what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2021-09-28

Debian Security Advisory 4967-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4967-1 - Etienne Stalmans discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not validate filenames for traversal outside of the destination directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2021-40153
SHA-256 | c7522b4eeabe8c9588e7d48cd0cc114c4b00a72b7777470016051ed6fbc09d70
Debian Security Advisory 4968-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4968-1 - Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks.

tags | advisory
systems | linux, debian
advisories | CVE-2021-40346
SHA-256 | 722e6b1f007edff3fc58e6248446392cfef076d7541acd8ed38ea7e8add1a122
Debian Security Advisory 4969-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4969-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2021-38493
SHA-256 | bbf752c06cdbb8161899c2f1532324e5f1f0e311ff5c48461e056792a520eef0
Debian Security Advisory 4970-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4970-1 - Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing.

tags | advisory, web
systems | linux, debian
advisories | CVE-2021-40347
SHA-256 | d0c0d8c9e3c781e6faf36980659196a409ce5700fd69a57831a82485c7e65a85
Debian Security Advisory 4971-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4971-1 - Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation.

tags | advisory, local, root, vulnerability
systems | linux, debian
advisories | CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256
SHA-256 | 507f001642bcc1403611d56627f15d6bf5b64ac341f2e2a5db931f2781606046
Debian Security Advisory 4972-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4972-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2021-3781
SHA-256 | efae9a961b56c9384742b0eb52f6aecb392a18a59c1e854ecd4ad068889fe62b
Debian Security Advisory 4973-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4973-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2021-38493
SHA-256 | 0d4113449ce1cada8dbb75e60d597373835145fb30048c182cc9a09fc054ee74
Debian Security Advisory 4974-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4974-1 - Two vulnerabilities were discovered in the Nextcloud desktop client, which could result in information disclosure.

tags | advisory, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-22895, CVE-2021-32728
SHA-256 | 6224cf36fc7db2027cb5f00f3a2dc2fcd4db77f937b2bcc3cd750746a1374493
Debian Security Advisory 4975-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4975-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2021-30858
SHA-256 | 354b5be51d57f019107d08c3e6a1c194b278396fc086352a972819a0b4c52d4f
Debian Security Advisory 4976-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4976-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2021-30858
SHA-256 | 2875eed4ac197c4faf5b97c96bb75a711a9936e46f225a9d62c0ce24f02dd76d
Debian Security Advisory 4977-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4977-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-28694, CVE-2021-28695, CVE-2021-28696, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28700, CVE-2021-28701
SHA-256 | d81161044e1a99166a8514342c122a44470dc3e7951d7c4383ff8fd3711141c2
Debian Security Advisory 4978-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4978-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2020-16119, CVE-2020-3702, CVE-2021-3653, CVE-2021-3656, CVE-2021-3679, CVE-2021-3732, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-37576, CVE-2021-38160, CVE-2021-38166, CVE-2021-38199, CVE-2021-40490
SHA-256 | 58e6e00aeccd2d98b5f0fbd9438d9ad7fea0354cd2d4fc6a894c0d2ecc5f5d7f
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.

tags | exploit, remote
SHA-256 | 6ef66ed70e92ad612290d98df48054d67d1c964e07a0683eaed0ee4abc38ad4e
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Backdoor Account
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.

tags | exploit
SHA-256 | 76986786233f93566ddb9953be6f98bfa450885a5ac241ed16617a8870a9ff2b
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Configuration Disclosure
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.

tags | exploit, web
SHA-256 | c9208e538a5afc70b3635572f890f2667c94de059d48740427d2b3abf186786c
FatPipe Networks WARP 10.2.2 Authorization Bypass
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
SHA-256 | d011bfaa75604c3b3dc63ad611330b11fc8a534120edc38f724e1a4f58929d87
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Cross Site Request Forgery
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

The application interface FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | 7e2119d2b169c3fb6fb1b259c686bac08187edd3b7de42bea6ab93a108d54445
Ubuntu Security Notice USN-5090-3
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
SHA-256 | b581416306f3dd476e571d54877a550435c22900a370f6c91efbf9d6ff8a914f
Red Hat Security Advisory 2021-3675-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3675-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | ad9ce160c59df30cf9941c0697bd6c9340ed669c6ce5bb9d5b843c8b6fea9592
WordPress Ultimate Maps 1.2.4 Cross Site Scripting
Posted Sep 28, 2021
Authored by 0xB9

WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24274
SHA-256 | ffbdf36c553fc01d39018fe0185356f74c5cc7f17c0c33a393d62e41f2a8b4f0
Red Hat Security Advisory 2021-3676-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3676-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-3653, CVE-2021-3656
SHA-256 | 3890d30cbbe4c135f4f392438402e64ce8d51636134209fb2750f26e7d7532aa
Ubuntu Security Notice USN-5093-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5093-1 - Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3770, CVE-2021-3778, CVE-2021-3796
SHA-256 | c4de699295308995e581a4fe17697bd8bdf4568f3c040db7dede29c2d61a0c08
Apache James Server 2.3.2 Remote Command Execution
Posted Sep 28, 2021
Authored by shinris3n

Apache James Server version 2.3.2 remote command execution exploit.

tags | exploit, remote
SHA-256 | c9b253ccb01558d000573b82422dd40cdb537674eba685ea7b12e068e995cf6b
Ubuntu Security Notice USN-5092-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5092-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33624, CVE-2021-34556, CVE-2021-35477, CVE-2021-3679, CVE-2021-37159, CVE-2021-37576, CVE-2021-38160, CVE-2021-38199, CVE-2021-38201, CVE-2021-38204, CVE-2021-38205, CVE-2021-41073
SHA-256 | ebcf129926760acf6a8d3e98fe23c9b1ac0c8a4d82db537ed58774cee102bccf
WordPress Popup 1.10.4 Cross Site Scripting
Posted Sep 28, 2021
Authored by 0xB9

WordPress Popup plugin version 1.10.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24275
SHA-256 | ed1b48d005de68bb19e777a8b0f2eaf4468a6b8c5f2311d3d8b400aa188e742b
Page 1 of 2
Back12Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close