exploit the possibilities
Showing 1 - 25 of 438 RSS Feed

Files Date: 2021-06-01 to 2021-06-30

Red Hat Security Advisory 2021-2599-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2599-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-26541, CVE-2021-33034
SHA-256 | 328c5c026f32edfec51846f77f77425f5561fa6a3f2f3bb7afb29408f48a610c
Red Hat Security Advisory 2021-2563-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2563-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-33034
SHA-256 | 29f95c53b6bede9ea1a91fa03ac102e733d991d467b629c0d7576f6b5debe95a
Red Hat Security Advisory 2021-2561-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2561-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.0 serves as a replacement for Red Hat JBoss Web Server 5.4.2, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, java, remote, web, sql injection
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2021-25122, CVE-2021-25329
SHA-256 | f3cd1db006604fa6b5ec96f64cd45152cf6b247c0b550fab1007a90fe65d5bff
Red Hat Security Advisory 2021-2562-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2562-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.0 serves as a replacement for Red Hat JBoss Web Server 5.4.2, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, java, remote, web, sql injection
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2021-25122, CVE-2021-25329
SHA-256 | 7483c97d1f9fb372e81b8472c214b78b36b64578a63172ce3a020369a769c580
Red Hat Security Advisory 2021-2500-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2500-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-20920, CVE-2019-20922, CVE-2021-23369, CVE-2021-23383
SHA-256 | 7f470cc3a3c9b2403979f660d4869d6f9fd410719e628699aeb9ae7050ab28de
Red Hat Security Advisory 2021-2499-01
Posted Jun 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2499-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.36. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-27216, CVE-2020-27218, CVE-2020-27223
SHA-256 | fc33e3ccc5d69dcd993e15c937230658440ccc17e77d1efce3da137b504799bc
Proxmark 4.13441
Posted Jun 29, 2021
Authored by Christian Herrmann | Site github.com

This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.

Changes: This version brings major improvements to client interface. Added functionality like emrtd, cipurse, st25a, etc.
tags | tool
systems | unix
SHA-256 | 49c4f1854b364aa7ea7083581351f867128e71ea783d0ecd71fc41bcf7f63584
ES File Explorer 4.1.9.7.4 Arbitrary File Read
Posted Jun 29, 2021
Authored by Nehal Zaman

ES File Explorer version 4.1.9.7.4 arbitrary file read exploit.

tags | exploit, arbitrary
advisories | CVE-2019-6447
SHA-256 | 49c30b8691d656d1bb19d03dc76bb300764a671ff450cedd6ccb6933b28818a2
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jun 28, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2020-24186
SHA-256 | fab2eeb88db6a1f9b11eed6c490a6ca021dd6f8237a47b405d41bd041a36af45
Ubuntu Security Notice USN-4997-2
Posted Jun 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4997-2 - USN-4997-1 fixed vulnerabilities in the Linux kernel for Ubuntu 21.04. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 21.04. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609
SHA-256 | 16f2c8cca9066cef3cbb8b6417110467cabb0932233c1b98fecf1f6a500fac6b
Constructor.Win32.Bifrose.asc MVID-2021-0263 Buffer Overflow / Heap Corruption
Posted Jun 28, 2021
Authored by malvuln | Site malvuln.com

Constructor.Win32.Bifrose.asc malware suffers from buffer overflow and heap corruption vulnerabilities.

tags | exploit, overflow, vulnerability
systems | windows
SHA-256 | f9de4beeccabbbacc6f282a0c87fbb59cbf7fb3821fe1d204bf99e19e0bb2667
WordPress YOP Polls 6.2.7 Cross Site Scripting
Posted Jun 28, 2021
Authored by Toby Jackson

WordPress YOP Polls plugin version 6.2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 37dfd8abad79e4b69350ef7295da874458a3b9b294f44696d84f80fef21ddd14
Personnel Record Management System 1.0 Authentication Bypass / XSS
Posted Jun 28, 2021
Authored by Richard Jones

Personnel Record Management System version 1.0 unauthenticated administrator addition exploit that also adds a stored cross site scripting payload.

