bc67d
Backdoor.Win32.Zhangpo Denial Of Service
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zhangpo malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
MD5 | b8337573f3d58f7b3a81f97267576f7d
Backdoor.Win32.Zetronic Denial Of Service
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zetronic malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
MD5 | 45dea762870995e89b0da07f0f04cfd9
MyBB Hide Thread Content 1.0 Information Disclosure
Posted Jan 29, 2021
Authored by 0xB9

MyBB Hide Thread Content plugin version 1.0 suffers from an information leakage vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-3337
MD5 | 5ea0716da4a40b02a22d5f6e4ac35f6e
Red Hat Security Advisory 2021-0297-01
Posted Jan 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0297-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
MD5 | 868682441c0b4bca4a31832080f0f1b9
Glibc Character Conversion Assertion
Posted Jan 29, 2021
Authored by Tavis Ormandy, Google Security Research

If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding.

tags | advisory
MD5 | 95357505e4eb0edd827bee432e14e8e7
PRTG Network Monitor Remote Code Execution
Posted Jan 28, 2021
Authored by Josh Berry, Julien Bedel | Site metasploit.com

This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform remote code execution using a Powershell payload. It may require a few tries to get a shell because notifications are queued up on the server. This vulnerability affects versions prior to 18.2.39.

tags | exploit, remote, web, shell, code execution
advisories | CVE-2018-9276
MD5 | 60bd8795d3c06d9bcbf5158034587215
Micro Focus UCMDB Remote Code Execution
Posted Jan 28, 2021
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to exploit Operations Bridge Manager (containerized) and Application Performance Management.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2020-11853, CVE-2020-11854
MD5 | d8d775f401a0c6cf7e6ebc24e42124e5
Ubuntu Security Notice USN-4706-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4706-1 - Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header injection via a CORS ExposeHeader tag. An attacker could use this to gain access or cause a crash. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2020-10736, CVE-2020-10753, CVE-2020-25660
MD5 | bebf402244a4c2e679e813eb9b40b74c
Ubuntu Security Notice USN-4707-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4707-1 - It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-3139
MD5 | 588b2022e81f508eb24aaed4ec3251ce
Chamilo LMS 1.11.14 Cross Site Scripting
Posted Jan 28, 2021
Authored by Daniel Bishtawi | Site netsparker.com

Chamilo LMS version 1.11.14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1144116244ceb48d6c316973988e8116
Page 1 of 19
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close