what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files Date: 2021-11-19

Apache Storm Nimbus 2.2.0 Command Execution
Posted Nov 19, 2021
Authored by Spencer McIntyre, Alvaro Munoz | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.

tags | exploit, remote, code execution, bash
advisories | CVE-2021-38294
SHA-256 | bdeabaf8ee1de5cc701765d5b3a2960189a0cd18ac93bcb180979bd32c8d528a
Packet Fence 11.1.0
Posted Nov 19, 2021
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: PacketFence v11 now fully supports multi-factor authentication for its captive portal, CLI and VPN. Advanced integration with Akamai MFA is now included as well as generic support for any TOTP solutions. A few new features and over two dozen enhancements and bug fixes.
tags | tool, remote
systems | unix
SHA-256 | e2b27e0905cf51ca3b59fd5f4b22f91f3532230b7e73bc05f37a93b0e8e00b73
Ubuntu Security Notice USN-5152-1
Posted Nov 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5152-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-38503, CVE-2021-38509
SHA-256 | 4cf4f8b326d91fae79b633a52f5e15eabec035c4ef4fe52cd1e07e04a4c88083
Red Hat Security Advisory 2021-4743-03
Posted Nov 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4743-03 - LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-42574
SHA-256 | cc2f2c61da319fd573e3a950f95a76aa25b7bd22cc9d81900456a9a34f9653ed
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close