exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2021-12-28

Debian Security Advisory 5000-2
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5000-2 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | bb28053ed741b4232cf1c304d7a1816d64dc77abf02ef0f7f4318db6ef2a9c3e
Debian Security Advisory 5016-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5016-1 - Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2021-43527
SHA-256 | 35d9a4d43f640926eb2420ef777ea504b336ac1a1fd52fd509acd24e3675989f
Debian Security Advisory 5017-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5017-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-28704, CVE-2021-28705, CVE-2021-28706, CVE-2021-28707, CVE-2021-28708, CVE-2021-28709
SHA-256 | b03ae44176b038f17b13a99fe5b85c4cbbb049073a1d6fd36112a4dd59c2a1f2
Debian Security Advisory 5018-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5018-1 - It was discovered that missing input sanitising in Babel, a set of tools for internationalising Python applications, could result in the execution of arbitrary code.

tags | advisory, arbitrary, python
systems | linux, debian
advisories | CVE-2021-20095
SHA-256 | 98ac2d3daff6c67ffc821f77fa08bc03ffd0feffffe4cc5dbc7cb4f49dae0925
Debian Security Advisory 5019-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5019-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2021-22207, CVE-2021-22222, CVE-2021-22235, CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39923, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929
SHA-256 | 32359136e8b8c69c7cbaa7b1295fb6e90e96c697ab48a4d5feafb42140573fb9
Debian Security Advisory 5020-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5020-1 - Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default.

tags | advisory, java, arbitrary
systems | linux, debian
advisories | CVE-2020-9488, CVE-2021-44228
SHA-256 | d0aca50b8b49a7bc8f1bbb01cb127d84b478f189d829e302cdf52f86f86356a3
Debian Security Advisory 5021-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5021-1 - Multiple security issues were discovered in MediaWiki, a website engine actions may allow an attacker to leak page content from private wikis or to bypass edit restrictions.

tags | advisory
systems | linux, debian
advisories | CVE-2021-44857, CVE-2021-44858, CVE-2021-45038
SHA-256 | 64acb0e0d53c1ffd7659325445b66dd867717b33c34b85f9b34b2a035175fd38
Debian Security Advisory 5022-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5022-1 - It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.

tags | advisory, java, denial of service
systems | linux, debian
advisories | CVE-2021-45046
SHA-256 | 116c9375e042795a5cd05bbde2c6ef96ec6f35bfedd5f2a0ee86124fa2903ad1
Debian Security Advisory 5023-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5023-1 - It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which could result in denial of service. The update introduces a new 'SecRequestBodyJsonDepthLimit' option to limit the maximum request body JSON parsing depth which ModSecurity will accept (defaults to 10000).

tags | advisory, web, denial of service
systems | linux, debian
advisories | CVE-2021-42717
SHA-256 | 3f85c3919db0ef69a9b1f2f2a1881936692b855d1c7c312fa5f4640492138172
Debian Security Advisory 5024-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5024-1 - It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service.

tags | advisory, java, denial of service
systems | linux, debian
advisories | CVE-2021-45105
SHA-256 | 6a9b4dcb09185e3b07645d5acea3cb02cdd0b78af28c1bc86e76eeee9ec5e90d
Debian Security Advisory 5025-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5025-1 - A flaw was discovered in tang, a network-based cryptographic binding server, which could result in leak of private keys.

tags | advisory
systems | linux, debian
advisories | CVE-2021-4076
SHA-256 | 95697656a52607df88e8cffbc50d7665407912d741c613e99b97a16eb9c22c11
Debian Security Advisory 5026-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5026-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542
SHA-256 | 5dd3e34f7a37e68f3bcb4b4e4a624d36721ad43edbf9d5779c29309bb60ce56e
Debian Security Advisory 5027-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5027-1 - Jan-Niklas Sohn discovered that multiple input validation failures in X server extensions of the X.org X server may result in privilege escalation if the X server is running privileged.

tags | advisory
systems | linux, debian
advisories | CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011
SHA-256 | 1fa4491f7ca985d9a68534fc21c09385c84455e31ea4bb6920992315357cd622
Debian Security Advisory 5028-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5028-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting and SQL injection attacks, or execute arbitrary code.

