what you don't know can hurt you
Showing 1 - 25 of 34 RSS Feed

Files Date: 2021-03-15

ExpressionEngine 6.0.2 PHP Code Injection
Posted Mar 15, 2021
Authored by EgiX | Site karmainsecurity.com

ExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.

tags | exploit, php
advisories | CVE-2021-27230
MD5 | ef038368400297010e360e1916e2d2fe
Hydra Network Logon Cracker 9.2
Posted Mar 15, 2021
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Fix for http-post-form optional parameters. Enabled gcc 10 support for xhydra. IPv6 support for Host: header for http based modules. Various other updates.
tags | tool, web, imap
systems | cisco, unix
MD5 | 7bd30001cd11ba535f0d0f083a45bce3
VoIPmonitor 27.6 Buffer Overflow
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function save_packet_sql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line VoIPmonitor will trigger a buffer overflow.

tags | exploit, overflow
MD5 | fa1abfe56427c745d11764938e154f09
VoIPmonitor 27.5 Missing Memory Protections
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

Static binaries provided for VoIPmonitor version2 7.5 are built without any memory corruption protection in place.

tags | exploit
MD5 | 09ac3f424c1b38dd778fb7800b626973
macOS CoreGraphics Integer Overflow / Out-Of-Bounds Write
Posted Mar 15, 2021
Authored by Ivan Fratric, Google Security Research

CoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.

tags | exploit
advisories | CVE-2021-1776
MD5 | e9e23aad1bac7d9d3a5382c82a4cc581
Online News Portal 1.0 Cross Site Scripting
Posted Mar 15, 2021
Authored by Richard Jones

Online News Portal version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version was made by Parshwa Bhavsar in December of 2020.

tags | exploit, xss
MD5 | 0f0e0a10ae24c3bcd595e3a8020eed20
Online News Portal 1.0 SQL Injection
Posted Mar 15, 2021
Authored by Richard Jones

Online News Portal version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3bf5687ba7fe4f4e22cd4827e3e88296
Trojan.Win32.Siscos.bqe Insecure Permissions
Posted Mar 15, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Siscos.bqe malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | 85bafb1816bdbd686e493162a468df8f
Ubuntu Security Notice USN-4764-1
Posted Mar 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4764-1 - It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-28153
MD5 | 6f8491496f4f4196b8a9436b8e3cfd0f
Red Hat Security Advisory 2021-0831-01
Posted Mar 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0831-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-22883, CVE-2021-22884
MD5 | e4f76ec6cf5d25f7912b627f5880dffb
Red Hat Security Advisory 2021-0830-01
Posted Mar 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-22883, CVE-2021-22884
MD5 | e48bc69e2cdfde32b4069248f6d31869
Red Hat Security Advisory 2021-0827-01
Posted Mar 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0827-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and resource exhaustion vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-22883, CVE-2021-22884
MD5 | 8eca4f2c7dd986de75875e576747b15d
SonLogger 4.2.3.3 Shell Upload
Posted Mar 15, 2021
Authored by Berkan Er | Site metasploit.com

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2021-27964
MD5 | 0593a294d2d56ed9398dbcfc8185421a
SonLogger 4.2.3.3 SuperAdmin Account Creation / Information Disclosure
Posted Mar 15, 2021
Authored by Berkan Er

SonLogger version 4.2.3.3 suffers from SuperAdmin account creation and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
MD5 | 8806dd400e250abdca315cbc2505eb7b
Windows Server 2012 SrClient DLL Hijacking
Posted Mar 15, 2021
Authored by Erik Wynter | Site metasploit.com

All editions of Windows Server 2012 (but not 2012 R2) are vulnerable to DLL hijacking due to the way TiWorker.exe will try to call the non-existent SrClient.dll file when Windows Update checks for updates. This issue can be leveraged for privilege escalation if %PATH% includes directories that are writable by low-privileged users. The attack can be triggered by any low-privileged user and does not require a system reboot. This module has been successfully tested on Windows Server 2012 (x64).

tags | exploit
systems | windows
MD5 | c4ac29a19692bb467138f3a9bd636a4e
VoIPmonitor WEB GUI 24.55 Cross Site Scripting
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

VoIPmonitor WEB GUI versions 24.53, 24.54, and 24.55 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | ac76c2187f9e21890054c0b65e433b84
Red Hat Security Advisory 2021-0835-01
Posted Mar 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0835-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-27827, CVE-2020-35498
MD5 | d9eeb2a81fe87cc5ad5a0ab1da2054ac
Interactive Suite 3.6 Unquoted Service Path
Posted Mar 15, 2021
Authored by Luis Martinez

Interactive Suite version 3.6 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 972fb8c2a59e916ce3ac5b8bb0ad5229
Privilege Escalation Automated Script Linux And Windows
Posted Mar 15, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This whitepaper acts as a cheatsheet for methodologies to apply with Linux and Windows privilege escalation.

tags | paper
systems | linux, windows
MD5 | f52f2b4ffa54c7f1bdea4d0eea2b224f
eBeam Education Suite 2.5.0.9 Unquoted Service Path
Posted Mar 15, 2021
Authored by Luis Martinez

eBeam Education Suite version 2.5.0.9 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | e3b6af9d7e9f0de5da8c0d9c05aadca9
Red Hat Security Advisory 2021-0837-01
Posted Mar 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0837-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-27827, CVE-2020-35498
MD5 | 0df8626401d0aed2cef55c7f460e6830
Realtek Wireless LAN Utility 700.1631 Unquoted Service Path
Posted Mar 15, 2021
Authored by Luis Martinez

Realtek Wireless LAN Utility version 700.1631 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 1a9e9f090395d6e8db0e5fa46b89bc80
Trojan.Win32.Scar.dxir Insecure Permissions
Posted Mar 15, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Scar.dxir malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | 6db638e66d95d9f7ac1a5c00848066da
Trojan-Dropper.Win32.Delf.xk Denial Of Service
Posted Mar 15, 2021
Authored by malvuln | Site malvuln.com

Trojan-Dropper.Win32.Delf.xk malware suffers from a denial of service vulnerability.

tags | exploit, denial of service, trojan
systems | windows
MD5 | b18ba68061c38e122ed1484e9fd58934
Red Hat Security Advisory 2021-0834-01
Posted Mar 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0834-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-27827, CVE-2020-35498
MD5 | 34d92c884d711e46b4dacae8ba858178
Page 1 of 2
Back12Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close