what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2021-11-17

SQLMAP - Automatic SQL Injection Tool 1.5.11
Posted Nov 17, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 69b91d6bba6d053b300a89692d5ebe98cc3ce9803d5f25e600a31943afa7fc6e
Red Hat Security Advisory 2021-4032-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4032-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23369, CVE-2021-23383, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-28153
SHA-256 | 14f971ee6ac97f93b8de4d06c668c3a26b4bb107cba2ed6ee7eacb091fa3dcc7
SuiteCRM 7.11.18 Remote Code Execution
Posted Nov 17, 2021
Authored by M. Cory Billington | Site metasploit.com

This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.

tags | exploit, web, php
advisories | CVE-2020-28328, CVE-2021-42840
SHA-256 | 7f2ef0fa96275977d80eca31460f8f2876baa953ce756a42a73f7d1524b141fb
Ubuntu Security Notice USN-5148-1
Posted Nov 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5148-1 - It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-3504
SHA-256 | 76851cf8dd20c10c8a7e161d457d12beee41e14890fc435ae8dd98c540f7a962
WordPress Smart Product Review 1.0.4 Shell Upload
Posted Nov 17, 2021
Authored by Keyvan Hardani

WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 29a1fcc09577e084c0c089ef3d7a429a755dafcc54dfac7e29bf7520ce0f0f63
Red Hat Security Advisory 2021-4626-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4626-01 - The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-28469, CVE-2020-7733
SHA-256 | e78c982084d10901d788a5c486cbbfd19932b8793039633a3cf90132286b87fd
LiquidFiles 3.5.13 Privilege Escalation
Posted Nov 17, 2021
Authored by Eliana Cannella, Valerio Casalino, Riccardo Spampinato

LiquidFiles version 3.5.13 suffers from a privilege escalation vulnerability. The LiquidFiles API allows a User Admin to access keys for System Administrators.

tags | exploit
advisories | CVE-2021-43397
SHA-256 | bf9b58acae02929b7e3bacefe79b18576f37054b1cc772c21d9b054246ca69cb
Red Hat Security Advisory 2021-4703-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4703-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt.ovirt package manages all oVirt Ansible modules. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3620
SHA-256 | 344136b78bd0a33e49bbd741bc5b8ab81942ea43faba16ccc30e1da86859067d
Ubuntu Security Notice USN-5149-1
Posted Nov 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5149-1 - Kevin Backhouse discovered that AccountsService incorrectly handled memory when performing certain language setting operations. A local attacker could use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-3939
SHA-256 | 0183300b73a168e52d3f29741265462c012571234ef6c3e63b0ff9bfdc7887b1
GitLab 13.10.2 Remote Code Execution
Posted Nov 17, 2021
Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2021-22204, CVE-2021-22205
SHA-256 | a3816f4a73b68abc9aa497e0982428e2bde3d7b0a005094907ca8484d9f39f60
Red Hat Security Advisory 2021-4628-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4628-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-0512, CVE-2021-22946, CVE-2021-22947, CVE-2021-23369, CVE-2021-23383, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3656, CVE-2021-3733
SHA-256 | ac277430a1b1b05dba76cecef03900e9e3030dda5c7eafc2dd739d28f122ce68
Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 17, 2021
Authored by Rahad Chowdhury

Quick.CMS version 6.7 suffers from a cross site scripting vulnerability that can allow for cross site request forgery attacks.

tags | exploit, xss, csrf
SHA-256 | 67a0a105c6f950cecd0e39d185aca97751f39901cc4896bc691f737af9c4e4ec
Red Hat Security Advisory 2021-4702-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion
systems | linux, redhat
advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494
SHA-256 | 8add47f95e7029cc9b29e159ddcedaf8b823cd7f438afa063e0aa09ebed5c91a
Bludit 3.13.1 Cross Site Scripting
Posted Nov 17, 2021
Authored by Vasu

Bludit version 3.13.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-35323
SHA-256 | a40179e874a3617c43914004a657787ce2c2cd85253dca00ef0e809d5a1b018c
DNS Cache Poisoning Attack: Resurrections With Side Channels
Posted Nov 17, 2021
Authored by Keyu Man, Zhiyun Qian, Xin'an Zhou

In this paper, the authors conduct an analysis of the previously over-looked attack surface related to DNS, and are able to uncover even stronger side channels that have existed for over a decade in Linux kernels. The side channels affect not only Linux but also a wide range of DNS software running on top of it, including BIND, Unbound and dns-masq. They also discovered that about 38% of open resolvers (by frontend IPs) and 14% (by backend IPs) are vulnerable including the popular DNS services such as OpenDNS and Quad9.

tags | paper, kernel
systems | linux
SHA-256 | 285348238e1453af785253da8bbd1e4ba41081c23566393003c3960304917844
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close