exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2021-10-22

Faraday 3.18.0
Posted Oct 22, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Removed attachments in vulns filter endpoint. Added open and confirmed vulns in workspace stats. Added user id to session API endpoint. Added cve to vulnerability model. Changed funcs to views. Fixed report import. Added last_run_agent_date field to workspace endpoint. Fixed cve parsing in vulnerability create and bulk create. Fixed order_by in filters api. Fixed 500 status code with invalid executor arguments.
tags | tool, rootkit
systems | unix
SHA-256 | eeb51a0601444ae090b539723d9ec244468d9f3fe32403ac2884aec913449998
Ubuntu Security Notice USN-5121-1
Posted Oct 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2021-42096, CVE-2021-42097
SHA-256 | 31b5089934b776c5932880b406f38f121f36e74f6461c25588737e5f22c7ff0f
SAP Enterprise Portal Sensitive Data Disclosure
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Enterprise Portal suffers from an sensitive information disclosure vulnerability in the com.sapportals.navigation.testComponent.NavigationRequestSniffer servlet.

tags | advisory, info disclosure
advisories | CVE-2021-33687
SHA-256 | 4a8db7aa8f258b1769fbf97ddef33a9c7b31c57775fc5b0aaae9d89f1808d5c0
Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation
Posted Oct 22, 2021
Authored by James Forshaw, Google Security Research

The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems.

tags | exploit
systems | windows
SHA-256 | 0079ebd509ea0915ed3e16a7c9804d1538ef4af1d978ab5d1ad291080c5dd106
SAP NetWeaver ABAP IGS Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

The SAP NetWeaver ABAP IGS service suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-27620, CVE-2021-27622, CVE-2021-27624, CVE-2021-27625, CVE-2021-27626, CVE-2021-27627
SHA-256 | 2d1f0734303783a8b47a886f91b23670d4395d5d4ed4501f6e4af6001b97b2b7
Online Course Registration 1.0 SQL Injection
Posted Oct 22, 2021
Authored by Drew Jones, Sam Ferguson

Online Course Registration version 1.0 suffers from a blind boolean-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7a2b88e12b269b54cb21377981ddc1a6971c0d2cdd29f7e161bc42db12bed913
SAP NetWeaver ABAP Gateway Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

The SAP NetWeaver ABAP Gateway service suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-27597, CVE-2021-27633, CVE-2021-27634
SHA-256 | da1fec63d0f864232e684c79171e0e2cc4a5296c2ce6bd0702518810eabac2ea
SAP NetWeaver ABAP Enqueue Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP NetWeaver ABAP Enqueue service suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-27606, CVE-2021-27629, CVE-2021-27630, CVE-2021-27631, CVE-2021-27632
SHA-256 | 311841e1ce77e5cac126339df98efcba8eda52f242b8a567340833179c8bd6c5
Ubuntu Security Notice USN-5116-2
Posted Oct 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5116-2 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-3702, CVE-2021-3732, CVE-2021-38198, CVE-2021-38205, CVE-2021-40490, CVE-2021-42008
SHA-256 | bb413440af0aa8dceb1eaf38175be7d5c9ca2e29eb72383441a3801aa860047d
Clinic Management System 1.0 Code Execution / SQL Injection
Posted Oct 22, 2021
Authored by Pablo Santiago

Clinic Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.

tags | exploit, remote, shell, sql injection
SHA-256 | f5c56bd725c4d429d8538d02faa6b5e7639510b64d58be8816511e188df9be9a
SAP JAVA NetWeaver System Connections XML Injection
Posted Oct 22, 2021
Authored by Pablo Artuso | Site onapsis.com

The Communication Profiles functionality provided within SAP JAVA NetWeaver suffers from an XML external entity injection vulnerability.

tags | advisory, java
advisories | CVE-2021-27635
SHA-256 | 148727acfbb4a8a75ea11ebaf68ed2fcc427fa652ac0cb1a7e2f15ae72c6fc66
SAP NetWeaver ABAP Dispatcher Service Memory Corruption
Posted Oct 22, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP NetWeaver ABAP Dispatcher service suffers from memory corruption vulnerabilities. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable.

tags | advisory, vulnerability
advisories | CVE-2021-27607, CVE-2021-27628
SHA-256 | 17cc60af5d9b943931eeb5cd66b2a4f367a1a9b045b6aa0fe83114111e1f2e37
Jetty 9.4.37.v20210219 Information Disclosure
Posted Oct 22, 2021
Authored by Mayank Deshmukh

Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-28164
SHA-256 | 2db5d62005c6515d8366be3e8c08c4df222e8620470f674dec2932c545737167
Ubuntu Security Notice USN-5120-1
Posted Oct 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5120-1 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2019-19449, CVE-2020-26541, CVE-2020-36311, CVE-2021-22543, CVE-2021-3612, CVE-2021-3759, CVE-2021-38199, CVE-2021-38207, CVE-2021-40490
SHA-256 | 0a4088e105c209023f79e6f139417f5c549e7100d2f58e29b718a130f141a387
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close