exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2021-05-18

Ubuntu Security Notice USN-4959-1
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4959-1 - It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-3522
SHA-256 | 64027c503141af1b1cc4273bdf7d24976a71da12930a164c10e61a97a88f2cde
rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution
Posted May 18, 2021
Authored by def

rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution.

tags | exploit, arbitrary, code execution
SHA-256 | 53d147513ee561cb82a3680a3f61c78345344512f153fa4c238018b7c6a94c95
Microsoft ACL Shortcomings
Posted May 18, 2021
Authored by Stefan Kanthak

The way Microsoft Windows implements file security appears to have some significant shortcomings.

tags | exploit
systems | windows
SHA-256 | 1a9d53b83691e86720f4c510191f9bc7a7352b1a697239a933f41958c7ec6982
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
Posted May 18, 2021
Authored by Harry Sintonen

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.

tags | exploit, web, arbitrary, local, csrf
SHA-256 | fb87f0499aef3335445d3f11dca696cc51f521e079a6ba1f2728e565105afbc1
NetMotion Mobility Server MvcUtil Java Deserialization
Posted May 18, 2021
Authored by mr_me, wvu | Site metasploit.com

This Metasploit module exploits an unauthenticated Java deserialization in the NetMotion Mobility server's MvcUtil.valueStringToObject() method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server versions 11.x before 11.73 and 12.x before 12.02 are vulnerable. Tested against 12.01.09045 on Windows Server 2016.

tags | exploit, java
systems | windows
advisories | CVE-2021-26914
SHA-256 | 98d5e63a61fd5e20065bed1c5d49729a43d215ca4759d51680b7ba3f830ad751
Faraday 3.15.0
Posted May 18, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Basic Auth support. Added support for GET method in websocket_tokens, POST will be deprecated in the future. Added CVSS(String), CWE(String), CVE(relationship) columns to vulnerability model and API. Added agent token's API says the renewal cycling duration. Improved database model to be able to delete workspaces fastly. Improved code style and uses (less flake8 exceptions, py3 super style, Flask app as singleton, etc). Modified workspaces' names regex to verify they cannot contain forward slash. Improved bulk create logs. Fixed schema breaking Marshmallow 3.11.0+. Updated UPD flask_security_too to version 4.0.0+.
tags | tool, rootkit
systems | unix
SHA-256 | fc742047d8b8d154de713b05afdfab501a45bddc800889ed88b0e78a2fbe9c46
Hashcat Advanced Password Recovery 6.2.1 Source Code
Posted May 18, 2021
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: For dependencies, they have updated unrar source from 5.9.4 to 6.0.5 and make unrar dependencies optional and disable hash-mode 23800 if dependency is disabled.
tags | tool, cracker
systems | unix
SHA-256 | 4994e9ee8ef050881d5c7986b2b95a3abf2114f79e4dbaa28a537f8e2ad5c93b
Hashcat Advanced Password Recovery 6.2.1 Binary Release
Posted May 18, 2021
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: For dependencies, they have updated unrar source from 5.9.4 to 6.0.5 and make unrar dependencies optional and disable hash-mode 23800 if dependency is disabled.
tags | tool, cracker
SHA-256 | d2b3c8f333c22cc4a021c916a95b8461e18d9c87103080fe06da247ae37cec80
Kernel Live Patch Security Notice LSN-0077-1
Posted May 18, 2021
Authored by Benjamin M. Romer

Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3492
SHA-256 | bdea505eb4fcf592e368d096a5525e292ae2730578fbf547edea57ce828b48fd
Ubuntu Security Notice USN-4958-1
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4958-1 - It was discovered that the Caribou onscreen keyboard could be made to crash when given certain input values. An attacker could use this to bypass screen-locking applications that support using Caribou as an input mechanism.

tags | advisory
systems | linux, ubuntu
SHA-256 | aa33ee0a5c3043c95727aaa77053e2a54fd308b5a6bbbf233db171c958ec0905
Ubuntu Security Notice USN-4957-1
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4957-1 - It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32490, CVE-2021-3500
SHA-256 | ee32859bc1adda632913374be4966d4e567e8fdb63373c8cc0fe87f772d9006b
Backdoor.Win32.Delf.aez MVID-2021-0217 Code Execution
Posted May 18, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Delf.aez malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | 8fbf0938ba6ecfeaf987ee90ac05df4c632debb888ae08b0ab0ede052e67b395
Microsoft Exchange 2019 Unauthenticated Email Download
Posted May 18, 2021
Authored by Gonzalo Villegas

Microsoft Exchange 2019 unauthenticated email download exploit.

tags | exploit, info disclosure
advisories | CVE-2021-26855
SHA-256 | 2af5b9bd138c45d1bf5e92b4e5613e7bcfec93e1c4d006a04b0fda8a6ae77f19
Ubuntu Security Notice USN-4957-2
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4957-2 - USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-32490, CVE-2021-3500
SHA-256 | 77454afd173ec1fba754b2ef20b14918cc97b61acbcc384684d6cbfeb20445a1
EgavilanMedia PHPCRUD 1.0 SQL Injection
Posted May 18, 2021
Authored by Dimitrios Mitakos

EgavilanMedia PHPCRUD version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ed2aa2a31bd825dacb6f05b8ce3fc02990a0c2165de41d9c688122ee1d3d1518
Backdoor.Win32.DarkMoon.a MVID-2021-0216 Insecure Transit
Posted May 18, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkMoon.a malware suffers from an insecure transit vulnerability.

tags | exploit
systems | windows
SHA-256 | 0b4c5a2771883478421fbfda474c4d8833546f552a547401fe973a14ecd0c8e3
Backdoor.Win32.DarkMoon.a MVID-2021-0215 Weak Hardcoded Password
Posted May 18, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkMoon.a malware suffers from having a weak hardcoded password.

tags | exploit
systems | windows
SHA-256 | e4147575d15c6a5282e550da5a507aa9333a398523d86f3ea68ed962a8052dcb
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close