exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2021-05-18

Ubuntu Security Notice USN-4959-1
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4959-1 - It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-3522
MD5 | 46764bac3f4089d58b431e5476ffcbbc
rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution
Posted May 18, 2021
Authored by def

rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution.

tags | exploit, arbitrary, code execution
MD5 | 63c3c3129c35910eb154dc9415543d1a
Microsoft ACL Shortcomings
Posted May 18, 2021
Authored by Stefan Kanthak

The way Microsoft Windows implements file security appears to have some significant shortcomings.

tags | exploit
systems | windows
MD5 | 0d3640efe8dc92c27c1e0779437c04e5
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
Posted May 18, 2021
Authored by Harry Sintonen

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.

tags | exploit, web, arbitrary, local, csrf
MD5 | 98ee3c714b4d18ccc96303b7d9d6788e
NetMotion Mobility Server MvcUtil Java Deserialization
Posted May 18, 2021
Authored by mr_me, wvu | Site metasploit.com

This Metasploit module exploits an unauthenticated Java deserialization in the NetMotion Mobility server's MvcUtil.valueStringToObject() method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server versions 11.x before 11.73 and 12.x before 12.02 are vulnerable. Tested against 12.01.09045 on Windows Server 2016.

tags | exploit, java
systems | windows
advisories | CVE-2021-26914
MD5 | 099e5d37c98e486066b89c7cb042e100
Faraday 3.15.0
Posted May 18, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Basic Auth support. Added support for GET method in websocket_tokens, POST will be deprecated in the future. Added CVSS(String), CWE(String), CVE(relationship) columns to vulnerability model and API. Added agent token's API says the renewal cycling duration. Improved database model to be able to delete workspaces fastly. Improved code style and uses (less flake8 exceptions, py3 super style, Flask app as singleton, etc). Modified workspaces' names regex to verify they cannot contain forward slash. Improved bulk create logs. Fixed schema breaking Marshmallow 3.11.0+. Updated UPD flask_security_too to version 4.0.0+.
tags | tool, rootkit
systems | unix
MD5 | 0f2742dc232ae2029a528b6a776cb083
Hashcat Advanced Password Recovery 6.2.1 Source Code
Posted May 18, 2021
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: For dependencies, they have updated unrar source from 5.9.4 to 6.0.5 and make unrar dependencies optional and disable hash-mode 23800 if dependency is disabled.
tags | tool, cracker
systems | unix
MD5 | 336023f22b300052db1a323ed335ce75
Hashcat Advanced Password Recovery 6.2.1 Binary Release
Posted May 18, 2021
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: For dependencies, they have updated unrar source from 5.9.4 to 6.0.5 and make unrar dependencies optional and disable hash-mode 23800 if dependency is disabled.
tags | tool, cracker
MD5 | b91596649ddb9081af8537f987e315db
Kernel Live Patch Security Notice LSN-0077-1
Posted May 18, 2021
Authored by Benjamin M. Romer

Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3492
MD5 | 11f882d05f16be2e019af1cb83ac015b
Ubuntu Security Notice USN-4958-1
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4958-1 - It was discovered that the Caribou onscreen keyboard could be made to crash when given certain input values. An attacker could use this to bypass screen-locking applications that support using Caribou as an input mechanism.

tags | advisory
systems | linux, ubuntu
MD5 | c81e7b9ee4e91eac8cf1f03d9322c00b
Ubuntu Security Notice USN-4957-1
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4957-1 - It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32490, CVE-2021-3500
MD5 | b3699bff4412fe226018362d92dd021a
Backdoor.Win32.Delf.aez Code Execution
Posted May 18, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Delf.aez malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
MD5 | c4163c2cc7205db94a942eeaf1383559
Microsoft Exchange 2019 Unauthenticated Email Download
Posted May 18, 2021
Authored by Gonzalo Villegas

Microsoft Exchange 2019 unauthenticated email download exploit.

tags | exploit, info disclosure
advisories | CVE-2021-26855
MD5 | 38fb98664e2b38a6b3aea74819d024c1
Ubuntu Security Notice USN-4957-2
Posted May 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4957-2 - USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-32490, CVE-2021-3500
MD5 | cf988c8ed1917d3200ef7fa9990c8d75
EgavilanMedia PHPCRUD 1.0 SQL Injection
Posted May 18, 2021
Authored by Dimitrios Mitakos

EgavilanMedia PHPCRUD version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1f7d692db78a547cdcca9b8720f06f81
Backdoor.Win32.DarkMoon.a Insecure Transit
Posted May 18, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkMoon.a malware suffers from an insecure transit vulnerability.

tags | exploit
systems | windows
MD5 | bcdf0f1a03350157f963f0ec97ce318e
Backdoor.Win32.DarkMoon.a Weak Hardcoded Password
Posted May 18, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkMoon.a malware suffers from having a weak hardcoded password.

tags | exploit
systems | windows
MD5 | 3704cc3ab61c72278be16f83c1e41ba8
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close