exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

Files Date: 2021-11-19

Apache Storm Nimbus 2.2.0 Command Execution
Posted Nov 19, 2021
Authored by Spencer McIntyre, Alvaro Munoz | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.

tags | exploit, remote, code execution, bash
advisories | CVE-2021-38294
MD5 | 2631462b02a2e967032a92da5e87ddae
Packet Fence 11.1.0
Posted Nov 19, 2021
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: PacketFence v11 now fully supports multi-factor authentication for its captive portal, CLI and VPN. Advanced integration with Akamai MFA is now included as well as generic support for any TOTP solutions. A few new features and over two dozen enhancements and bug fixes.
tags | tool, remote
systems | unix
MD5 | 7d06527c96a3ffc5446d643fdd2870c8
Ubuntu Security Notice USN-5152-1
Posted Nov 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5152-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-38503, CVE-2021-38509
MD5 | 24e382a4ac0afa4668158c5c48685920
Red Hat Security Advisory 2021-4743-03
Posted Nov 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4743-03 - LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-42574
MD5 | 75f1cbf84e1bef9ea1284ab3f07a52ed
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close