what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2021-09-17

Ubuntu Security Notice USN-5073-2
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5073-2 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2021-34693, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656, CVE-2021-38160
SHA-256 | 73db5d8411c29b8d786d41416069b7ec21b2ce13e2e482965f04c46f510de2e2
Red Hat Security Advisory 2021-3556-01
Posted Sep 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3556-01 - Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-25013, CVE-2019-2708, CVE-2019-9169, CVE-2020-13434, CVE-2020-15358, CVE-2020-27618, CVE-2020-28196, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8927, CVE-2021-20271, CVE-2021-20305, CVE-2021-27218, CVE-2021-27918, CVE-2021-31525, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-3326
SHA-256 | 42f4f7ff781503e879093e45c39f5c6db0ee7bf66f04a76cc6a3a41a08638018
Geutebruck instantrec Remote Command Execution
Posted Sep 17, 2021
Authored by Titouan Lazard, Ibrahim Ayadhi | Site metasploit.com

This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, overflow, cgi, root, code execution
advisories | CVE-2021-33549
SHA-256 | c4e4d56427af88f4e0240499806563abb1fa94b80fc1c5bdc3ba921dbbbafb67
Ubuntu Security Notice USN-5083-1
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5083-1 - It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2021-3733, CVE-2021-3737
SHA-256 | cf1c664ac3030e4cd34e05174e101afebd1645b1bdeba83b3242a64505d95995
Ubuntu Security Notice USN-5081-1
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5081-1 - It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-17507, CVE-2021-38593
SHA-256 | 2d33fdc2e3a70adb7ebb7092aa51879731e5862fe6e8219e38129030e9d6bc60
WordPress WooCommerce Booster 5.4.3 Authentication Bypass
Posted Sep 17, 2021
Authored by Sebastian Kriesten

WordPress WooCommerce Booster plugin version 5.4.3 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 6869c90de19478042f9edd783554dcdb0189b8f5d60d79f4bb2b39763aa85f33
Ubuntu Security Notice USN-5071-2
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5071-2 - USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 20.04 LTS for Ubuntu 18.04 LTS. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-36311, CVE-2021-22543, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656
SHA-256 | 08286776d53ae93088aee6f142faa0c27c8411ae4ab3530488089971ed861760
Library Management System 1.0 SQL Injection
Posted Sep 17, 2021
Authored by Bobby Cooke, Adeeb Shah

Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 09e215838b64206f4d4119c058c5e284bdd8e98c69dab8b13f7377a4746d602f
Ubuntu Security Notice USN-5082-1
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5082-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2021-3609, CVE-2021-3653, CVE-2021-3656
SHA-256 | 1691e96b342a299e6c7efc1bf7e7d50d0589e4769c49bd5e499e3b03e5e044c7
Cloudron 6.2 Cross Site Scripting
Posted Sep 17, 2021
Authored by Akiner Kisa

Cloudron version 6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-40868
SHA-256 | 6dd26254a5db463a27e4a4d96e18fc8e0c44493f9ed64caa444e635d4da9cbd0
Ubuntu Security Notice USN-5080-2
Posted Sep 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5080-2 - USN-5080-1 fixed several vulnerabilities in Libgcrypt. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33560
SHA-256 | 2adec80c4681853611b13311e54d0139990e045ac469da689053cded8316e974
Simple Attendance System 1.0 SQL Injection
Posted Sep 17, 2021
Authored by Abdullah Khawaja

Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 7806334a37c19b3dc0822ef989bec01d9416218f67d781a8d9dd72de13a207b9
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close