what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2022-02-28

Debian Security Advisory 5066-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.

tags | advisory, denial of service, arbitrary, vulnerability, imap, info disclosure, ruby
systems | linux, debian
advisories | CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819
SHA-256 | 06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9
Debian Security Advisory 5067-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5067-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in information disclosure or denial of service.

tags | advisory, denial of service, vulnerability, info disclosure, ruby
systems | linux, debian
advisories | CVE-2021-41816, CVE-2021-41817, CVE-2021-41819
SHA-256 | 0484f18bed972d71f7df53edb8f4ef294019db03c31c92c45a5da5d8c6a8bcb6
Debian Security Advisory 5068-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5068-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465
SHA-256 | 83e824ad1d34e69303e2416d84b6ac09d82cd6ee5295728b9da45a9afc1d7955
Debian Security Advisory 5069-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5069-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764
SHA-256 | 1e379d99e51e240d11a38bb3c97e078979a6a30fadbcc6e5288eaf04dd9572af
Debian Security Advisory 5070-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5070-1 - CVE-2021-4122

tags | advisory
systems | linux, debian
advisories | CVE-2021-4122
SHA-256 | 7339a6a083baba45995620f30ca40190fa139930b7c05330150961e3e77cff15
Debian Security Advisory 5071-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5071-1 - Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix.

tags | advisory, vulnerability
systems | linux, unix, debian
advisories | CVE-2021-44142, CVE-2022-0336
SHA-256 | c65ef5714b1203bc675e8b5399a8cb9046a4536959aeacea4b226f71b4957cce
Debian Security Advisory 5072-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5072-1 - Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.

tags | advisory, web
systems | linux, debian
advisories | CVE-2021-20001
SHA-256 | 5aa61912346393ec6e1bb0438a11ab639ce2ce1c44fde0f5c401cc429a2db952
Debian Security Advisory 5073-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5073-1 - Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990
SHA-256 | 2a5928c2c95034b476596185df810d0f37c78feccaaac4aebbc933ac64290cb4
Debian Security Advisory 5074-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5074-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764
SHA-256 | 6b3407661d40a30199696dab9bda0cff90fdb0550c90f49d70d35f995637d300
Debian Security Advisory 5075-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5075-1 - Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack against a Minetest server or if user input is passed directly to minetest.deserialize without serializing it first, then a malicious user could run Lua code in the server environment.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2022-24300, CVE-2022-24301
SHA-256 | 8cdd9fdeb60db676b6890c8676fa29f99f832d9ba45c362267f9a26440d4d9dc
Debian Security Advisory 5076-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5076-1 - Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through JNDI. The H2 console is a developer tool and not required by any reverse-dependency in Debian. It has been disabled in (old)stable releases. Database developers are advised to use at least version 2.1.210-1, currently available in Debian unstable.

tags | advisory, java, remote, vulnerability, code execution
systems | linux, debian
advisories | CVE-2021-42392, CVE-2022-23221
SHA-256 | 602fbf289f0a4645af55ca95b395d714f480f6c820bc52e484aa494076a698fc
Debian Security Advisory 5077-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5077-1 - Multiple security issues were discovered in LibreCAD, an application for computer aided design (CAD) which could result in denial of service or the execution of arbitrary code if a malformed CAD file is opened.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2021-21898, CVE-2021-21899, CVE-2021-21900, CVE-2021-45341, CVE-2021-45342, CVE-2021-45343
SHA-256 | afc775f5db0c47cdcf5886354da7a08cf0a82bcf11ad1a79e57ab58d53121383
Debian Security Advisory 5078-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5078-1 - It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2021-45444
SHA-256 | 602ee7c93d7aaf91206a9ab27b951e0acda36e1dc3ea481d1b2e907673a0bba8
Debian Security Advisory 5079-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5079-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606, CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610
SHA-256 | 208b881562d41ad7ea06c546595de543110cc6c9bed23b923cf1574561b46ec0
Debian Security Advisory 5080-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5080-1 - Multiple vulnerabilties were discovered in snapd, a daemon and tooling that enable Snap packages, which could result in bypass of access restrictions or privilege escalation.

