what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2021-04-23

OpenSCAP Libraries 1.3.5
Posted Apr 23, 2021
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Added SCAP 1.3 source data stream Schematron. Added XML Signature Validation. Added --enforce-signature option for eval, guide, and fix modules. Added entity support (OVAL/yamlfilecontent). About a half dozen other additions along with a couple dozen bug fixes.
tags | protocol, library
systems | unix
MD5 | 4725085cd876c952ca15de48b0bc340c
Ubuntu Security Notice USN-4925-1
Posted Apr 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4925-1 - Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to inject malicious content.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-28963
MD5 | 13a1ab40c56cb3dce53cf089a12cd778
Sipwise C5 NGCP CSC Cross Site Request Forgery
Posted Apr 23, 2021
Authored by LiquidWorm | Site zeroscience.mk

The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.

tags | exploit, web
advisories | CVE-2021-31584
MD5 | e7d898fb2b62a3d6bc51dbf8df132928
Red Hat Security Advisory 2021-1342-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1342-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2021-3447
MD5 | d5925904ba1c6f4d35bd31628bcb2345
Sipwise C5 NGCP CSC Cross Site Scripting
Posted Apr 23, 2021
Authored by LiquidWorm | Site zeroscience.mk

Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.

tags | exploit, arbitrary, vulnerability, xss
advisories | CVE-2021-31583
MD5 | e8a251a6a3bb2fbde253ad48c129475c
Ubuntu Security Notice USN-4924-1
Posted Apr 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4924-1 - It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A remote attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15107, CVE-2019-14513
MD5 | db00955d289374c9798d90f9935b94d7
DzzOffice 2.02.1 Cross Site Scripting
Posted Apr 23, 2021
Authored by nu11secur1ty

DzzOffice version 2.02.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-3318
MD5 | 715e41529e9d4cf160baa21e55e43f73
Document Management System 1.0 SQL Injection / Remote Code Execution
Posted Apr 23, 2021
Authored by Richard Jones

Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.

tags | exploit, remote, web, shell, sql injection
MD5 | ce95bb6aee806602e2a432244244b16a
Red Hat Security Advisory 2021-1343-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1343-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2021-3447
MD5 | bf2f65bc3d37b1f9e5449f5508720479
nfstream 6.3.1
Posted Apr 23, 2021
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Updated package requirements.
tags | tool, python
systems | unix
MD5 | 164192cf588a34eafd0b3a16210abc50
Kerberoasting Guide
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This document covers all the basics of the Kerberoasting attack scenario.

tags | paper
MD5 | 5199b5287830740b414393f88088412c
Comprehensive Guide To FFUF
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This documents discusses using the ffuf tool, which stands for Fuzz Faster U Fool.

tags | paper
MD5 | ec812c323692f9b5a1c3a2e91d9a9044
Comprehensive Guide On TShark
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This document is a guide on how to use tshark effectively to monitor and analyze traffic.

tags | paper
MD5 | b40c4dfc24b53d2c919dd683e5071655
Wordlist Overview
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This is a brief whitepaper that discusses wordlists, where to get them, and when to use them.

tags | paper
MD5 | fe2c4f9e82dec7e0f4c8b33e49d5612d
Red Hat Security Advisory 2021-1338-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1338-01 - Red Hat OpenShift Serverless 1.14.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-20305, CVE-2021-3114, CVE-2021-3115, CVE-2021-3449, CVE-2021-3450
MD5 | 3244325c0661b13de70799a1be560562
Red Hat Security Advisory 2021-1339-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1339-01 - Red Hat OpenShift Serverless Client kn 1.14.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.14.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-3114, CVE-2021-3115
MD5 | 72426b19a3c9fcf1159b5d09f178a2de
GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution
Posted Apr 23, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.

tags | exploit, remote, code execution, xss, csrf
MD5 | 931e4a8e898c36150bfb22c1e2de3963
Moodle 3.10.3 Cross Site Scripting
Posted Apr 23, 2021
Authored by UVision

Moodle version 3.10.3 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Vincent666 ibn Winnie in March of 2021.

tags | exploit, xss
MD5 | 702e13c9737c10b10cd2c43d2d24ce46
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close