exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2021-12-06

Ubuntu Security Notice USN-5173-1
Posted Dec 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5173-1 - It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-14462
SHA-256 | 740faf462661aa2f8b10bcd2adde7ab93a6891479486065b563ba76c96dbfa09
Auerswald COMpact 8.0B Backdoors
Posted Dec 6, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to access the web-based management application full administrative access to the device. Versions 8.0B and below are affected.

tags | exploit, web
advisories | CVE-2021-40859
SHA-256 | dd5ca7ea4caa5162c8b67967d3278af0abfd50ff21e9371c5bd80f2300d42ed3
Ubuntu Security Notice USN-5172-1
Posted Dec 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5172-1 - It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19198, CVE-2018-20721
SHA-256 | 78a9c2dbad84f9490e14a0959440ef0e1eb66266016317afac206ce7ee55e96f
Auerswald COMpact 8.0B Arbitrary File Disclosure
Posted Dec 6, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users with the "sub-admin" privilege to access any files on the PBX's file system. Versions 8.0B and below are affected.

tags | exploit, web
advisories | CVE-2021-40858
SHA-256 | d996a18ccf6aeaf710400d44518247e46de43b267d135f9213bec807dc59597d
runc / libcontainer Bind Mount Sources Insecure Handling
Posted Dec 6, 2021
Authored by Google Security Research, Felix Wilhelm

The recent commit #9c4440 introduces two vulnerabilities to libcontainer that can be exploited by an attacker with partial control over the bind mount sources of a new container.

tags | exploit, vulnerability
advisories | CVE-2021-43784
SHA-256 | ed408918fa162c1e37fcd4ed27b9ab361935aa46728e7fcbca4f23d94f8f25d3
Ubuntu Security Notice USN-5171-1
Posted Dec 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5171-1 - It was discovered that Long Range ZIP incorrectly handled certain specially crafted lrz files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-8844, CVE-2018-10685, CVE-2018-5786
SHA-256 | 1b281c62103ad0ebb4c59cde1db74c39efcb0a0ee83254a74c84aa845d08f9b6
Auerswald COMpact 8.0B Privilege Escalation
Posted Dec 6, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows low-privileged users to access passwords of administrative user accounts. Affected versions include 8.0B and below.

tags | exploit, web
advisories | CVE-2021-40857
SHA-256 | dac326b33fff7e529507312696bf7c1980ce40578237f9caf02f0b838930f9b6
Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass
Posted Dec 6, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface of the Auerswald COMfortel 1400 and 2600 IP desktop phones. The vulnerability allows accessing configuration data and settings in the web-based management interface without authentication. Versions 2.8F and below are affected.

tags | exploit, web
advisories | CVE-2021-40856
SHA-256 | a81f22dfd946e817d23fb35f271231f89fc1fa3368c9f66e528ef931719ac208
Croogo 3.0.2 Remote Code Execution
Posted Dec 6, 2021
Authored by Deha Berkin Bir

Croogo version 3.0.2 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 69cb24321500a1eabe06fb8e754fc1e37bd8231ca7df47261d555d176c75139f
Microsoft Internet Explorer Active-X Control Security Bypass
Posted Dec 6, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.

tags | exploit, activex, bypass
SHA-256 | fa22daaea0233f0b687f938d605627bbae7fbc5bb28632e8d17422cd0cf0af81
Ubuntu Security Notice USN-5174-1
Posted Dec 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5174-1 - Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. Andrew Bartlett discovered that Samba did not properly check sensitive attributes. An authenticated attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, remote, local, root
systems | linux, ubuntu
advisories | CVE-2016-2124, CVE-2020-25717, CVE-2020-25722, CVE-2021-3671
SHA-256 | 25c5c900f4302b24fc3b0236ad0320fa6c9153a96b6a27157cc077591a889f60
HCL Lotus Notes 12 Unquoted Service Path
Posted Dec 6, 2021
Authored by Mert Das

HCL Lotus Notes version 12 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 99ce7892a35c2e78ef98e09c6e41eff711220ed3ae9d0076949b8089ed762381
Simple Online Men's Salon Management System 1.0 SQL Injection
Posted Dec 6, 2021
Authored by nu11secur1ty

Simple Online Men's Salon Management System version 1.0 appears to suffer from a time-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9fff9dfef2b3a73b60aa0858435f45c8c289e00895835e9fac2e77d52181be64
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close