exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2021-05-27

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).

tags | exploit
advisories | CVE-2021-33216
SHA-256 | f6519f57eed331c93ca5644c3a83e240cb6fe2ee50133663e8ee3dad642af551
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.

tags | exploit, web, local
advisories | CVE-2021-33217
SHA-256 | ab0f31561d42610f5ba5969c33fa30d3f807865c8f1eaac846a5b376b04319c7
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.

tags | exploit, web, python
advisories | CVE-2021-33215
SHA-256 | 671f09dc7253e2fd4b96a2bd934c4db733ea5c114369ba82a1d81b35d72836f3
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.

tags | exploit, web
advisories | CVE-2021-33219
SHA-256 | 2486beac57efb14715dc2756e1ddce5fd0beb0268fa52ef3547894a1a7be04a5
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33218
SHA-256 | df1716ceee1afc4991054f7d3e009a901d7b28289e89a2bebb461c0a64b3b1d9
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33220
SHA-256 | b4f5b79b878528d1365915db1dfcf08d2ea164bfda75ebc9baab1499e553cb33
CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller.

tags | exploit
advisories | CVE-2021-33221
SHA-256 | a8546049f222180c6bd593bbd28ea7a598ba7bbcd08ac8c48b4f8ac76357ba7c
Ubuntu Security Notice USN-4969-2
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4969-2 - USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-25217
SHA-256 | e9cc2d12e74cf591ba5ef27f62ce025cf56eca8cf710a2e58d5e1102895452d6
Ubuntu Security Notice USN-4969-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4969-1 - Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-25217
SHA-256 | be06ea6c2a98df3627755ff70eeb0760f093153455bffd6255cef51b438c3d29
Red Hat Security Advisory 2021-2139-01
Posted May 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2139-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-10771, CVE-2020-26258, CVE-2020-26259, CVE-2021-21290, CVE-2021-21295, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-21409, CVE-2021-31917
SHA-256 | 26b79e23d99e81d46adcd853630427afc565a8681dad9bf539101220d92dd7b9
Gentoo Linux Security Advisory 202105-39
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-39 - Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. Versions less than 14.2.21 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10753, CVE-2020-1759, CVE-2020-1760, CVE-2020-25660, CVE-2020-25678, CVE-2020-27781, CVE-2021-20288
SHA-256 | 7ab3522f846f6a648172b2520a0ceaea2ea557ede4081b724f6d25d68464c1a9
Red Hat Security Advisory 2021-2136-01
Posted May 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2136-01 - An Openshift Logging bug fix release addresses an index validation issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2019-13012, CVE-2019-18811, CVE-2019-19523, CVE-2019-19528, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-0431, CVE-2020-10543, CVE-2020-10878, CVE-2020-11608, CVE-2020-12114, CVE-2020-12362, CVE-2020-12464, CVE-2020-13434, CVE-2020-13543, CVE-2020-13584, CVE-2020-13776, CVE-2020-14314, CVE-2020-14344, CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14356, CVE-2020-14360
SHA-256 | 8f9746dfa68f5ebe03798d9f8686052c21773b749d26577fe45138585199782b
Ubuntu Security Notice USN-4968-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
SHA-256 | 836e6f2c1fadbf1f7e75b0617c9bff905779ac807e186968f98c72a2f7cf62a7
Gentoo Linux Security Advisory 202105-38
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-23017
SHA-256 | 20572af334a8f1e1ee046ba9e037e28de9c8585c3e1753cd1216bebc3019b5be
Pandora FMS 6.0SP3 Cross Site Scripting
Posted May 27, 2021
Authored by nu11secur1ty

Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-0527
SHA-256 | 3b6f367e28fda80ee9013841f4548d6f8dac15f5ef5c2407f7565d83c29588af
QT PNG ICC Processing Out-Of-Bounds Read
Posted May 27, 2021
Authored by Google Security Research, natashenka

The QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially allow an attacker to determine values in memory based on the QImage pixels, if QT is used to process untrusted images.

tags | exploit
SHA-256 | f89e3b09d6fb627d5b5269e3b5d3b0c770cd2aefc3bbd97c7b659ae459e07be2
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
Posted May 27, 2021
Authored by Debshubra Chakraborty

Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.

tags | exploit, local, javascript, xss, file inclusion
advisories | CVE-2021-33570
SHA-256 | a50f986fffa593ec901590f6e7af89c7caa33805339e420f6058a47850eb4854
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close