what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2021-08-12

Lexmark Driver Privilege Escalation
Posted Aug 12, 2021
Authored by Jacob Baines, Shelby Pace, Grant Willcox | Site metasploit.com

Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenticated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:\ProgramData\<driver name>\Universal Color Laser.gdl to replace the DLL path to unires.dll with a malicious DLL path. When C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs is then used to add the printer to the affected system, PrintIsolationHost.exe, a Windows process running as NT AUTHORITY\SYSTEM, will inspect the C:\ProgramData\<driver name>\Universal Color Laser.gdl file and will load the malicious DLL from the path specified in the file. This which will result in the malicious DLL executing as NT AUTHORITY\SYSTEM. Once this module is finished, it will use the prnmngr.vbs script to remove the printer it added.

tags | exploit
systems | windows
advisories | CVE-2021-35449
SHA-256 | db241e26cf8e485cbeaa7d359e18c68f4083f5cbe8615e284394323a682200d8
Atlassian Crowd pdkinstall Remote Code Execution
Posted Aug 12, 2021
Authored by Paul, Corben Leo, Grant Willcox | Site metasploit.com

This Metasploit module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the /crowd/admin/uploadplugin.action page exists and that it responds appropriately to determine if the target is vulnerable or not.

tags | exploit
advisories | CVE-2019-11580
SHA-256 | 3e45d1541858eca07bdf958f9f224a9b488c705ba65f4fdb0909d25e3d5eb68f
Ubuntu Security Notice USN-3809-2
Posted Aug 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3809-2 - USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10708, CVE-2018-15473
SHA-256 | bbf5618081288ef9f000d1c20b8bcd450a9fedd47655c41a8c2f028a9adbe2a3
Red Hat Security Advisory 2021-3148-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3148-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
SHA-256 | b9e765dd4d08b602c62191da5851f18452520c92ab9a0c4dfc37d96425f38eb9
Red Hat Security Advisory 2021-3147-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3147-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
SHA-256 | bbba51b79820d5467c5ba50a63cfdd6679db856d220eadef894b23c7bb263f8c
Red Hat Security Advisory 2021-3146-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3146-01 - New Features The release of RHACS 3.64 provides the following new features: 1. You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others. 2. The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource. 3. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance.

tags | advisory, kernel
systems | linux, redhat, ubuntu
advisories | CVE-2021-27218, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558
SHA-256 | 3dae0211cac116aa040fff62f9340288c846c30ed90002205ef641c2456ce404
Red Hat Security Advisory 2021-3009-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3009-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.42.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558
SHA-256 | cba644e5476890bd1d9c7d7c2d527dd52e381a8c039dd42c1a5bb3bfefb5fcbf
Ubuntu Security Notice USN-5037-1
Posted Aug 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5037-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-29980, CVE-2021-29985, CVE-2021-29989
SHA-256 | 8ca2d7c1bd794cca45954b4048457a3573422ce1bdbd7f56b3f4b7fd5d4b8219
Red Hat Security Advisory 2021-3145-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3145-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-34485
SHA-256 | 8b1dce2d05e351a9497b203fd890e8b8da00eb1064087469af36ab3f6d0d700b
Red Hat Security Advisory 2021-3143-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3143-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
SHA-256 | 6efb7629072fdeee9f66659a51621f2c62f5acd44eb666f8f716ee7adc9baabd
Red Hat Security Advisory 2021-3144-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3144-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-34485
SHA-256 | b4b813a36b77da74dd06f37596ae60c426850c812194d46476294827acdd573f
RATES SYSTEM 1.0 SQL Injection
Posted Aug 12, 2021
Authored by Halit Akaydin

RATES SYSTEM version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c5e4b8d50dc7b2d9d54f156e581a169dbe9d2cd49ac7306f943747ad513c1d32
Red Hat Security Advisory 2021-3142-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3142-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
SHA-256 | 0a1c380fd96b1e1b31d8159d51a7d7096fc8c5320d235d293f36fd04163fe9f1
Red Hat Security Advisory 2021-3140-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3140-01 - This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, bypass, code execution, cross site scripting, denial of service, deserialization, information leakage, man-in-the-middle, memory leak, resource exhaustion, server-side request forgery, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability, code execution, xss, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2017-18640, CVE-2017-5645, CVE-2019-12402, CVE-2019-14887, CVE-2019-16869, CVE-2019-20445, CVE-2020-10688, CVE-2020-10693, CVE-2020-10714, CVE-2020-10719, CVE-2020-11996, CVE-2020-13920, CVE-2020-13934, CVE-2020-13935, CVE-2020-13936, CVE-2020-13954, CVE-2020-13956, CVE-2020-14040, CVE-2020-14297, CVE-2020-14338, CVE-2020-14340, CVE-2020-1695, CVE-2020-17510, CVE-2020-17518, CVE-2020-1925, CVE-2020-1935, CVE-2020-1938
SHA-256 | 7b87634aaeff995c7acbe482688b36f551a706a54a262f6607bd35c528818502
COVID19 Testing Management System 1.0 SQL Injection
Posted Aug 12, 2021
Authored by Ashish Upsham

COVID19 Testing Management System version 1.0 suffers from a remote SQL injection vulnerability leveraging the searchdata parameter on the patient-search-report.php page. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke in May of 2021.

tags | exploit, remote, php, sql injection
SHA-256 | f002eabeb50977244e89748650d5102ddc6e7551996a2b13e8a2e3dd3a119827
Xiaomi 10.2.4.g Information Disclosure
Posted Aug 12, 2021
Authored by Vishwaraj101

Xiaomi browser version 10.2.4.g suffers from a browser search history disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-20523
SHA-256 | 78eedf78d44d909f731f5933fd125419b830b0d97de5fe48cbe238db98734f15
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close