what you don't know can hurt you
Showing 1 - 25 of 161 RSS Feed

Files Date: 2021-05-01 to 2021-05-31

Internet Explorer jscript9.dll Memory Corruption
Posted May 13, 2021
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2021-26419
MD5 | 50dcfd05a094914cf819e98d3f2de507
Ubuntu Security Notice USN-4952-1
Posted May 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4952-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2146, CVE-2021-2166, CVE-2021-2172, CVE-2021-2194, CVE-2021-2208, CVE-2021-2226, CVE-2021-2293, CVE-2021-2301, CVE-2021-2308
MD5 | 0d0227bf3d91b0c638d82a4eb8dfac04
Ubuntu Security Notice USN-4932-2
Posted May 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4932-2 - USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-31542
MD5 | 154fb54d376a39328dac652b07c44eee
Firefox 72 IonMonkey JIT Type Confusion
Posted May 13, 2021
Authored by deadlock

Firefox 72 IonMonkey JIT type confusion exploit.

tags | exploit
advisories | CVE-2019-17026
MD5 | 7a96469356a9cfa5498f5fb7edfb4a08
ScadaBR 1.0 / 1.1CE Windows Shell Upload
Posted May 13, 2021
Authored by Fellipe Oliveira

ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.

tags | exploit, shell
systems | windows
advisories | CVE-2021-26828
MD5 | 04c215bbe62a07fd802ce382554daf46
Microsoft Internet Explorer 8/11 Use-After-Free
Posted May 13, 2021
Authored by deadlock

Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.

tags | exploit
advisories | CVE-2020-0674
MD5 | f762d7cc3b848be95e980dbf64f8fd46
ScadaBR 1.0 / 1.1CE Linux Shell Upload
Posted May 13, 2021
Authored by Fellipe Oliveira

ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.

tags | exploit, shell
systems | linux
advisories | CVE-2021-26828
MD5 | 3ad6c1b0c4cf0a0d3c8de295a42f4340
OpenPLC WebServer 3 Remote Code Execution
Posted May 13, 2021
Authored by Fellipe Oliveira

OpenPLC WebServer version 3 authentication remote code execution exploit.

tags | exploit, remote, code execution
MD5 | b43b406cdd773e40446d95720bd60c23
Dental Clinic Appointment Reservation System 1.0 SQL Injection
Posted May 13, 2021
Authored by Mesut Cetin

Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.

tags | exploit, remote, vulnerability, sql injection
MD5 | 590039c72fd98d00add5038df52eb7a0
ZeroShell 3.9.0 Remote Command Execution
Posted May 13, 2021
Authored by Fellipe Oliveira

ZeroShell version 3.9.0 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2019-12725
MD5 | 6136d89b624e83529112cda72e8b9e5e
Packet Fence 10.3.0
Posted May 13, 2021
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: New features include Static routes management via admin gui, Aruba CX support, Aruba 2930M Web Authentication and Dynamic ACL support, Meraki DPSK support, Ruckus DPSK support, and more.
tags | tool, remote
systems | unix
MD5 | 95203f2b8e1b9385f5e0ab7343853d97
Windows Container Manager Service CmsRpcSrv_MapNamedPipeToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31167
MD5 | 970b0826e9c53e62fb981f362a8095f7
ExifTool DjVu ANT Perl Injection
Posted May 12, 2021
Authored by Justin Steven, William Bowling | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.

tags | exploit, shell, perl
advisories | CVE-2021-22204
MD5 | 1fba1ff491cb6bf069766f65d4437c6e
Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31169
MD5 | ad4654c8ed7054c3225224811ba94b15
Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31168
MD5 | ae8247dda745d9d8d6c85bfb03878028
Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2021-31165
MD5 | 12c1abb8e71fc62e306c9bc1dea254d3
Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution
Posted May 12, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
MD5 | 487f9e14ba262dfab66e64b94678938b
Red Hat Security Advisory 2021-1547-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1547-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31204
MD5 | 9aa89665d28bb59a368afadc3a68d399
Red Hat Security Advisory 2021-1546-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1546-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31204
MD5 | 5e6fe05beeaaa271b5d93ccb0be57176
Ubuntu Security Notice USN-4951-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4951-1 - Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-21381
MD5 | 2a831326281e4053b358126024f846a4
Ubuntu Security Notice USN-4949-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4949-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25639, CVE-2021-26930, CVE-2021-26931, CVE-2021-28375, CVE-2021-29264, CVE-2021-29265, CVE-2021-29266, CVE-2021-29646, CVE-2021-29650, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
MD5 | 46b90aa11862dc0daecfda0276fbf1cd
Ubuntu Security Notice USN-4948-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4948-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25670, CVE-2021-28688, CVE-2021-28951, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29264, CVE-2021-29266, CVE-2021-29646, CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-29657, CVE-2021-31916, CVE-2021-3483, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
MD5 | 151d9671a4c69f74d2e7803115cefc7b
Ubuntu Security Notice USN-4950-1
Posted May 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4950-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
MD5 | 49528c585e4106f35517c8af7ce16fc7
Red Hat Security Advisory 2021-1544-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1544-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3495
MD5 | 2dfa0b1e9ec7e75df0d5df7c31f0f39f
Red Hat Security Advisory 2021-1540-01
Posted May 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-29492, CVE-2021-31920
MD5 | 45f8a6b86179c32a2ad1df82357e7cd0
Page 1 of 7
Back12345Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close