what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 332 RSS Feed

Files Date: 2021-09-01 to 2021-09-30

Red Hat Security Advisory 2021-3642-01
Posted Sep 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3642-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-25741
SHA-256 | e5ea0b25b2d39793003ba5a3c2f5ece3db0e42eeb9158570c160ffde10c19998
Pet Shop Management System 1.0 Shell Upload
Posted Sep 29, 2021
Authored by Mr.Gedik

Pet Shop Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 28477ad85ab4111f1df3679d0ad89f7074a8bafd27483d7ca25f37d1c4298c64
Ubuntu Security Notice USN-5092-2
Posted Sep 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5092-2 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33624, CVE-2021-34556, CVE-2021-35477, CVE-2021-3679, CVE-2021-37159, CVE-2021-37576, CVE-2021-38160, CVE-2021-38199, CVE-2021-38201, CVE-2021-38204, CVE-2021-38205, CVE-2021-41073
SHA-256 | fe6e6f7b890fe9c454e6d8b6981a93e9900e3e12cc8de38080233a23b6f9f395
Mitrastar GPT-2541GNAC-N1 Privilege Escalation
Posted Sep 29, 2021
Authored by Leonardo Nicolas Servalli

Mitrastar GPT-2541GNAC-N1 suffers from a privilege escalation vulnerability that provides root privileges.

tags | exploit, root
SHA-256 | 79eee6856f1f12654bc6bb4b93dba0735934aa5df9b92db70648672e0168b534
Google Extensible Service Proxy Header Forgery
Posted Sep 29, 2021
Authored by Imre Rad

Google's Extensible Service Proxy suffers from a header forgery vulnerability.

tags | exploit
SHA-256 | c2a95ac806be1e61288f44e7ec319f21ec2702adefa41386a2ad0039ac44ff37
Ubuntu Security Notice USN-5094-1
Posted Sep 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5094-1 - It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2021-22543, CVE-2021-3679, CVE-2021-3732, CVE-2021-37576, CVE-2021-38204, CVE-2021-38205
SHA-256 | 61410dbe4257dd87ae714e3f86a082bb3acae0802b9d7ce2e4fc034d086c4838
Storage Unit Rental Management System 1.0 Shell Upload
Posted Sep 29, 2021
Authored by Fikrat Ghuliev

Storage Unit Rental Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 40921e68c1ec93ec4338b185d832ad6b9271cae7bd61a5da66366bf26fd606e0
Ubuntu Security Notice USN-5090-4
Posted Sep 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
SHA-256 | 97566fcdf572aabba3700b134cb12c430056ecb69fad0c05e485f33bb178308a
WordPress Redirect 404 To Parent 1.3.0 Cross Site Scripting
Posted Sep 29, 2021
Authored by 0xB9

WordPress Redirect 404 to Parent plugin version 1.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24286
SHA-256 | f4ebfcd69e7f5176c540dbe75f7090e041c52868c64e8097859a7b178f1d3f4b
WordPress Select All Categories And Taxonomies 1.3.1 Cross Site Scripting
Posted Sep 29, 2021
Authored by 0xB9

WordPress Select All Categories And Taxonomies plugin version 1.3.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24287
SHA-256 | 68fc9f4058f733ea1e46d65dc918535536c09807be809a6fe766a63989c5c709
OpenSIS 8.0 Cross Site Scripting
Posted Sep 29, 2021
Authored by Eric Salario

OpenSIS version 8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bac5d8f25561abe1b7b4f87c94bf527231e8fcd6a9f8623f5506441d4deed74c
Google Tsunami Security Scanner Pre-Alpha
Posted Sep 29, 2021
Authored by Google Tsunami Team | Site github.com

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. It was originally written by Google and open sourced in July of 2020.

tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 9e5527ca4b40f218f5fc3dcb8685bd4dd7fecf7330f37e0ad5242e442db55a6b
Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting
Posted Sep 29, 2021
Authored by nu11secur1ty | Site github.com

Covid Vaccination Scheduler System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to faisalfs10x in July of 2021.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2021-36621
SHA-256 | ae710b05bd025d7e79e63517677882000a5dc8e341484db8f13afd0794170b66
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.

tags | exploit, remote
SHA-256 | 6ef66ed70e92ad612290d98df48054d67d1c964e07a0683eaed0ee4abc38ad4e
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Backdoor Account
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.

tags | exploit
SHA-256 | 76986786233f93566ddb9953be6f98bfa450885a5ac241ed16617a8870a9ff2b
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Configuration Disclosure
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.

tags | exploit, web
SHA-256 | c9208e538a5afc70b3635572f890f2667c94de059d48740427d2b3abf186786c
FatPipe Networks WARP 10.2.2 Authorization Bypass
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
SHA-256 | d011bfaa75604c3b3dc63ad611330b11fc8a534120edc38f724e1a4f58929d87
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Cross Site Request Forgery
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

The application interface FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | 7e2119d2b169c3fb6fb1b259c686bac08187edd3b7de42bea6ab93a108d54445
Ubuntu Security Notice USN-5090-3
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
SHA-256 | b581416306f3dd476e571d54877a550435c22900a370f6c91efbf9d6ff8a914f
Red Hat Security Advisory 2021-3675-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3675-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | ad9ce160c59df30cf9941c0697bd6c9340ed669c6ce5bb9d5b843c8b6fea9592
WordPress Ultimate Maps 1.2.4 Cross Site Scripting
Posted Sep 28, 2021
Authored by 0xB9

WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24274
SHA-256 | ffbdf36c553fc01d39018fe0185356f74c5cc7f17c0c33a393d62e41f2a8b4f0
Red Hat Security Advisory 2021-3676-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3676-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-3653, CVE-2021-3656
SHA-256 | 3890d30cbbe4c135f4f392438402e64ce8d51636134209fb2750f26e7d7532aa
Ubuntu Security Notice USN-5093-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5093-1 - Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3770, CVE-2021-3778, CVE-2021-3796
SHA-256 | c4de699295308995e581a4fe17697bd8bdf4568f3c040db7dede29c2d61a0c08
Apache James Server 2.3.2 Remote Command Execution
Posted Sep 28, 2021
Authored by shinris3n

Apache James Server version 2.3.2 remote command execution exploit.

tags | exploit, remote
SHA-256 | c9b253ccb01558d000573b82422dd40cdb537674eba685ea7b12e068e995cf6b
Ubuntu Security Notice USN-5092-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5092-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33624, CVE-2021-34556, CVE-2021-35477, CVE-2021-3679, CVE-2021-37159, CVE-2021-37576, CVE-2021-38160, CVE-2021-38199, CVE-2021-38201, CVE-2021-38204, CVE-2021-38205, CVE-2021-41073
SHA-256 | ebcf129926760acf6a8d3e98fe23c9b1ac0c8a4d82db537ed58774cee102bccf
Page 1 of 14
Back12345Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close