exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2021-06-04

Ubuntu Security Notice USN-4984-1
Posted Jun 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4984-1 - Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2021-28038, CVE-2021-28660, CVE-2021-28688, CVE-2021-28950, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29647, CVE-2021-30002, CVE-2021-31916, CVE-2021-33033, CVE-2021-3483
SHA-256 | 47d0f4a3952d8cf4b938ec83f7efd85bdb8431f9f1a68e359b4de49fcf50d2ed
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
Posted Jun 4, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed.

tags | exploit
SHA-256 | 108eb293e5b0d2d18abfd3b3ef0cfabcfe3878c71ef3e5fb6ce42e26588c10f0
HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration
Posted Jun 4, 2021
Authored by Nick Decker | Site trovent.io

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.

tags | exploit
SHA-256 | 42f3483603f56524c0a83a32c43ca70dcb2416daaa8123abc8aa7afb35f560fe
FileCOPA FTP Server 1.01 Denial Of Service
Posted Jun 4, 2021
Authored by Fernando Mengali

FileCOPA FTP Server version 1.01 denial of service exploit.

tags | exploit, denial of service
SHA-256 | 3e3501825544ec466af787f47d308b94d885b2236a3ce6311f2ed3df37eac109
Windows Win32k Elevation Of Privilege Vulnerability
Posted Jun 4, 2021
Authored by Sheikhar Gautam, Rima Yadav

Whitepaper called Windows Win32k Elevation of Privilege Vulnerability. It details exploitation and an overview of CVE-2021-1732.

tags | paper
systems | windows
advisories | CVE-2021-1732
SHA-256 | a9380503b2a681de62499f1daeafb145966439dc2c08d757cb57d440409aaee2
Ubuntu Security Notice USN-4983-1
Posted Jun 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4983-1 - Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-29155, CVE-2021-31829, CVE-2021-33200, CVE-2021-3501
SHA-256 | c8d6a4d1ac66d32b7a2f8aec8f4be767802cb76e03860da72e2558c5974f173a
Cisco HyperFlex HX Data Platform Command Execution
Posted Jun 4, 2021
Authored by wvu, Mikhail Klyuchnikov, Nikita Abramov | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user.

tags | exploit, shell
systems | cisco
advisories | CVE-2021-1497, CVE-2021-1498
SHA-256 | 0a1aa0b824e15e84195c2385f8bf0e7dc95224435e2865997906be79faf81ba6
SuiteCRM Log File Remote Code Execution
Posted Jun 4, 2021
Authored by M. Cory Billington | Site metasploit.com

This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.

tags | exploit, web, php
advisories | CVE-2020-28328
SHA-256 | ec5ef5c3f76e27557be6a802468fa8e1b2e50b2a6a2993479fd1a906363a8c90
Flawfinder 2.0.17
Posted Jun 4, 2021
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Fixed the distributed tarball, which did not include the key source file due to the earlier file restructure. Minor code style fix applied, which simplifies the code slightly. Updated date in manual page to 2021.
tags | tool
systems | unix
SHA-256 | c28c1fff7657131c8f016c3309d0caeb58d367d61a5c4b56a26ac8314772d407
Chrome Legacy ipc::Message Passed Via Shared Memory
Posted Jun 4, 2021
Authored by Google Security Research, Mark Brand

Looking at the Mojo implementation of Chrome's legacy IPC, the legacy ipc::Message type is transferred inside a BigBuffer.

tags | exploit
advisories | CVE-2021-21198
SHA-256 | f543ac8b2cefa9c2b0092803dc79ebe3d0ccba182ed6661ceb724163521a8580
QT TIFF Processing Heap Overflow
Posted Jun 4, 2021
Authored by Google Security Research, natashenka

There is a heap corruption bug that can occur when QT processes a malformed TIFF image. It happens because the size of the QImageData backing the image is calculated is calculated using the format of the image, meanwhile TIFFReadScanline calculates the length to be read based on TIFFScanlineSize, which determines the size base on three tags in the TIFF file, width, samples per pixel and bits per sample.

tags | exploit
SHA-256 | 765990ea3bd9f2c14232bcfa3535efba165c1990d1e7949df33a649783e33d0b
Backdoor.Win32.Androm.df MVID-2021-0237 Code Execution
Posted Jun 4, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Androm.df malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | 7dc3c092b4a7f3eb0886fa0f0702d6b97a6d87b30956986330eb5906d3ab95f7
Gitlab 13.10.2 Remote Code Execution
Posted Jun 4, 2021
Authored by enox

Gitlab version 13.10.2 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | fdd3bf5424a5516bb5299cd43e4d54baa10324040cc743962df9d063321ddcab
Ubuntu Security Notice USN-4982-1
Posted Jun 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4982-1 - Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service. Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-25670, CVE-2020-25673, CVE-2021-28688, CVE-2021-28950, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29264, CVE-2021-29647, CVE-2021-31916, CVE-2021-3483
SHA-256 | 30a5afa51a330465bbea0807650492fe79f27388cc8ee9ac30d0e02a89f6de63
Monstra CMS 3.0.4 Remote Code Execution
Posted Jun 4, 2021
Authored by Ron Jost

Monstra CMS version 3.0.4 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-6383
SHA-256 | a449bcb9e802e6538fd98131e3ca47d842f8cffabafa13b97c65cc397d12c250
Ubuntu Security Notice USN-4981-1
Posted Jun 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4981-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. Joshua Rogers discovered that Squid incorrectly handled requests to the Cache Manager API. A remote attacker with access privileges could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-28651, CVE-2021-28652, CVE-2021-28662, CVE-2021-31807, CVE-2021-31808, CVE-2021-33620
SHA-256 | 5f73be4fd8bb6e49cdf2fb128fc4a0c34429d328f98775c05ee84b4c5044d2b9
Inkpad Notepad And To Do List 4.3.61 Denial Of Service
Posted Jun 4, 2021
Authored by Brian Rodriguez

Inkpad Notepad and To Do List version 4.3.61 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 5b3b0aa84bc77cbfacf517ac6e92e295787ed507cef6a0de79ab3b18878dfddf
My Notes Safe 5.3 Denial Of Service
Posted Jun 4, 2021
Authored by Geovanni Ruiz

My Notes Safe version 5.3 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 4ec508800f9451d8b48faa427a3e6ea5bfe34c3b15536914486c655939a17b1c
Macaron Notes Great Notebook 5.5 Denial Of Service
Posted Jun 4, 2021
Authored by Geovanni Ruiz

Macaron Notes Great Notebook version 5.5 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 31ccde6221360dbafc15dda8126d446f89e959a6e39be1cc7b545e20b88e775f
Color Notes 1.4 Denial Of Service
Posted Jun 4, 2021
Authored by Geovanni Ruiz

Color Notes version 1.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 6c187927e73273cfa63bedef34adaca786cfd86afaaa86c9627987f9456d0d9b
CMS Made Simple V2.2.13
Posted Jun 4, 2021
Authored by Tanmay Tyagi, Abhinav

Whitepaper giving an overview of a remote code execution vulnerability that exists in CMS Made Simple version 2.2.13.

tags | paper, remote, code execution
advisories | CVE-2020-10682
SHA-256 | e8e543b0e7f3d1f441248d328301c18373431ac24f8ad36bc50bc9bebcac44d8
Heap-Based Overflow Vulnerability In Sudo
Posted Jun 4, 2021
Authored by Akshay Sharma, Yamini Sharma

Whitepaper giving an overview of a heap-based buffer overflow in sudo.

tags | paper, overflow
advisories | CVE-2021-3156
SHA-256 | a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ec
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close