exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2021-05-04

GravCMS 1.10.7 Remote Command Execution
Posted May 4, 2021
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of the administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system commands under the context of the web-server user.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2021-21425
MD5 | 63383ada747fab87a6ca9244ce96bf27
OpenDNSSEC 2.1.9
Posted May 4, 2021
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Prevented concurrency between C_Login/C_OpenSession and C_FindObject in PKCS#11 operations as some HSMs do not like this and the key may (transiently) not be available. Hardened the signing procedure to still sign zones for which there are unused keys specified in the signconf. These are included by the enforcer because there may be (outdated) signatures for them, but the signer doesn't need this reference anymore in 2.1. However this was left in for backwards compatibility (probably).
tags | tool
systems | unix
MD5 | eb7c966b372ae5c0ab29d20f077fb126
Shenzhen Skyworth RN510 Information Disclosure
Posted May 4, 2021
Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from an unauthenticated sensitive information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-25326
MD5 | 0b53bad554735a88788e329a6adbf84d
Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting
Posted May 4, 2021
Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2021-25327
MD5 | 0d022b1dd7b72a24278e196c54298f50
Ubuntu Security Notice USN-4935-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4935-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed access control. A local attacker could use this issue to cause a denial of service, expose sensitive information, or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed reference counting. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-1076, CVE-2021-1077
MD5 | 0c0bac2410d9243af4b9f3f472dfdf2f
Apple Security Advisory 2021-05-03-3
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-3 - watchOS 7.4.1 addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2021-30665
MD5 | 99ccbf016b73734b1b6cc11ee6424f31
Human Resource Information System 1.0 Authentication Bypass / Account Creation
Posted May 4, 2021
Authored by Richard Jones

Human Resource Information System version 1.0 suffers from an unauthenticated administrative account creation vulnerability.

tags | exploit, bypass
MD5 | 41eb1d3fba6ea3d4ddbbc36358daf7ad
Shenzhen Skyworth RN510 Buffer Overflow
Posted May 4, 2021
Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from a buffer overflow vulnerability that allows for remote code execution.

tags | exploit, remote, overflow, code execution
advisories | CVE-2021-25328
MD5 | c76a4953a5d03547fa6bba3ff4b8836f
Apple Security Advisory 2021-05-03-4
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-4 - macOS Big Sur 11.3.1 addresses code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2021-30663, CVE-2021-30665
MD5 | d0ff0760d53f2d697a10897f9f169763
Apple Security Advisory 2021-05-03-1
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-1 - iOS 14.5.1 and iPadOS 14.5.1 addresses code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2021-30663, CVE-2021-30665
MD5 | a8a4944ad26eb954c1cb9c551ceb39d3
Apple Security Advisory 2021-05-03-2
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-2 - iOS 12.5.3 addresses buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, CVE-2021-30666
MD5 | 82523f50ed01be666ae29e54a3e854f7
Ubuntu Security Notice USN-4934-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4934-1 - It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-28007, CVE-2020-28011, CVE-2020-28015, CVE-2020-28019, CVE-2020-28023, CVE-2021-27216
MD5 | 00c0c984699824e4a280630e72347901
Ubuntu Security Notice USN-4932-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4932-1 - It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-31542
MD5 | e30dd2745c21882baa62f2cb57551cf5
Internship Portal Management System 1.0 Shell Upload
Posted May 4, 2021
Authored by argenestel

Internship Portal Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 0e64d22b012cb716290ae978805da036
Ubuntu Security Notice USN-4933-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4933-1 - It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that OpenVPN incorrectly handled deferred authentication. When a server is configured to use deferred authentication, a remote attacker could possibly use this issue to bypass authentication and access control channel data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-11810, CVE-2020-15078
MD5 | 278580c58157ac4cc5649f55cf55cd6c
Ubuntu Security Notice USN-4918-3
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4918-3 - USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-1252, CVE-2021-1404, CVE-2021-1405
MD5 | e435467cea207fd68953d4d4f876a6f5
Ubuntu Security Notice USN-4931-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4931-1 - Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2021-20254
MD5 | 286abb281e576ae65c0aec49bfe9eddc
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close