tags | advisory, arbitrary, xss, sql injection
systems | linux, debian
SHA-256 | 2479cbc37f3297d5aef480ad6ac89e363c4d37a606357f10ca6862fcc47985f2
Debian Security Advisory 5029-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5029-1 - It was discovered that missing SAML signature validation in the SOGo groupware could result in impersonation attacks.

tags | advisory
systems | linux, debian
advisories | CVE-2021-33054
SHA-256 | d7adb0cc8e3cc8561575bbf0cd9635ac207dc970e09a4a77c57078c20429c3ae
Debian Security Advisory 5030-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5030-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2021-30887, CVE-2021-30890
SHA-256 | d4a62f9be8a75b432b8de2152f6a11d80cc78b371126621b47e4d9ce97dec012
Debian Security Advisory 5031-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5031-1 - The following vulnerabilities have been discovered in the wpewebkit web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2021-30887, CVE-2021-30890
SHA-256 | 3aacd91562be0c8c7c134701ced600adb5a223bb8df850e744c0aae832c9a031
Debian Security Advisory 5032-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5032-1 - Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format. An attacker could crash document viewers and possibly execute arbitrary code through crafted DjVu files.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145, CVE-2019-18804, CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493, CVE-2021-3500, CVE-2021-3630
SHA-256 | 710db2d5265ed17e7dc1e4133372755c3e7f19cf33cf56efb99bbc2029c6eaea
Debian Security Advisory 5033-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5033-1 - Multiple vulnerabilities were discovered in the FORT RPKI validator, which could result in denial of service or path traversal.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-3907, CVE-2021-3909, CVE-2021-43114, CVE-2021-43173
SHA-256 | 0a9a883cbdb90356d70335092122d591ab37a760e50576176c139fbdaf68e7a5
ManageEngine ServiceDesk Plus Remote Code Execution
Posted Dec 28, 2021
Authored by wvu, Y4er | Site metasploit.com

This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.

tags | exploit, remote, code execution, file upload
advisories | CVE-2021-44077
SHA-256 | 244ae2538bc9ec8f90e308561999a95ddf997764203cb31dbd2e32b039b73273
Terramaster F4-210 / F2-210 Remote Code Execution
Posted Dec 28, 2021
Authored by n0tme | Site thatsn0tmy.site

Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected.

tags | exploit, code execution
SHA-256 | 280fe87f73ebbd9b65c98174e56a305596930cb8ba4ec478c59ce61cce93ca5f
Backdoor.Win32.FTP.Simpel.12 MVID-2021-0433 Insecure Crypto Implementation
Posted Dec 28, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.FTP.Simpel.12 malware uses MD5 with no salt for password storage.

tags | exploit
systems | windows
SHA-256 | fa0bad4b0d1e6b7e848560c99ab47053d8b73f2a4bcf7e8f3d5dbe9918824375
Windows Explorer Preview Pane HTML File Link Spoofing
Posted Dec 28, 2021
Authored by Eduardo Braun Prado

The Windows Explorer Preview Pane feature allows for spoofing of links contained in an HTML based file because upon moving the mouse over the link nothing happens and it cannot be right-clicked to show the actual target.

tags | exploit, spoof
systems | windows
SHA-256 | 1275b5aeba88545381a682189becb0cad4288ce1bb6d7f8098c04512d9cff739
Backdoor.Win32.FTP.Simpel.12 MVID-2021-0432 Man-In-The-Middle
Posted Dec 28, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.FTP.Simpel.12 malware suffers from a man-in-the-middle vulnerability.

tags | exploit
systems | windows
SHA-256 | 6e5c371fe9d4183ded36eebcaa977f36dc3de85aaea04405823bc486dd893bc3
Backdoor.Win32.Visiotrol.10 MVID-2021-0431 Insecure Password Storage
Posted Dec 28, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Visiotrol.10 malware suffers from an insecure password storage vulnerability.

tags | exploit
systems | windows
SHA-256 | 26006253cbf2950c7d2354800cbbf3814299c513dd0af87e124bf174be43d8bc
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close