exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2021-09-15

elFinder Archive Command Injection
Posted Sep 15, 2021
Authored by Shelby Pace, Thomas Chauchefoin | Site metasploit.com

elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and enables the execution of arbitrary commands as the www-data user.

tags | exploit, arbitrary, php
advisories | CVE-2021-32682
SHA-256 | eefba941559b0ed45889286a43dda93328d3b84159ce379897131f28b557f0ba
Ubuntu Security Notice USN-5079-2
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-22946, CVE-2021-22947
SHA-256 | 60550d5e74772413dfb06a565ea32040a3d6110b2dd1c2e451288a6afe7cc288
Ubuntu Security Notice USN-5079-1
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947
SHA-256 | 33a734d871c8bed97d25050dd5bf6ab7df0fb69274d554d1083bd6cb8dc39da0
Red Hat Security Advisory 2021-3548-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-3653
SHA-256 | f34440cff5dd52d12aa31bc2944cbaba64cc43262880839ccb4109041d1a196d
Red Hat Security Advisory 2021-3547-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3547-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-3653
SHA-256 | d2e1a538fee4ab87f53ee19a0fbe11b5a6d73ce5fe3f7b354441143aa1d36878
Red Hat Security Advisory 2021-3546-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3546-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, imap, protocol
systems | linux, redhat
advisories | CVE-2021-33582
SHA-256 | f906598321e1f6eb52920261111c9632db38f848be1dac81ce1c97c946db901b
Support Board 3.3.3 SQL Injection
Posted Sep 15, 2021
Authored by John Jefferson Li

Support Board version 3.3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2a74f71dedf3f7f5963bb472329a6c5c3746dec0dee4fe94d195943e60963018
Red Hat Security Advisory 2021-3488-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3488-01 - Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services. The Neutron API supports extensions to provide advanced network capabilities.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-40085
SHA-256 | 2d5d24721728b8d31b9a5cde4de4186a4a7e8431901691c9e32ca865dbe4227d
AHSS-PHP 1.0 Cross Site Scripting / SQL Injection
Posted Sep 15, 2021
Authored by nu11secur1ty

AHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
SHA-256 | 68a392a056a9f2e1e642c82f281adc0a3d69f62cd8340f5fa33f333a57a01d1d
Red Hat Security Advisory 2021-3487-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3487-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train).

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198
SHA-256 | 76ac3020cd111b90d10112a9f0a7c5fc0b2f30b8931c3f2c0c97c2c382b470e3
Evolution CMS 3.1.6 Remote Code Execution
Posted Sep 15, 2021
Authored by Halit Akaydin

Evolution CMS version 3.1.6 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 6c074019983619b13238797843a812155737efa47779744d3cb1c2aecb41f06c
Red Hat Security Advisory 2021-3490-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.

tags | advisory, remote, local, vulnerability, python, file inclusion
systems | linux, redhat
advisories | CVE-2021-3281, CVE-2021-33203, CVE-2021-33571
SHA-256 | 7acd802c838e14356fda2dd84f235e3bbe000e4229b9386b3483399a41ad00f5
Ubuntu Security Notice USN-5078-1
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5078-1 - Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-41072
SHA-256 | 29045801f6c03dcd7332efc0bb67025d0097e29be1019ac6339d9f4bf614eaed
Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
Posted Sep 15, 2021
Authored by Ricardo Jose Ruiz Fernandez

Remote command execution exploit for Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 which have a web interface called AlphaWeb XE that allows for a remote shell upload.

tags | exploit, remote, web, shell
advisories | CVE-2021-40845
SHA-256 | 74d530912782b4d1135f22f7bda97ec701c5233933221a5a7b8aa9b09cd95217
Ubuntu Security Notice USN-5077-2
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5077-2 - USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maik M

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-3709
SHA-256 | fd7c949255f6b3cb16dcefce0881829ebecf88b6e748a05f60c0b890a73aa4a0
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close