what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2021-04-23

OpenSCAP Libraries 1.3.5
Posted Apr 23, 2021
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Added SCAP 1.3 source data stream Schematron. Added XML Signature Validation. Added --enforce-signature option for eval, guide, and fix modules. Added entity support (OVAL/yamlfilecontent). About a half dozen other additions along with a couple dozen bug fixes.
tags | protocol, library
systems | unix
SHA-256 | 7c3e540b757fe35de15f21a849f1afa4d3776ee3279276ada4ddd3506c3679c2
Ubuntu Security Notice USN-4925-1
Posted Apr 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4925-1 - Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to inject malicious content.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-28963
SHA-256 | 6ad6f608a285dacbd171aa3b9be8cc237c897d08f93bc06eae2531fcf9bbea12
Sipwise C5 NGCP CSC Cross Site Request Forgery
Posted Apr 23, 2021
Authored by LiquidWorm | Site zeroscience.mk

The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.

tags | exploit, web
advisories | CVE-2021-31584
SHA-256 | 7af65ecb81ce4b4c1a3d5b2e77c78c1b93a601f5b442985ac77bb97f00dc5731
Red Hat Security Advisory 2021-1342-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1342-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2021-3447
SHA-256 | c4c88e982d5950f25ad969831eb6d229715ff1c644687edcd83377d4672a933e
Sipwise C5 NGCP CSC Cross Site Scripting
Posted Apr 23, 2021
Authored by LiquidWorm | Site zeroscience.mk

Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.

tags | exploit, arbitrary, vulnerability, xss
advisories | CVE-2021-31583
SHA-256 | 3a637df610f4399d796b60fd154117f140f2a37f20b84a0e7e662794af91313a
Ubuntu Security Notice USN-4924-1
Posted Apr 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4924-1 - It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A remote attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15107, CVE-2019-14513
SHA-256 | 5d79f87d4be36dea5f66dea9fda219d5d8c0d61f0996c4485a733b8654240079
DzzOffice 2.02.1 Cross Site Scripting
Posted Apr 23, 2021
Authored by nu11secur1ty

DzzOffice version 2.02.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-3318
SHA-256 | a88898d34a0dd38bd0a624051e9d6708e30ca923f0b025646fcc6f58fb4ea499
Document Management System 1.0 SQL Injection / Remote Code Execution
Posted Apr 23, 2021
Authored by Richard Jones

Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.

tags | exploit, remote, web, shell, sql injection
SHA-256 | e8d80953b2ef01723266a3371f3a2c5a42156162d5474910c8ea7602487dd2d5
Red Hat Security Advisory 2021-1343-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1343-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2021-3447
SHA-256 | 12d754c66a3442b65d2c7fbe80fa2a7b6ea9d831b2555bbdc5c5ec3bf7000b9b
nfstream 6.3.1
Posted Apr 23, 2021
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Updated package requirements.
tags | tool, python
systems | unix
SHA-256 | b2176c1259975f9fcb8125315473d781b45a3954524f784527f3166d68dac708
Kerberoasting Guide
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This document covers all the basics of the Kerberoasting attack scenario.

tags | paper
SHA-256 | b1100054cd4edc0cd0e59268145f39abcbafebb328532a057a664c8d0aaf6292
Comprehensive Guide To FFUF
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This documents discusses using the ffuf tool, which stands for Fuzz Faster U Fool.

tags | paper
SHA-256 | 6eb50e642bf60986949377d3cf9480a50a174c8fad96ba2c4c26a7647052ca46
Comprehensive Guide On TShark
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This document is a guide on how to use tshark effectively to monitor and analyze traffic.

tags | paper
SHA-256 | b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670c
Wordlist Overview
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This is a brief whitepaper that discusses wordlists, where to get them, and when to use them.

tags | paper
SHA-256 | 89e78120ceaeb9a64b5808490e77eb00fad19d19fe3106904104df63dfb37a31
Red Hat Security Advisory 2021-1338-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1338-01 - Red Hat OpenShift Serverless 1.14.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-20305, CVE-2021-3114, CVE-2021-3115, CVE-2021-3449, CVE-2021-3450
SHA-256 | a30988ff66266b2db5f8acca7f2c0152290e88ca56893b70bb73ae89269755fb
Red Hat Security Advisory 2021-1339-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1339-01 - Red Hat OpenShift Serverless Client kn 1.14.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.14.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-3114, CVE-2021-3115
SHA-256 | 7ce92039022809796328e4385858549ac3d68877144fb8520c42a01a3e62a804
GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution
Posted Apr 23, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.

tags | exploit, remote, code execution, xss, csrf
SHA-256 | 41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556c
Moodle 3.10.3 Cross Site Scripting
Posted Apr 23, 2021
Authored by UVision

Moodle version 3.10.3 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Vincent666 ibn Winnie in March of 2021.

tags | exploit, xss
SHA-256 | 1fcd1fa3ec121b2c10c68e0cb6e78bbc8b44e1d20dc9503759b2beb14529f62f
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close