what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2021-05-04

GravCMS 1.10.7 Remote Command Execution
Posted May 4, 2021
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of the administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system commands under the context of the web-server user.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2021-21425
SHA-256 | 98b7fd4e5a9eac0e57bc304d77db3533d90d58846a9eac785a65d9954b59c324
OpenDNSSEC 2.1.9
Posted May 4, 2021
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Prevented concurrency between C_Login/C_OpenSession and C_FindObject in PKCS#11 operations as some HSMs do not like this and the key may (transiently) not be available. Hardened the signing procedure to still sign zones for which there are unused keys specified in the signconf. These are included by the enforcer because there may be (outdated) signatures for them, but the signer doesn't need this reference anymore in 2.1. However this was left in for backwards compatibility (probably).
tags | tool
systems | unix
SHA-256 | 6d1d466c8d7f507f3e665f4bfe4d16a68d6bff9d7c2ab65f852e2b2a821c28b5
Shenzhen Skyworth RN510 Information Disclosure
Posted May 4, 2021
Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from an unauthenticated sensitive information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-25326
SHA-256 | 7f26e9706a9282668f82475d29e2552e812bbb3bd068893eb424f30e0d699c6d
Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting
Posted May 4, 2021
Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2021-25327
SHA-256 | 70d4b29f86b8a386559ce1885039111a11ce3147edcb6cc01fd5a7adda137f43
Ubuntu Security Notice USN-4935-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4935-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed access control. A local attacker could use this issue to cause a denial of service, expose sensitive information, or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed reference counting. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-1076, CVE-2021-1077
SHA-256 | 66292e0f8f48dd5fcf00777624e047ca88f5c3b564e94b9cb89ce8ad10c36097
Apple Security Advisory 2021-05-03-3
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-3 - watchOS 7.4.1 addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2021-30665
SHA-256 | a74f3adab91e01c9e0fefff367eb1ef99467c5782e36af622056c249aed8cb9d
Human Resource Information System 1.0 Authentication Bypass / Account Creation
Posted May 4, 2021
Authored by Richard Jones

Human Resource Information System version 1.0 suffers from an unauthenticated administrative account creation vulnerability.

tags | exploit, bypass
SHA-256 | 1b0dd56635d0d8f821976130f5de798c4be825648db67637f218d558e70f089f
Shenzhen Skyworth RN510 Buffer Overflow
Posted May 4, 2021
Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from a buffer overflow vulnerability that allows for remote code execution.

tags | exploit, remote, overflow, code execution
advisories | CVE-2021-25328
SHA-256 | 93aaa64937baf7f896bc583390423bd6be7254ef45979a7f1e67273873d3d9df
Apple Security Advisory 2021-05-03-4
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-4 - macOS Big Sur 11.3.1 addresses code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2021-30663, CVE-2021-30665
SHA-256 | df4b217a42eb1709c37d7e207215b3b9cd5b3aa6bcb1b3e21cb55d9d9d2b4199
Apple Security Advisory 2021-05-03-1
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-1 - iOS 14.5.1 and iPadOS 14.5.1 addresses code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2021-30663, CVE-2021-30665
SHA-256 | b1a661a45f1863e924bf0c47826de3b86311fedc34670dcc402e1ace89948b08
Apple Security Advisory 2021-05-03-2
Posted May 4, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-05-03-2 - iOS 12.5.3 addresses buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, CVE-2021-30666
SHA-256 | 1d5a75dc27a28759dbf63369d390f34a2c5c7d4314ce9ba194e493853c60cf9c
Ubuntu Security Notice USN-4934-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4934-1 - It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-28007, CVE-2020-28011, CVE-2020-28015, CVE-2020-28019, CVE-2020-28023, CVE-2021-27216
SHA-256 | 8b9f1909e4ebf0423b58a94fe51018e3a1d36c06cc7fa8c878d3f560bcdc58cf
Ubuntu Security Notice USN-4932-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4932-1 - It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-31542
SHA-256 | 9e394c0ef18e3526d93584653234e8977f25e52da7f93398b990bb67757cd0f6
Internship Portal Management System 1.0 Shell Upload
Posted May 4, 2021
Authored by argenestel

Internship Portal Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | a26e07c3c15a7e99b5879614246345b3ac6c2054fadbb7ac46f7d54e552cade0
Ubuntu Security Notice USN-4933-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4933-1 - It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that OpenVPN incorrectly handled deferred authentication. When a server is configured to use deferred authentication, a remote attacker could possibly use this issue to bypass authentication and access control channel data. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-11810, CVE-2020-15078
SHA-256 | 2825529c6f1bdef2f73c5ea9bd787acc906039796b1d72be689bb5b5d0bb35b0
Ubuntu Security Notice USN-4918-3
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4918-3 - USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-1252, CVE-2021-1404, CVE-2021-1405
SHA-256 | ed60554d508a7c7a87ddb183605063a427e62623b027d35d606782879b133604
Ubuntu Security Notice USN-4931-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4931-1 - Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2021-20254
SHA-256 | c018d6cadb1b0077576c936467d8f98c41592292610ed1d41f0ef94abcf75c25
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close