exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files Date: 2021-09-30

Ubuntu Security Notice USN-5096-1
Posted Sep 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5096-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-34556, CVE-2021-35477, CVE-2021-3612, CVE-2021-3679, CVE-2021-37159, CVE-2021-3732, CVE-2021-38160, CVE-2021-38166, CVE-2021-38199, CVE-2021-38201, CVE-2021-38202, CVE-2021-38203, CVE-2021-38204, CVE-2021-38205, CVE-2021-40490, CVE-2021-41073
SHA-256 | 98f615f379d8346abea7dc65ffd543f999a46dbda2ec8a72bcaac4dbaea40126
Haveged 1.9.15
Posted Sep 30, 2021
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: Added check for sys/auxv.h before using it. Fixed build on uclibc. Improved make check tests. Removed old init.d files. Support added for Linux kernel LRNG patch set.
tags | tool
systems | linux, unix
SHA-256 | f882919ccead07ad6687a4784c0c501e617321e96dd0118403464969359cf6ad
Red Hat Security Advisory 2021-3700-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3700-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include bypass, denial of service, information leakage, resource exhaustion, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2020-13956, CVE-2020-27223, CVE-2021-20289, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-28169, CVE-2021-29425, CVE-2021-3425, CVE-2021-34428, CVE-2021-34429, CVE-2021-3763
SHA-256 | a8a12dcc50fccbe685347bca1c58d45fbfe797cf6ab2e35bef81923f2d3fef9b
PlaceOS 1.2109.1 Open Redirection
Posted Sep 30, 2021
Authored by Hamza Khedr

PlaceOS version 1.2109.1 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2021-41826
SHA-256 | 9230fb10c8a88600b3268329baa1ee6acb5f4ae8cd635068dcd1d6419c76b0d3
Ubuntu Security Notice USN-5095-1
Posted Sep 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5095-1 - It was discovered that Apache Commons IO incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-29425
SHA-256 | 7ba660de150df66e90ee6d46d576813e67c78d8bbe0d6e0481c598417e50d1b3
Cmsimple 5.4 Remote Code Execution
Posted Sep 30, 2021
Authored by pussycat0x

Cmsimple version 5.4 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 9c66365017cd37b01e328c9eadccc39e261944d0e29fb70b25ae5aacd4f85a3a
Red Hat Security Advisory 2021-3694-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3694-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-36222, CVE-2021-3749, CVE-2021-37576, CVE-2021-37750, CVE-2021-38201
SHA-256 | b1ce9e701282280a5c2dbdfafd7782a607b33f330152c096fdc1e2b3c2debde0
Deserialization Of Untrusted Data In jsoniter
Posted Sep 30, 2021
Authored by Adi Malyanker

Whitepaper that discusses deserialization of untrusted data in jsoniter.

tags | paper
SHA-256 | 0ca417e1ce7adae9c50ca05cb6775b57ac7716c04884972cfd2a9cbbb6b0a4a4
WordPress JS Jobs Manager 1.1.7 Authorization Bypass
Posted Sep 30, 2021
Authored by spacehen

WordPress JS Jobs Manager plugin version 1.1.7 suffers from an unauthenticated plugin installation and activation vulnerability.

tags | exploit, bypass
SHA-256 | 476b7c83bbaedc72abf814d5c8e7070dcc8f90d29894a855004150ad54d829af
Red Hat Security Advisory 2021-3635-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3635-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.32.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-25741
SHA-256 | cbe740f692bda6a2095dbe1baf9fb403adf7ac1f7060dba615bda02274f3160e
Pharmacy Point Of Sale System 1.0 SQL Injection
Posted Sep 30, 2021
Authored by Murat

Pharmacy Point of Sale System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Janik Wehrli in September of 2021.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | c48c955fe8392ca3517e9829a5ddffe745c764c0b8977cacae3f618a20d90f0f
Azure Active Directory Brute Forcer
Posted Sep 30, 2021
Authored by treebuilder

This code is a proof-of-concept of the recently revealed Azure Active Directory password brute-forcing vulnerability announced by Secureworks.

tags | exploit
SHA-256 | 776f9c87b943ea490dee90a4f117eb7062122a1a4ccdfcf9e16e09ca2416cd61
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close