what you don't know can hurt you
Showing 1 - 25 of 438 RSS Feed

Files Date: 2021-06-01 to 2021-06-30

Red Hat Security Advisory 2021-2599-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2599-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-26541, CVE-2021-33034
MD5 | 949dbd9e710236aaadf373d409e03012
Red Hat Security Advisory 2021-2563-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2563-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-33034
MD5 | cf7c1e7c7eb73b914111ec8dd34c0c35
Red Hat Security Advisory 2021-2561-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2561-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.0 serves as a replacement for Red Hat JBoss Web Server 5.4.2, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, java, remote, web, sql injection
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2021-25122, CVE-2021-25329
MD5 | 6cd2c7e1481129c67f6211b4cf9f46c4
Red Hat Security Advisory 2021-2562-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2562-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.0 serves as a replacement for Red Hat JBoss Web Server 5.4.2, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, java, remote, web, sql injection
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2021-25122, CVE-2021-25329
MD5 | 34cc49fbb9619aa8e9c5a69c9b5bb5ac
Red Hat Security Advisory 2021-2500-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2500-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-20920, CVE-2019-20922, CVE-2021-23369, CVE-2021-23383
MD5 | 7c925f96d637532bba466480bb7785a8
Red Hat Security Advisory 2021-2499-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2499-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.36. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-27216, CVE-2020-27218, CVE-2020-27223
MD5 | 5402cd81c6cf98686044dc55e2cfb2f3
Proxmark 4.13441
Posted Jun 29, 2021
Authored by Christian Herrmann | Site github.com

This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.

Changes: This version brings major improvements to client interface. Added functionality like emrtd, cipurse, st25a, etc.
tags | tool
systems | unix
MD5 | b5922ffee719f55f1f27998a0e1a0ca1
ES File Explorer 4.1.9.7.4 Arbitrary File Read
Posted Jun 29, 2021
Authored by Nehal Zaman

ES File Explorer version 4.1.9.7.4 arbitrary file read exploit.

tags | exploit, arbitrary
advisories | CVE-2019-6447
MD5 | 3c25d5c9cc6d583b07aa0211035656b6
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jun 28, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2020-24186
MD5 | fdf8135289f12d026401f86e91ab3f6d
Ubuntu Security Notice USN-4997-2
Posted Jun 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4997-2 - USN-4997-1 fixed vulnerabilities in the Linux kernel for Ubuntu 21.04. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 21.04. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609
MD5 | 434b3d99e74ec911fad05d97ac12ede3
Constructor.Win32.Bifrose.asc Buffer Overflow / Heap Corruption
Posted Jun 28, 2021
Authored by malvuln | Site malvuln.com

Constructor.Win32.Bifrose.asc malware suffers from buffer overflow and heap corruption vulnerabilities.

tags | exploit, overflow, vulnerability
systems | windows
MD5 | 07ed21e550cfbb0073d38b8e97e1b7b1
WordPress YOP Polls 6.2.7 Cross Site Scripting
Posted Jun 28, 2021
Authored by Toby Jackson

WordPress YOP Polls plugin version 6.2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5cce523dc226e7cf917fad7c812b2df7
Personnel Record Management System 1.0 Authentication Bypass / XSS
Posted Jun 28, 2021
Authored by Richard Jones

Personnel Record Management System version 1.0 unauthenticated administrator addition exploit that also adds a stored cross site scripting payload.

tags | exploit, xss, bypass
MD5 | 7830494b80453a138becbe2ae78fc9d3
Netgear WNAP320 2.0.3 Remote Code Execution
Posted Jun 28, 2021
Authored by Bryan Leong

Netgear WNAP320 version 2.0.3 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 6d46233dd769ed00d87833e2d972880f
Trojan-Dropper.Win32.Scrop.dyi Insecure Permissions
Posted Jun 28, 2021
Authored by malvuln | Site malvuln.com

Trojan-Dropper.Win32.Scrop.dyi malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | d2aa42c41f0e017cbe0ecd11122056a8
Personnel Record Management System 1.0 SQL Injection
Posted Jun 28, 2021
Authored by Richard Jones

Personnel Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 58f624d5b154400123a08e3fc900c8e1
Android Data Exfiltration
Posted Jun 28, 2021
Authored by Roman Fiedler | Site unparalleled.eu

This is a tool that was developed to run as alternative "/init". The program will make an Android phone show up as mass storage device during boot. The complete internal storage is available for reading including the partition table and all 42 partitions of the Android system.

tags | exploit
MD5 | 589289cf9fb87c0dc23597c6c7a4b4b3
Email-Worm.Win32.Trance.a Insecure Permissions
Posted Jun 28, 2021
Authored by malvuln | Site malvuln.com

Email-Worm.Win32.Trance.a malware suffers from an insecure permissions vulnerability.

tags | exploit, worm
systems | windows
MD5 | fb45ce08d60cf295aac4ffd68c5e2a8b
Smart Contract Automated Testing Guidelines
Posted Jun 28, 2021
Authored by Loc Phan Van

Whitepaper called Smart Contract Automated Testing Guidelines that provides guidance on automation.

tags | paper
MD5 | 3cfea32dd359b6de7c8783c7a36444c2
Android 2.0 FreeCIV Arbitrary Code Execution
Posted Jun 28, 2021
Authored by Raed Ahsan

Android version 2.0 exploit for FreeCIV versions 2.2 before 2.2.1 and 2.3 before 2.3.0 that achieves root.

tags | exploit, root
advisories | CVE-2010-2445
MD5 | 3a7206dc1575a4f0e04e17dc57297340
Ubuntu Security Notice USN-5000-2
Posted Jun 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5000-2 - USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 20.04 LTS. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3609
MD5 | 0e8ca6620717c284c287dd4798168747
Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting
Posted Jun 26, 2021
Authored by Captain_hook

Atlassian Jira Server / Data Center version 8.16.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-26078
MD5 | cf784a036af7c8f27e355469c33191ea
Ubuntu Security Notice USN-4998-1
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4998-1 - It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access. It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. Various other issues were also addressed.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-25678, CVE-2020-27781, CVE-2020-27839, CVE-2021-20288, CVE-2021-3509, CVE-2021-3524, CVE-2021-3531
MD5 | aaf79671e90a09e457296e6fb1347c4f
Flawfinder 2.0.18
Posted Jun 25, 2021
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Fixed SARIF output. SARIF output is new to flawfinder, and there was a subtle error in its generation that causes GitHub to reject the SARIF file.
tags | tool
systems | unix
MD5 | fb2ba5bac1bd8d97fab9ec8847321be6
SAPSprint 7.60 Unquoted Service Path
Posted Jun 25, 2021
Authored by Brian Rodriguez

SAPSprint version 7.60 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | ae47ef8f34c49cafe177bc1f46014831
Page 1 of 18
Back12345Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close