tags | exploit, xss, bypass
SHA-256 | c9257cef037dacedb3db4a1a6b67bd2fc2ac61defffc09745ac32d35d356bbcb
Netgear WNAP320 2.0.3 Remote Code Execution
Posted Jun 28, 2021
Authored by Bryan Leong

Netgear WNAP320 version 2.0.3 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f55265a3529db3a819eee1b0f00df0a280e909fc77f24c6ee5747d5c6d90f7d4
Trojan-Dropper.Win32.Scrop.dyi MVID-2021-0262 Insecure Permissions
Posted Jun 28, 2021
Authored by malvuln | Site malvuln.com

Trojan-Dropper.Win32.Scrop.dyi malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | b441fde6d9d688819e5a6d44c127c549633b249a0905d34d885c9ae37e5210fe
Personnel Record Management System 1.0 SQL Injection
Posted Jun 28, 2021
Authored by Richard Jones

Personnel Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 2776b79bc1477dd0a9d6f3c66f393968ec921589928f2bb358a7296cf68a94b8
Android Data Exfiltration
Posted Jun 28, 2021
Authored by Roman Fiedler | Site unparalleled.eu

This is a tool that was developed to run as alternative "/init". The program will make an Android phone show up as mass storage device during boot. The complete internal storage is available for reading including the partition table and all 42 partitions of the Android system.

tags | exploit
SHA-256 | 26d0ccdaf2d09a37294e6090603335263cb221373194e10a191870af77f5fe23
Email-Worm.Win32.Trance.a MVID-2021-0261 Insecure Permissions
Posted Jun 28, 2021
Authored by malvuln | Site malvuln.com

Email-Worm.Win32.Trance.a malware suffers from an insecure permissions vulnerability.

tags | exploit, worm
systems | windows
SHA-256 | b7be52e55d136dca9ba0d96625eb0e3b7ad168eb430c19ccfa05d14f47f0ac2a
Smart Contract Automated Testing Guidelines
Posted Jun 28, 2021
Authored by Loc Phan Van

Whitepaper called Smart Contract Automated Testing Guidelines that provides guidance on automation.

tags | paper
SHA-256 | 2637d58d1c7c59b0e8b57db8f391f84b9a001dcc6d498f48455236de4f4f2d0a
Android 2.0 FreeCIV Arbitrary Code Execution
Posted Jun 28, 2021
Authored by Raed Ahsan

Android version 2.0 exploit for FreeCIV versions 2.2 before 2.2.1 and 2.3 before 2.3.0 that achieves root.

tags | exploit, root
advisories | CVE-2010-2445
SHA-256 | 84eaa0c13185db927fae6be271159ea3fe9f56dcc09261d86facb183be5d57c7
Ubuntu Security Notice USN-5000-2
Posted Jun 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5000-2 - USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 20.04 LTS. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3609
SHA-256 | 24cb2b08987dbf402e7352676baccf4addc89319c209a6642e849c6e40814e3f
Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting
Posted Jun 26, 2021
Authored by Captain_hook

Atlassian Jira Server / Data Center version 8.16.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-26078
SHA-256 | 11cb5c10c7bc260840e9f99059eab8e717769aeff2d90a62ed3b887604e735c0
Ubuntu Security Notice USN-4998-1
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4998-1 - It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access. It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. Various other issues were also addressed.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-25678, CVE-2020-27781, CVE-2020-27839, CVE-2021-20288, CVE-2021-3509, CVE-2021-3524, CVE-2021-3531
SHA-256 | a3d9656a49f07ccf660b9f6006ed598b81e2aa94c36575e1f2fa281abef63f27
Flawfinder 2.0.18
Posted Jun 25, 2021
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Fixed SARIF output. SARIF output is new to flawfinder, and there was a subtle error in its generation that causes GitHub to reject the SARIF file.
tags | tool
systems | unix
SHA-256 | 6a51efd7869e0f36a00f33455ec2d1745dc36121130625887b4589e646f062c2
SAPSprint 7.60 Unquoted Service Path
Posted Jun 25, 2021
Authored by Brian Rodriguez

SAPSprint version 7.60 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 8fd12071ae6adadfc0e695181b3356e8bf22de078d2eb3e9d81412ae18f764fa
Page 1 of 18
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close