tags | advisory
systems | linux, debian
advisories | CVE-2021-44730, CVE-2021-44731
SHA-256 | 7aa8df4f541b162dac303b93aaa55309b14be4e5e525a23d7c6f864f2333f2d1
Debian Security Advisory 5081-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5081-1 - Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in Redis, a persistent key-value database.

tags | advisory
systems | linux, debian
advisories | CVE-2022-0543
SHA-256 | 24bea18a7ed5c46714df1e7fdd4207accfb76d034120ddde8eb85452b1cc49e8
Debian Security Advisory 5082-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5082-1 - Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service.

tags | advisory, denial of service, php, info disclosure
systems | linux, debian
advisories | CVE-2021-21707, CVE-2021-21708
SHA-256 | 0d3f1a5fe1e49457b4ad5606bb3a59b6b219551a7056119efecb97680d9f7506
Debian Security Advisory 5083-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5083-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620
SHA-256 | 5fceef4c8cd38a848ec306ff10e8b3165efd374cb22554eaa075d16353c3fc67
Debian Security Advisory 5084-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5084-1 - The following vulnerabilities have been discovered in the WPE WebKit web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620
SHA-256 | a15e8e3bbcf0339e99ef32ba2a6eb4b639b2b461d100788facd2371884643c33
Debian Security Advisory 5085-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5085-1 - Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315
SHA-256 | 0a1c5c3e3f1598ea66cbd52fa5a77ab866124388437e58a6c8661edb8f48157e
Debian Security Advisory 5086-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5086-1 - An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message.

tags | advisory
systems | linux, debian
advisories | CVE-2022-0566
SHA-256 | 571fa77f76dcf78551867c4f943fb1e287a30d7b51caa18a8430dcf810222e6c
Debian Security Advisory 5087-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5087-1 - It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation.

tags | advisory, remote, arbitrary, sql injection
systems | linux, debian
advisories | CVE-2022-24407
SHA-256 | 410b3b79060f1fcbba45f2a81cc0b6deac35652c246b8334e6570b6df4c9e79b
Win32k ConsoleControl Offset Confusion / Privilege Escalation
Posted Feb 28, 2022
Authored by Spencer McIntyre, BITTER APT, LiHao, KaLendsi, MaDongZe, TuXiaoYi, JinQuan, L4ys | Site metasploit.com

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to function on a wider range of Windows 10 targets.

tags | exploit, root, vulnerability
systems | windows
advisories | CVE-2021-1732, CVE-2022-21882
SHA-256 | 9902434a58e36c7838c71ee860592d8624368fc1b380cf4c9ccf530f09895fd2
Axis IP Camera Shell Upload
Posted Feb 28, 2022
Authored by jbaines-r7 | Site metasploit.com

This Metasploit module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary code. The issue has no CVE, although the technique was made public in 2018. This module uploads and executes stageless meterpreter as root. Uploading the application requires valid credentials. The default administrator credentials used to be root:root but newer firmware versions force users to provide a new password for the root user. The module was tested on an Axis M3044-V using the latest firmware (9.80.3.8: December 2021). All modules that support the "Apps" feature are presumed to be vulnerable.

tags | exploit, arbitrary, root
SHA-256 | 3b946c3c32ffbe1237309479a6f3fbc02ff1259e17c42ed2ee33315e97a2b97e
Hikvision IP Camera Unauthenticated Command Injection
Posted Feb 28, 2022
Authored by bashis, jbaines-r7, Watchful_IP | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module specifically attempts to exploit the blind variant of the attack. The module was successfully tested against an HWI-B120-D/W using firmware V5.5.101 build 200408. It was also tested against an unaffected DS-2CD2142FWD-I using firmware V5.5.0 build 170725. Please see the Hikvision advisory for a full list of affected products.

tags | exploit, web, root
advisories | CVE-2021-36260
SHA-256 | 7bd3dd72f17285cba701691f5d8795c84e79f211db3e6ea8a840141f658935a5
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close