exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2021-06-25

Ubuntu Security Notice USN-4998-1
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4998-1 - It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access. It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. Various other issues were also addressed.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-25678, CVE-2020-27781, CVE-2020-27839, CVE-2021-20288, CVE-2021-3509, CVE-2021-3524, CVE-2021-3531
SHA-256 | a3d9656a49f07ccf660b9f6006ed598b81e2aa94c36575e1f2fa281abef63f27
Flawfinder 2.0.18
Posted Jun 25, 2021
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Fixed SARIF output. SARIF output is new to flawfinder, and there was a subtle error in its generation that causes GitHub to reject the SARIF file.
tags | tool
systems | unix
SHA-256 | 6a51efd7869e0f36a00f33455ec2d1745dc36121130625887b4589e646f062c2
SAPSprint 7.60 Unquoted Service Path
Posted Jun 25, 2021
Authored by Brian Rodriguez

SAPSprint version 7.60 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 8fd12071ae6adadfc0e695181b3356e8bf22de078d2eb3e9d81412ae18f764fa
Lightweight Facebook-Styled Blog Remote Code Execution
Posted Jun 25, 2021
Authored by Maide Ilkay Aydogdu

This Metasploit module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution.

tags | exploit, remote, php, code execution, file upload
SHA-256 | 60500517de9e732c50f65c2b42ef9aab7b59dcf4310f936b690f3460d981d122
Ubuntu Security Notice USN-4995-2
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
SHA-256 | 81edf153f7a8ff7803ae890c659ea5d9e899b6b778102480a52389ef99c260ee
Seeddms 5.1.10 Remote Command Execution
Posted Jun 25, 2021
Authored by Bryan Leong

Seeddms version 5.1.10 authenticated remote command execution exploit.

tags | exploit, remote
advisories | CVE-2019-12744
SHA-256 | 1bd0d1d11507de31f14c38ecbae34e401a0ca09e54f2d268c40dcd6fc869c58b
Online Pet Shop We App 1.0 SQL Injection / Shell Upload
Posted Jun 25, 2021
Authored by Drew Jones

Online Pet Shop We App version 1.0 suffers from remote SQL injection and shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
advisories | CVE-2021-35456, CVE-2021-35458
SHA-256 | eb0bd2f27f2879c5379fdf6bc7702bd5bdffceefb5a53170487bbb21eb81cf54
Simple Client Management System 1.0 SQL Injection
Posted Jun 25, 2021
Authored by Baris Yildizoglu

Simple Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 3004a065d6a8c63fdece287c1f6038dcc213d293890df2200431cdee20c52de6
JNLP Injection To Multi-OS Code Execution
Posted Jun 25, 2021
Authored by Ken Pyle

Whitepaper discussing BIZARRELOVETRIANGLE and FULLCLIP - JNLP parameter injection attacks to remote, persistent, multi-os code execution.

tags | paper, remote, code execution
SHA-256 | 0544f59a1e884ac5e4753711797fde21b5db764b310bbdc41f2106aa58ffdef4
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close