exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 399 RSS Feed

Files Date: 2021-07-01 to 2021-07-31

Pi-Hole Remove Commands Linux Privilege Escalation
Posted Jul 30, 2021
Authored by h00die, Emanuele Barbeno | Site metasploit.com

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

tags | exploit, root
advisories | CVE-2021-29449
SHA-256 | 7265358e3e4327bc951c92f719451fce4a2ce957a5c1a6bde9f57d3d6646ee0f
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
Posted Jul 30, 2021
Authored by LiquidWorm | Site zeroscience.mk

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | 99282d0ad093fb7f0b78aa1a3e353d972615b19e9b6715a70f10d0e4ebbfcf3c
Red Hat Security Advisory 2021-2965-01
Posted Jul 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2021-21409, CVE-2021-3536
SHA-256 | 5502336b85746ee81fff7e16aa81cd6f87dfc46e903a7840a4207753910e17e5
Ubuntu Security Notice USN-5026-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18020, CVE-2021-36978
SHA-256 | cef1580c2afb6cf2bd8a84003d5771f8149f09ba4f18f87176a2615bf4d50261
Ubuntu Security Notice USN-5027-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32610
SHA-256 | e8f9ded0ced617874263eb0c296a5b75636436070ea49ac10fb48402f22578d3
ObjectPlanet Opinio 7.13 Shell Upload
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2020-26806
SHA-256 | 6146594a8eedc5b48c3895039ed9ff9b2da349396d6a84e9003398290c0214e6
ObjectPlanet Opinio 7.13 Expression Language Injection
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.

tags | exploit
advisories | CVE-2020-26565
SHA-256 | a3eb218a2f08f0bd814466c67083d00a77e140446ee2dfeedea41ff480fbbb9f
ObjectPlanet Opinio 7.13 / 7.14 XML Injection
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2020-26564
SHA-256 | af1eaef07e52be0596d75f8c870d0a1dc0e3ff1cc76c2eabee1d671f01d9c7f4
Demystifying Nmap Scans At The Packet Level
Posted Jul 30, 2021
Authored by Aditya Srivastava | Site adityasrivastava2762.blogspot.com

This paper contains a step by step detailed walk-through of different nmap scanning techniques and how the nmap traffic looks like in wireshark for each scan. The objective of documenting the paper is to get a better understanding of packets while initiating any nmap scan so that it can help in bypassing firewalls or debugging what went wrong between the source and destination. It can also help in writing basic firewall rules.

tags | paper
SHA-256 | e98eb4f64e115f6a22e5fb658a650a8f88305b65ab9f8584011c81fe80099560
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
Posted Jul 29, 2021
Authored by James Forshaw, Google Security Research

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

tags | exploit
advisories | CVE-2021-34470
SHA-256 | 627232e16239714ec375a9cfcdcb5ae5ed42b0f516a9d4728d978cfb3abf4962
Ubuntu Security Notice USN-5025-2
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
SHA-256 | 71161ce693fd49985174cabbe4b4902ec1c5e2c717f481624564ca59b97f89c6
Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection
Posted Jul 29, 2021
Authored by J. Francisco Bolivar

Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 38f80fca24b17f32a9e3da9f5471c31d26cc3bb1e197893519649f27a2ab75e3
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Posted Jul 29, 2021
Authored by LiquidWorm | Site zeroscience.mk

Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.

tags | exploit, arbitrary
SHA-256 | ecde74e6d4e7cbe2d1a44b93eaae60686b9045e1ada24356e1f1263b9c767441
Ubuntu Security Notice USN-5025-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
SHA-256 | 515f197037d9c5f17c04f6f6b1d9c4b1bdf5345da7af723254917f8af7f67453
Denver IP Camera SHO-110 Snapshot Disclosure
Posted Jul 29, 2021
Authored by Ivan Nikolsky

Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.

tags | exploit, info disclosure
SHA-256 | 7b7a36e0ae757da258c9cf9c116c4320968424f0cd6c800ff639f92f245a5ca8
ObjectPlanet Opinio 7.12 Cross Site Scripting
Posted Jul 29, 2021
Authored by Ang Kar Min

ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-26563
SHA-256 | f500e5fdb33867b5edf3170e3933efe781565d176bbb6a77f75941889807d9d6
Ubuntu Security Notice USN-4944-2
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4944-2 - USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Ubuntu 20.04 has been updated to MariaDB 10.3.30.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 57c06dee963cb110cc6fde97e455934e8e311a4ead7ce42d1b55a525be6acea3
CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
Posted Jul 29, 2021
Authored by niebardzo

CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.

tags | exploit, remote, code execution, csrf
advisories | CVE-2021-29995
SHA-256 | 596b2eea2e27565ab3f218e20a495aaef02193748d901ef08464493dd7fc27d9
Ubuntu Security Notice USN-5024-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2021-21775, CVE-2021-30689, CVE-2021-30749, CVE-2021-30799
SHA-256 | 14d11292105cb8b94a56279b28094f2991375524c7454e09c1c4271e1819998f
Care2x Integrated Hospital Info System 2.7 SQL Injection
Posted Jul 29, 2021
Authored by securityforeveryone.com

Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 813565cbac4fa2b60990827c97c4b6014e8013852af0c5279d6bbe5c159039f1
IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration
Posted Jul 29, 2021
Authored by LiquidWorm | Site zeroscience.mk

IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.

tags | exploit
SHA-256 | b4598723e07ce8a6c4f8a1ac2fbd7802bf319eccafe1b549bb7d97c72f235792
Debian Security Advisory 4935-1
Posted Jul 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4935-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result an SSRF bypass of the FILTER_VALIDATE_URL check and denial of service or potentially the execution of arbitrary code in the Firebird PDO.

tags | advisory, denial of service, arbitrary, php
systems | linux, debian
advisories | CVE-2021-21704, CVE-2021-21705
SHA-256 | 5c5de3d94e5c01e0c46189886df935c5f426216b9c105ee49d6ee312d4327a61
Debian Security Advisory 4936-1
Posted Jul 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4936-1 - An out-of-bounds read was discovered in the uv__idna_to_ascii() function of Libuv, an asynchronous event notification library, which could result in denial of service or information disclosure.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2021-22918
SHA-256 | 0a7f33c31a07fc41d5f7ed52fc3b276e5d28bb695e3f697e1e2b15a2cf82bdc9
Debian Security Advisory 4937-1
Posted Jul 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4937-1 - Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-31618
SHA-256 | 2382a13cd727ebe78876d34b5fa53df39e32f618f527a9cd28bf0c55d1282cdd
Debian Security Advisory 4938-1
Posted Jul 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4938-1 - Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution.

tags | advisory, remote, denial of service, code execution, protocol
systems | linux, debian
advisories | CVE-2021-3570
SHA-256 | a2cb5acebab5469fd7930619851a5d96bf30b1019949c76285dfc85a4c4dbe11
Page 1 of 16
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close