exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2021-08-12

Lexmark Driver Privilege Escalation
Posted Aug 12, 2021
Authored by Jacob Baines, Shelby Pace, Grant Willcox | Site metasploit.com

Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenticated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:\ProgramData\<driver name>\Universal Color Laser.gdl to replace the DLL path to unires.dll with a malicious DLL path. When C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs is then used to add the printer to the affected system, PrintIsolationHost.exe, a Windows process running as NT AUTHORITY\SYSTEM, will inspect the C:\ProgramData\<driver name>\Universal Color Laser.gdl file and will load the malicious DLL from the path specified in the file. This which will result in the malicious DLL executing as NT AUTHORITY\SYSTEM. Once this module is finished, it will use the prnmngr.vbs script to remove the printer it added.

tags | exploit
systems | windows
advisories | CVE-2021-35449
MD5 | fa589c6c0ea85ac7dbfa21e40d851085
Atlassian Crowd pdkinstall Remote Code Execution
Posted Aug 12, 2021
Authored by Paul, Corben Leo, Grant Willcox | Site metasploit.com

This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to determine if the target is vulnerable or not.

tags | exploit
advisories | CVE-2019-11580
MD5 | 16f0e230530e4dfd17370d54fb9b5f33
Ubuntu Security Notice USN-3809-2
Posted Aug 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3809-2 - USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10708, CVE-2018-15473
MD5 | 991e724b7bec0220d284e3118014b006
Red Hat Security Advisory 2021-3148-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3148-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
MD5 | 4fc8edb9e389a5633596bfe43d37df61
Red Hat Security Advisory 2021-3147-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3147-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
MD5 | 31ae4d141c4a5818a8f0f5024dc51088
Red Hat Security Advisory 2021-3146-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3146-01 - New Features The release of RHACS 3.64 provides the following new features: 1. You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others. 2. The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource. 3. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance.

tags | advisory, kernel
systems | linux, redhat, ubuntu
advisories | CVE-2021-27218, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558
MD5 | 975f6f0f716934788edf4f51c66d684b
Red Hat Security Advisory 2021-3009-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3009-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.42.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558
MD5 | a4fa7f0c913496fda2a01c6ea9b55c78
Ubuntu Security Notice USN-5037-1
Posted Aug 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5037-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-29980, CVE-2021-29985, CVE-2021-29989
MD5 | b5c6f3c34a526dd4b81c69a7af7bb6a0
Red Hat Security Advisory 2021-3145-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3145-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-34485
MD5 | 16cb1b7f59bd174836f9c38e7be1b01e
Red Hat Security Advisory 2021-3143-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3143-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
MD5 | 7791efa4cb6fb0859d3e70e03bde0a23
Red Hat Security Advisory 2021-3144-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3144-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-34485
MD5 | be32ca894266f61e744ec6f506309118
RATES SYSTEM 1.0 SQL Injection
Posted Aug 12, 2021
Authored by Halit Akaydin

RATES SYSTEM version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d472f87d486080efe5d62e3a79b12767
Red Hat Security Advisory 2021-3142-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3142-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
MD5 | 822a7e89b3b5bc0c4567f3c658b28519
Red Hat Security Advisory 2021-3140-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3140-01 - This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, bypass, code execution, cross site scripting, denial of service, deserialization, information leakage, man-in-the-middle, memory leak, resource exhaustion, server-side request forgery, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability, code execution, xss, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2017-18640, CVE-2017-5645, CVE-2019-12402, CVE-2019-14887, CVE-2019-16869, CVE-2019-20445, CVE-2020-10688, CVE-2020-10693, CVE-2020-10714, CVE-2020-10719, CVE-2020-11996, CVE-2020-13920, CVE-2020-13934, CVE-2020-13935, CVE-2020-13936, CVE-2020-13954, CVE-2020-13956, CVE-2020-14040, CVE-2020-14297, CVE-2020-14338, CVE-2020-14340, CVE-2020-1695, CVE-2020-17510, CVE-2020-17518, CVE-2020-1925, CVE-2020-1935, CVE-2020-1938
MD5 | 21a26b1675bef95b9bb70206a03731d7
COVID19 Testing Management System 1.0 SQL Injection
Posted Aug 12, 2021
Authored by Ashish Upsham

COVID19 Testing Management System version 1.0 suffers from a remote SQL injection vulnerability leveraging the searchdata parameter on the patient-search-report.php page. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke in May of 2021.

tags | exploit, remote, php, sql injection
MD5 | b36fd4281ed2835482616a0d0da9e478
Xiaomi 10.2.4.g Information Disclosure
Posted Aug 12, 2021
Authored by Vishwaraj101

Xiaomi browser version 10.2.4.g suffers from a browser search history disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-20523
MD5 | 9dea490704dc2785ee1fa573e8494850
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close