exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2021-09-30

Ubuntu Security Notice USN-5096-1
Posted Sep 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5096-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-34556, CVE-2021-35477, CVE-2021-3612, CVE-2021-3679, CVE-2021-37159, CVE-2021-3732, CVE-2021-38160, CVE-2021-38166, CVE-2021-38199, CVE-2021-38201, CVE-2021-38202, CVE-2021-38203, CVE-2021-38204, CVE-2021-38205, CVE-2021-40490, CVE-2021-41073
SHA-256 | 98f615f379d8346abea7dc65ffd543f999a46dbda2ec8a72bcaac4dbaea40126
Haveged 1.9.15
Posted Sep 30, 2021
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: Added check for sys/auxv.h before using it. Fixed build on uclibc. Improved make check tests. Removed old init.d files. Support added for Linux kernel LRNG patch set.
tags | tool
systems | linux, unix
SHA-256 | f882919ccead07ad6687a4784c0c501e617321e96dd0118403464969359cf6ad
Red Hat Security Advisory 2021-3700-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3700-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include bypass, denial of service, information leakage, resource exhaustion, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2020-13956, CVE-2020-27223, CVE-2021-20289, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-28169, CVE-2021-29425, CVE-2021-3425, CVE-2021-34428, CVE-2021-34429, CVE-2021-3763
SHA-256 | a8a12dcc50fccbe685347bca1c58d45fbfe797cf6ab2e35bef81923f2d3fef9b
PlaceOS 1.2109.1 Open Redirection
Posted Sep 30, 2021
Authored by Hamza Khedr

PlaceOS version 1.2109.1 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2021-41826
SHA-256 | 9230fb10c8a88600b3268329baa1ee6acb5f4ae8cd635068dcd1d6419c76b0d3
Ubuntu Security Notice USN-5095-1
Posted Sep 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5095-1 - It was discovered that Apache Commons IO incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-29425
SHA-256 | 7ba660de150df66e90ee6d46d576813e67c78d8bbe0d6e0481c598417e50d1b3
Cmsimple 5.4 Remote Code Execution
Posted Sep 30, 2021
Authored by pussycat0x

Cmsimple version 5.4 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 9c66365017cd37b01e328c9eadccc39e261944d0e29fb70b25ae5aacd4f85a3a
Red Hat Security Advisory 2021-3694-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3694-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-36222, CVE-2021-3749, CVE-2021-37576, CVE-2021-37750, CVE-2021-38201
SHA-256 | b1ce9e701282280a5c2dbdfafd7782a607b33f330152c096fdc1e2b3c2debde0
Deserialization Of Untrusted Data In jsoniter
Posted Sep 30, 2021
Authored by Adi Malyanker

Whitepaper that discusses deserialization of untrusted data in jsoniter.

tags | paper
SHA-256 | 0ca417e1ce7adae9c50ca05cb6775b57ac7716c04884972cfd2a9cbbb6b0a4a4
WordPress JS Jobs Manager 1.1.7 Authorization Bypass
Posted Sep 30, 2021
Authored by spacehen

WordPress JS Jobs Manager plugin version 1.1.7 suffers from an unauthenticated plugin installation and activation vulnerability.

tags | exploit, bypass
SHA-256 | 476b7c83bbaedc72abf814d5c8e7070dcc8f90d29894a855004150ad54d829af
Red Hat Security Advisory 2021-3635-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3635-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.32.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-25741
SHA-256 | cbe740f692bda6a2095dbe1baf9fb403adf7ac1f7060dba615bda02274f3160e
Pharmacy Point Of Sale System 1.0 SQL Injection
Posted Sep 30, 2021
Authored by Murat

Pharmacy Point of Sale System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Janik Wehrli in September of 2021.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | c48c955fe8392ca3517e9829a5ddffe745c764c0b8977cacae3f618a20d90f0f
Azure Active Directory Brute Forcer
Posted Sep 30, 2021
Authored by treebuilder

This code is a proof-of-concept of the recently revealed Azure Active Directory password brute-forcing vulnerability announced by Secureworks.

tags | exploit
SHA-256 | 776f9c87b943ea490dee90a4f117eb7062122a1a4ccdfcf9e16e09ca2416cd61
Page 1 of 1

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By