what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2021-09-01

Packet Storm New Exploits For August, 2021
Posted Sep 1, 2021
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 116 exploits added to Packet Storm in August, 2021.

tags | exploit
SHA-256 | 1854109f17e8bc271ea7f561e45923488b7238dbbb19a6b8fc0b4d532e611ce2
Ubuntu Security Notice USN-5060-2
Posted Sep 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5060-2 - USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
SHA-256 | 4457527b23f96c206b3df1b061d456a6dcdcdb750fc2d5bdda7051d1a082da07
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation
Posted Sep 1, 2021
Authored by Grant Willcox, chompie1337, Manfred Paul | Site metasploit.com

Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10.37 are vulnerable to a bug in the eBPF verifier's verification of ALU32 operations in the scalar32_min_max_and function when performing AND operations, whereby under certain conditions the bounds of a 32 bit register would not be properly updated. This can be abused by attackers to conduct an out of bounds read and write in the Linux kernel and therefore achieve arbitrary code execution as the root user. The target system must be compiled with eBPF support and not have kernel.unprivileged_bpf_disabled set, which prevents unprivileged users from loading eBPF programs into the kernel. Note that if kernel.unprivileged_bpf_disabled is enabled this module can still be utilized to bypass protections such as SELinux, however the user must already be logged as a privileged user such as root.

tags | exploit, arbitrary, kernel, root, code execution
systems | linux
advisories | CVE-2021-3490
SHA-256 | 72309dfd15f65e29e815be3b1add6fc3b2c2baad6cb3b01ac2bbfff15a8b2c9d
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
Posted Sep 1, 2021
Authored by T. Weber | Site sec-consult.com

Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1914, CVE-2013-7423, CVE-2015-0235, CVE-2015-7547, CVE-2016-1234, CVE-2021-39278, CVE-2021-39279
SHA-256 | 91e5218cfa2c2452c1da0918b3b85328aad5bcf76352c949affc7a9a10a95a39
Confluence Server 7.12.4 OGNL Injection Remote Code Execution
Posted Sep 1, 2021
Authored by h3v0x

Confluence Server version 7.12.4 unauthenticated OGNL injection remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2021-26084
SHA-256 | edfa2004247afa5b006485a948fb93b61c91fbe8e09997fd1180dcd5758b7ddc
Red Hat Security Advisory 2021-3399-01
Posted Sep 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3399-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-22555, CVE-2021-32399, CVE-2021-3347
SHA-256 | 4494ee8b7be74847e36f59f258843bd1c2d73737a8e168d20950d6eff4f12b59
OpenEMR 6.0.0 Insecure Direct Object Reference
Posted Sep 1, 2021
Authored by Allen Enosh Upputori

OpenEMR version 6.0.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2021-40352
SHA-256 | 7d6123e4f92dbeac0fc04f7f189c4e37165184bded23fe55900d9c1c2944b65a
Traffic Offense Management System 1.0 SQL Injection / Remote Code Execution
Posted Sep 1, 2021
Authored by Tagoletta

Traffic Offense Management System version 1.0 remote code execution exploit that leverages a remote SQL vulnerability.

tags | exploit, remote, code execution, sql injection
SHA-256 | 6f3c9fc3eb0973a596147f098d1a202dea7c9b21d5ccde275be721a687271c18
WordPress GetPaid 2.4.6 HTML Injection
Posted Sep 1, 2021
Authored by Niraj Mahajan

WordPress GetPaid payments plugin version 2.4.6 suffers from an html injection vulnerability.

tags | exploit
SHA-256 | debcc7e3479505a6e52f1155295df62498881cef2051bbd1fd39f6f65d790501
Ubuntu Security Notice USN-5060-1
Posted Sep 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5060-1 - It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
SHA-256 | c8aa2727bc592dba695ebc4a4e5b279258f44c498b212a898d9e6296b3de91d7
HiveNightmare AKA SeriousSAM
Posted Sep 1, 2021
Authored by Sheikhar Gautam, Rima Yadav, Pankaj Jorwal

Whitepaper called HiveNightmare AKA SeriousSAM. It details an overview of CVE-2021-36934 and provides exploitation details.

tags | exploit, paper
advisories | CVE-2021-36934
SHA-256 | 6b2f808ea234ce7630f8d7f1e9174e0e3c62ad056188b18315bbf76d42c8c731
COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection
Posted Sep 1, 2021
Authored by nu11secur1ty

COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
SHA-256 | 65bfd748e4acc27cb5df73d53350628dfaef17ece6a6fe72d8b2737edaee7016
Red Hat Security Advisory 2021-3248-01
Posted Sep 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3248-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.9.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558
SHA-256 | 78848ced1877739b50d4a82c228c9f22039c3bd17b557625fd4b145386c74fa0
Telegram Desktop 2.9.2 Denial Of Service
Posted Sep 1, 2021
Authored by Aryan Chehreghani

Telegram Desktop version 2.9.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 2986312bfedab59f0891103887db0410ab39cf2e37bc59ec21e7f0e79a90ea98
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close