what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files Date: 2021-12-10

Ubuntu Security Notice USN-5186-1
Posted Dec 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5186-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-43536, CVE-2021-43539, CVE-2021-43540, CVE-2021-43541, CVE-2021-43545, CVE-2021-43546
MD5 | af467d405b02c0deebc430a5e5265a84
nfstream 6.4.0
Posted Dec 10, 2021
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Introduced Windows platform official support. Introduced System Visibility feature. Introduced Python 3.10 official support. nDPI maintenance update. Patched for RPI platforms cores detection.
tags | tool, python
systems | unix
MD5 | e9099e58665ecfdccd8d0b113f587372
Red Hat Security Advisory 2021-5070-02
Posted Dec 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5070-02 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.

tags | advisory, remote, local, vulnerability, python, file inclusion
systems | linux, redhat
advisories | CVE-2021-28658, CVE-2021-31542, CVE-2021-3281, CVE-2021-33203, CVE-2021-33571
MD5 | 2b10dccd342853b670fa64c6bf4701bb
OpenCATS 0.9.4 Remote Code Execution
Posted Dec 10, 2021
Authored by Nicholas Ferreira

OpenCATS version 0.9.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 1b3af8931c77c6f3c9c7d115893e958c
Red Hat Security Advisory 2021-5072-01
Posted Dec 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5072-01 - A highly-available key value store for shared configuration.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198
MD5 | 964d2c62301847ab5cfec970051d2090
Free School Management Software 1.0 Cross Site Scripting
Posted Dec 10, 2021
Authored by fuzzyap1

Free School Management Software version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 72c0115823b68111baf1bebc27009323
Free School Management Software 1.0 Shell Upload
Posted Dec 10, 2021
Authored by fuuzap1

Free School Management Software version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 8480857a380626147c073145dc433e41
Polkit CVE-2021-3560 Research
Posted Dec 10, 2021
Authored by Tanishq Sharma, Shikhar Saxena, Rushil Saxena

This document covers a vulnerability in policy kit (polkit) used on many Linux distributions, which enables an unprivileged local user to get a privileged shell (root) on the system by manually sending dbus messages to the dbus-daemon, then killing the request before it has been fully processed.

tags | exploit, paper, shell, local, root
systems | linux
advisories | CVE-2021-3560
MD5 | 26b6cdb7066c00f38cf20509e706052f
Red Hat Security Advisory 2012-5055-03
Posted Dec 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-5055-03 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.4.0. Issues addressed include buffer overflow, bypass, denial of service, and spoofing vulnerabilities.

tags | advisory, denial of service, overflow, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546
MD5 | 5636677898f20f6ea65232539d86ea41
Red Hat Security Advisory 2021-5071-01
Posted Dec 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5071-01 - Eventlet is a networking library written in Python. It achieves high scalability by using non-blocking io while at the same time retaining high programmer usability by using coroutines to make the non-blocking io operations appear blocking at the source code level. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2021-21419
MD5 | 1ad2d5f6a7c300ec1931a355b5e31eec
Red Hat Security Advisory 2021-5065-05
Posted Dec 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5065-05 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3930
MD5 | 49a824608a51836250a659ed8a59fd1a
Apache Log4j2 2.14.1 Remote Code Execution
Posted Dec 10, 2021
Authored by tangxiaofeng7 | Site github.com

Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-44228
MD5 | 09c5608ec058a3f1d995a4340b5d204b
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close