what you don't know can hurt you
Showing 1 - 25 of 386 RSS Feed

Files Date: 2021-07-01 to 2021-07-31

Pi-Hole Remove Commands Linux Privilege Escalation
Posted Jul 30, 2021
Authored by h00die, Emanuele Barbeno | Site metasploit.com

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

tags | exploit, root
advisories | CVE-2021-29449
SHA-256 | 7265358e3e4327bc951c92f719451fce4a2ce957a5c1a6bde9f57d3d6646ee0f
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
Posted Jul 30, 2021
Authored by LiquidWorm | Site zeroscience.mk

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | 99282d0ad093fb7f0b78aa1a3e353d972615b19e9b6715a70f10d0e4ebbfcf3c
Red Hat Security Advisory 2021-2965-01
Posted Jul 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2021-21409, CVE-2021-3536
SHA-256 | 5502336b85746ee81fff7e16aa81cd6f87dfc46e903a7840a4207753910e17e5
Ubuntu Security Notice USN-5026-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18020, CVE-2021-36978
SHA-256 | cef1580c2afb6cf2bd8a84003d5771f8149f09ba4f18f87176a2615bf4d50261
Ubuntu Security Notice USN-5027-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32610
SHA-256 | e8f9ded0ced617874263eb0c296a5b75636436070ea49ac10fb48402f22578d3
ObjectPlanet Opinio 7.13 Shell Upload
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2020-26806
SHA-256 | 6146594a8eedc5b48c3895039ed9ff9b2da349396d6a84e9003398290c0214e6
ObjectPlanet Opinio 7.13 Expression Language Injection
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.

tags | exploit
advisories | CVE-2020-26565
SHA-256 | a3eb218a2f08f0bd814466c67083d00a77e140446ee2dfeedea41ff480fbbb9f
ObjectPlanet Opinio 7.13 / 7.14 XML Injection
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2020-26564
SHA-256 | af1eaef07e52be0596d75f8c870d0a1dc0e3ff1cc76c2eabee1d671f01d9c7f4
Demystifying Nmap Scans At The Packet Level
Posted Jul 30, 2021
Authored by Aditya Srivastava | Site adityasrivastava2762.blogspot.com

This paper contains a step by step detailed walk-through of different nmap scanning techniques and how the nmap traffic looks like in wireshark for each scan. The objective of documenting the paper is to get a better understanding of packets while initiating any nmap scan so that it can help in bypassing firewalls or debugging what went wrong between the source and destination. It can also help in writing basic firewall rules.

tags | paper
SHA-256 | e98eb4f64e115f6a22e5fb658a650a8f88305b65ab9f8584011c81fe80099560
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
Posted Jul 29, 2021
Authored by James Forshaw, Google Security Research

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

tags | exploit
advisories | CVE-2021-34470
SHA-256 | 627232e16239714ec375a9cfcdcb5ae5ed42b0f516a9d4728d978cfb3abf4962
Ubuntu Security Notice USN-5025-2
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
SHA-256 | 71161ce693fd49985174cabbe4b4902ec1c5e2c717f481624564ca59b97f89c6
Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection
Posted Jul 29, 2021
Authored by J. Francisco Bolivar

Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 38f80fca24b17f32a9e3da9f5471c31d26cc3bb1e197893519649f27a2ab75e3
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Posted Jul 29, 2021
Authored by LiquidWorm | Site zeroscience.mk

Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.

tags | exploit, arbitrary
SHA-256 | ecde74e6d4e7cbe2d1a44b93eaae60686b9045e1ada24356e1f1263b9c767441
Ubuntu Security Notice USN-5025-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
SHA-256 | 515f197037d9c5f17c04f6f6b1d9c4b1bdf5345da7af723254917f8af7f67453
Denver IP Camera SHO-110 Snapshot Disclosure
Posted Jul 29, 2021
Authored by Ivan Nikolsky

Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.

tags | exploit, info disclosure
SHA-256 | 7b7a36e0ae757da258c9cf9c116c4320968424f0cd6c800ff639f92f245a5ca8
ObjectPlanet Opinio 7.12 Cross Site Scripting
Posted Jul 29, 2021
Authored by Ang Kar Min

ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-26563
SHA-256 | f500e5fdb33867b5edf3170e3933efe781565d176bbb6a77f75941889807d9d6
Ubuntu Security Notice USN-4944-2
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4944-2 - USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Ubuntu 20.04 has been updated to MariaDB 10.3.30.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 57c06dee963cb110cc6fde97e455934e8e311a4ead7ce42d1b55a525be6acea3
CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
Posted Jul 29, 2021
Authored by niebardzo

CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.

tags | exploit, remote, code execution, csrf
advisories | CVE-2021-29995
SHA-256 | 596b2eea2e27565ab3f218e20a495aaef02193748d901ef08464493dd7fc27d9
Ubuntu Security Notice USN-5024-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2021-21775, CVE-2021-30689, CVE-2021-30749, CVE-2021-30799
SHA-256 | 14d11292105cb8b94a56279b28094f2991375524c7454e09c1c4271e1819998f
Care2x Integrated Hospital Info System 2.7 SQL Injection
Posted Jul 29, 2021
Authored by securityforeveryone.com

Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 813565cbac4fa2b60990827c97c4b6014e8013852af0c5279d6bbe5c159039f1
IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration
Posted Jul 29, 2021
Authored by LiquidWorm | Site zeroscience.mk

IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.

tags | exploit
SHA-256 | b4598723e07ce8a6c4f8a1ac2fbd7802bf319eccafe1b549bb7d97c72f235792
Red Hat Security Advisory 2021-2932-01
Posted Jul 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2932-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-22918, CVE-2021-23362, CVE-2021-27290, CVE-2021-33502
SHA-256 | 7819eab95b801ee299b0c45f60fb153ccf55a8165bda9a4b92c9e354fa35c7d0
Backdoor.Win32.WinShell.40 MVID-2021-0310 Code Execution
Posted Jul 28, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.WinShell.40 malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | 36bd0dcd70c37c0f6388382b04be4c7bcc24e363234f2224ab11193b7ad7cfba
Red Hat Security Advisory 2021-2931-01
Posted Jul 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2931-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-22918, CVE-2021-23362, CVE-2021-27290, CVE-2021-33502
SHA-256 | e59ed91a5edb1ab96597451d6ad951184459cdd8057a7fea7fee363d15069354
Event Registration System With QR Code 1.0 Shell Upload
Posted Jul 28, 2021
Authored by Javier Olmedo

Event Registration System with QR Code version 1.0 suffers from authentication bypass and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, bypass
SHA-256 | fc40291e7f367fc138282d091bd129a8e4f3f89060b16b7bf82ad2b4becc1492
Page 1 of 16
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close