exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2021-05-12

Windows Container Manager Service CmsRpcSrv_MapNamedPipeToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31167
SHA-256 | a5a7b8a6d4d3bd869fe815693a71e3b3b160d9b0acd588ad9dce491050248edb
ExifTool DjVu ANT Perl Injection
Posted May 12, 2021
Authored by Justin Steven, William Bowling | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.

tags | exploit, shell, perl
advisories | CVE-2021-22204
SHA-256 | 6faaab2f2450fabd11bd922db38c56424cff69369eb7b6d4c402f570e3a96b13
Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31169
SHA-256 | 08b62d49ff9505e1affc60bfb3367e9f2636ae2e993c5a51f8abbccdae306e0f
Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31168
SHA-256 | 879e3f4ead07a6f0c0ca5da047994fe7b3ffb02391288f7bf38a0d4568aaee88
Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2021-31165
SHA-256 | 66a7b4179cd5c55e74f86503906a67a0fa110323561936f3ee59ec7929362af3
Backdoor.Win32.Delf.zho MVID-2021-0205 Authentication Bypass / Code Execution
Posted May 12, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
SHA-256 | 9f8eb9e0c65e12517c66e94696388fbe7736219740a7b25e3dd554f79dbbf15c
Red Hat Security Advisory 2021-1547-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1547-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31204
SHA-256 | 87f6a7156fd56c8b68fc56a44203edb1b4f2f3f7fc05c5c6eff9ff29c2e8016d
Red Hat Security Advisory 2021-1546-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1546-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31204
SHA-256 | 475dc2f9f672ee6ada56f5c8160bf925dbb9935918ba4e7a65e8749e9398a11e
Ubuntu Security Notice USN-4951-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4951-1 - Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-21381
SHA-256 | 0a23b56d1081ab2204a99d50c0d34c135491bf42cf34c1c9d5130145a1870e60
Ubuntu Security Notice USN-4949-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4949-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25639, CVE-2021-26930, CVE-2021-26931, CVE-2021-28375, CVE-2021-29264, CVE-2021-29265, CVE-2021-29266, CVE-2021-29646, CVE-2021-29650, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
SHA-256 | 76d964fe9c27085f6742f1876c549a9562042eb085a4203978ffafc9d5a92ddc
Ubuntu Security Notice USN-4948-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4948-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25670, CVE-2021-28688, CVE-2021-28951, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29264, CVE-2021-29266, CVE-2021-29646, CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-29657, CVE-2021-31916, CVE-2021-3483, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
SHA-256 | 957eb73e74d19d4c62c7116de0b476cf551491d297e087fb9602eff91b7ee985
Ubuntu Security Notice USN-4950-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4950-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
SHA-256 | f703c719697ff87020df10163da73587499d3cda884cdd896c4cff9f26e9dda3
Red Hat Security Advisory 2021-1544-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1544-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3495
SHA-256 | d7e7b432ecf9d20c8ff9eabd7574cc975e16cc4417c0e83bdb4d9c66a7952f47
Red Hat Security Advisory 2021-1540-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-29492, CVE-2021-31920
SHA-256 | f83109078c832d4f6f26087264a3cf0bf39c4bda7cf213a25d62f51bf0b6edaa
Chevereto 3.17.1 Cross Site Scripting
Posted May 12, 2021
Authored by Akiner Kisa

Chevereto version 3.17.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cc636e3b5c72172eafa06b92135a8fbc456e816bb5150f9e522280988c878f59
Red Hat Security Advisory 2021-1538-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1538-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-29492, CVE-2021-31920
SHA-256 | e182ffcdeb1e085f9bf35f024dced52ec6a0badf0f3d85dd52eb8c2e896d20d1
Ubuntu Security Notice USN-4947-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4947-1 - Kiyin discovered that the x25 implementation in the Linux kernel contained overflows when handling addresses from user space. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-35519, CVE-2021-28375, CVE-2021-29646, CVE-2021-29650, CVE-2021-30002
SHA-256 | 0f3c9901fe7cb2bad1e41c261c51e0aa55d62c3d6c70d8302e4c8c01946ccb92
Ubuntu Security Notice USN-4946-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4946-1 - It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schoenherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-20292, CVE-2021-26930, CVE-2021-26931, CVE-2021-28038, CVE-2021-28688, CVE-2021-29264, CVE-2021-29265, CVE-2021-29650, CVE-2021-30002
SHA-256 | 9dc6b159df273d7bcc3668b236d471f14d62790286458313509fbc9eb23c7579
Ubuntu Security Notice USN-4945-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4945-1 - It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service. Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25639, CVE-2021-28038, CVE-2021-28375, CVE-2021-28660, CVE-2021-29265, CVE-2021-29650, CVE-2021-30002
SHA-256 | 5a76cc7c1c429c2a4eb7effc9105b11c6e36caf111681662c6bd8c168d7e4181
Android NFC nfa_rw_sys_disable Type Confusion
Posted May 12, 2021
Authored by Google Security Research, nedwill

Android NFC suffers from a type confusion vulnerability in nfa_rw_sys_disable.

tags | exploit
SHA-256 | 7a12df472496a0e739a7d1979be71fa941ec278836bae496a8bfd948c0899ca3
Odoo 12.0.20190101 Unquoted Service Path
Posted May 12, 2021
Authored by 1F98D

Odoo version 12.0.20190101 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 469df8497a4e7de028d861d23a77481ee88f1eec8fd644fb09ea4107b5e9674a
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close