exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2021-06-17

Ubuntu Security Notice USN-4991-1
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-8872, CVE-2019-20388, CVE-2020-24977, CVE-2021-3517, CVE-2021-3537, CVE-2021-3541
SHA-256 | 38f527bf92212574fd2e8353820dd66e5279bfa5e4f6a13e08dc27aaaf456463
Red Hat Security Advisory 2021-2479-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-13012, CVE-2019-14866, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-13434, CVE-2020-13543, CVE-2020-13584, CVE-2020-13776, CVE-2020-15358, CVE-2020-24977, CVE-2020-25659, CVE-2020-25678, CVE-2020-26116, CVE-2020-26137, CVE-2020-27618, CVE-2020-27619, CVE-2020-27783, CVE-2020-28196, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-36242, CVE-2020-8231
SHA-256 | 407dd58a4d56a1577f85a63f8d3249362ebd855a9d2e9461bef124d76718dfe1
Ubuntu Security Notice USN-4990-1
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-16869, CVE-2021-3580
SHA-256 | 18ac1040641e10f745441e19c4e76450403a73af58de924392fb2255e3dfadc1
Windows Kerberos AppContainer Enterprise Authentication Capability Bypass
Posted Jun 17, 2021
Authored by James Forshaw, Google Security Research

Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.

tags | exploit
advisories | CVE-2021-26414, CVE-2021-31962
SHA-256 | 1d5d38694b7c25fc61d91a95f2fe8b95d80f7177cbc88c8349db3852e07f5b72
Red Hat Security Advisory 2021-2476-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
SHA-256 | c7ecab2767572bcae7a835e6563b631e2de5bcbbf260dbcf564ddf63104b4342
Trojan.Win32.Alien.erf MVID-2021-0253 Directory Traversal
Posted Jun 17, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Alien.erf malware suffers from a directory traversal vulnerability.

tags | advisory, trojan
systems | windows
SHA-256 | 187898797e4601317e850c37f6c620bbd5f74a4654555fc78d25559630b54c57
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
Posted Jun 17, 2021
Authored by unknown, Spencer McIntyre, wvu | Site metasploit.com

The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.

tags | exploit, code execution
systems | windows
advisories | CVE-2021-31181
SHA-256 | 5dcb06868c15ec6031a011204cbd74de26b37669890217421638293a9f77e49b
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution
Posted Jun 17, 2021
Authored by wvu, Mikhail Klyuchnikov, jheysel-r7, Nikita Abramov | Site metasploit.com

This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.

tags | exploit, file upload
systems | cisco
advisories | CVE-2021-1499
SHA-256 | f5c93c1dbb7c46d018f80b02b7e8b65d92e05da4eaa8f1ef27222f385aefb954
Dup Scout 13.5.28 Unquoted Service Path
Posted Jun 17, 2021
Authored by Brian Rodriguez

Dup Scout version 13.5.28 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 46e00ea6e0536864a15de7ef2f1c92d0c522210998bedba2fcfa6e9d2496b09b
Red Hat Security Advisory 2021-2475-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
SHA-256 | 44f2a427aa38603abc596c8eab0bea14baf4d87b51fcd63235260362ce1b3c02
Trojan.Win32.Alien.erf MVID-2021-0252 Buffer Overflow
Posted Jun 17, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Alien.erf malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow, trojan
systems | windows
SHA-256 | f21fd4344ef1dd439138a5152b640bde46bdc5db13e058d8e123769d0a088c7b
Unified Office Total Connect Now 1.0 SQL Injection
Posted Jun 17, 2021
Authored by Ajaikumar Nadar

Unified Office Total Connect Now version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 91d6e78aae245ee0b32085f6239ac318b8c262de77702459914f9a8c14ee7636
Samsung NPU npu_session_format Out-Of-Bounds Write
Posted Jun 17, 2021
Authored by Google Security Research, hawkes

Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.

tags | exploit
advisories | CVE-2021-25407
SHA-256 | c1b571dff4d7f86aae1597fdb8aa5e8932400ee1c1aed35b56eab3315ec48ed8
Red Hat Security Advisory 2021-2472-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618
SHA-256 | 19735da2179172dfd4dafbdef97ffa2abdb672d9b8f5865fe7fd9e743f621ed9
Red Hat Security Advisory 2021-2469-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-25217
SHA-256 | 4d8aa7a25595585144567d5cbdbfdefc4c90e617752241da4134ebe5d0702cf1
VeryFitPro 3.2.8 Insecure Transit
Posted Jun 17, 2021
Authored by Nick Decker | Site trovent.io

VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.

tags | exploit
SHA-256 | 9e9f6ef8313838133d2645a4ff7f6a0403b2a9655c9a0a2e6218c1e2d72dce6d
VX Search 13.5.28 Unquoted Service Path
Posted Jun 17, 2021
Authored by Brian Rodriguez

VX Search version 13.5.28 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 6b72df66fd7a41d276fe6f901c6f3d87ca98c4925e6abc04dbeb1d95072f92a7
Red Hat Security Advisory 2021-2471-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618
SHA-256 | c503b0c9787ff152a79b6411488dd21ecce7fa317d626248d8da273122c8eb96
Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration
Posted Jun 17, 2021
Authored by Ricardo Jose Ruiz Fernandez

Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability.

tags | exploit
advisories | CVE-2021-31159
SHA-256 | 870a1afb9f1433380867e92d6f4b12a310e6ee87a00b11040bf6cfbd0e03d858
Red Hat Security Advisory 2021-2467-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2467-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-27219
SHA-256 | 752f04ccd0517bf07ec7c16cfef3f7f83b823887778079aa8802476544f4d0bd
Trojan.Win32.Alien.erf MVID-2021-0251 Denial Of Service
Posted Jun 17, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Alien.erf malware suffers from a denial of service vulnerability.

tags | exploit, denial of service, trojan
systems | windows
SHA-256 | 4380aa97f9adf0bb910bb3cfa42237b9395be0068a22b26abe5d95657e0fd714
Workspace ONE Intelligent Hub 20.3.8.0 Unquoted Service Path
Posted Jun 17, 2021
Authored by Ismael Nava

Workspace ONE Intelligent Hub version 20.3.8.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | fd14fa136fb6f8ab1344d82ce21b7a4f1296f0567897ab234bef268b102b4bfd
Red Hat Security Advisory 2021-2461-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-14866, CVE-2019-25013, CVE-2019-25032, CVE-2019-25034, CVE-2019-25035, CVE-2019-25036, CVE-2019-25037, CVE-2019-25038, CVE-2019-25039, CVE-2019-25040, CVE-2019-25041, CVE-2019-25042, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-10543, CVE-2020-10878, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13434, CVE-2020-13776, CVE-2020-15358, CVE-2020-24330, CVE-2020-2433
SHA-256 | 4746bce06101c5ed31286fd228a56e6836f518395cd2ec946eedb9ed0a938d38
Penetration Testing Web Storage (User Experience)
Posted Jun 17, 2021
Authored by Abdulrahman Abdullah

Whitepaper called Penetration Testing Web Storage (User Experience). Written in Arabic.

tags | paper, web
SHA-256 | ac64e028c271cb652e3c0e80ad58084627611674cb22fcd6bb4a831a7c2fced8
Ubuntu Security Notice USN-4989-2
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2020-27153
SHA-256 | 8720c245ff9d32e615ac12072fd408a3b7ff8626c06e4a6d72353f5814177f3a
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close