what you don't know can hurt you
Showing 1 - 25 of 365 RSS Feed

Files Date: 2022-02-01 to 2022-02-28

Red Hat Security Advisory 2022-0565-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0565-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.55. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2022-20612, CVE-2022-20617
SHA-256 | a77a27376cdeeede8e164e59332a079d3653b7b5e6c8434a66fd7fd583febb5d
Red Hat Security Advisory 2022-0672-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0672-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, ruby
systems | linux, redhat
advisories | CVE-2021-31799, CVE-2021-31810, CVE-2021-32066
SHA-256 | 75b83c280fe30dd26b2d514ba311d51c918989f7bf0b43fc25fb89e588c8f1f0
Microsoft Exchange Server Remote Code Execution
Posted Feb 25, 2022
Authored by zcgonvh, Grant Willcox, testanull, PeterJson, Microsoft Threat Intelligence Center, Microsoft Security Response Center, pwnforsp | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2. Note that authentication is required to exploit this vulnerability. The specific flaw exists due to the fact that the deny list for the ChainedSerializationBinder had a typo whereby an entry was typo'd as System.Security.ClaimsPrincipal instead of the proper value of System.Security.Claims.ClaimsPrincipal. By leveraging this vulnerability, attacks can bypass the ChainedSerializationBinder's deserialization deny list and execute code as NT AUTHORITY\SYSTEM. Tested against Exchange Server 2019 CU11 SU0 on Windows Server 2019, and Exchange Server 2016 CU22 SU0 on Windows Server 2016.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2021-42321
SHA-256 | 12eb99965a3f9b7bfde5c2c3d85628bf4f85bbe42475b654e2c35b7e33a8ccaa
Red Hat Security Advisory 2022-0665-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0665-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2022-22816, CVE-2022-22817
SHA-256 | 30a40458f5e8f2144068d42968899f4d706efe71abb367d0f59cada140c422b5
Bank Management System 1.0 SQL Injection
Posted Feb 25, 2022
Authored by nu11secur1ty

Bank Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bb3fa2ada8dbb10e11f109d1e2eac74158f420d5db6279f49d675faf7e0c1040
Red Hat Security Advisory 2022-0669-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0669-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2022-22816, CVE-2022-22817
SHA-256 | d76b5bc5053822e21cf3d8c58b4ea3c6473c57da55a8e22f364e5f62e7fc8f79
Red Hat Security Advisory 2022-0666-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0666-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-24407
SHA-256 | 95dbedfb31ab478d75fd196d8c96e6aaea3383b38893a87766ecfdae1ea3a8ca
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting
Posted Feb 25, 2022
Authored by Chloe Chamberland | Site wordfence.com

WordPress Photoswipe Masonry Gallery plugin version 1.2.14 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0750
SHA-256 | 15996cc31605f93925a67eef5bab187429b2569dcdbb41553596502d78575f90
Red Hat Security Advisory 2022-0555-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0555-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2022-20612, CVE-2022-20617
SHA-256 | 04b518ab641e93f4535bdfd079f2eae5c76ff1632cf6da61dd6e81f2900b8304
Technitium Installer 4.4 DLL Hijacking
Posted Feb 25, 2022
Authored by James Tsz Ko Yeung

Technitium Installer version 4.4 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 0e6484ed861f014968126a0f09091025cbefed6941d943a6fd29af9e7f51a890
Red Hat Security Advisory 2022-0668-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0668-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-24407
SHA-256 | e0855dbe4f7074b4b32b749a55fc1193ec694d72f7ff294796c487c89cfd5991
Red Hat Security Advisory 2022-0667-01
Posted Feb 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0667-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2022-22816, CVE-2022-22817
SHA-256 | dd8e0e821c9152d338037751995124bc5afa10bc5d5f918b752baac6460d2cbf
Dahua ToolBox 1.010.0000000.0 DLL Hijacking
Posted Feb 25, 2022
Authored by James Tsz Ko Yeung

Dahua ToolBox version 1.010.0000000.0 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 6b1fc66ebb4990d2570fa7be6bbf5e5fe0502e6ed7f689008354eb03be6ce6fa
Packet Fence 11.2.0
Posted Feb 24, 2022
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: PacketFence v11.2 now directly integrates with TIP OpenWiFi. TIP OpenWiFi access points are now natively supported network/switch devices in PacketFence with the ability to provision out-of-band subscriber service networks, IoT networks and secured networks. It sees its device management (MDM) integration nicely enhanced with the addition of Kandji. More automated tests were added through Venom. It also provides additional important improvements such as floating devices support for Brocade/Ruckus switches, role-base access for VPNs, an ISO-based Debian 11 installer and much more.
tags | tool, remote
systems | unix
SHA-256 | 14e0915c5ade0f452ed74540b6e34a54e94e728680e3f09293dde36bfc98c6a8
Ubuntu Security Notice USN-5292-4
Posted Feb 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5292-4 - USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code.

tags | advisory, arbitrary, shell, local
systems | linux, ubuntu
advisories | CVE-2021-3155, CVE-2021-4120, CVE-2021-44730, CVE-2021-44731
SHA-256 | 169abf80da0290c7a605e413fa2b7a41d8a2c57ded0ed852147dda380b2de9a5
Red Hat Security Advisory 2022-0663-01
Posted Feb 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0663-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat
advisories | CVE-2021-44142
SHA-256 | 24dda6271dda80c5868174e0e36df55396478a74dc320200b6051d3e05894fea
Red Hat Security Advisory 2022-0664-01
Posted Feb 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0664-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat
advisories | CVE-2021-44142
SHA-256 | 9b25509fe631ffce124b1c6daf151996ea9dae6960cdb31b554da6529fc46fb4
Red Hat Security Advisory 2022-0561-01
Posted Feb 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0561-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.22.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29923, CVE-2021-36221
SHA-256 | 0e7af326f0f271460b04fc1779109d6262a541fffb8de50ba313da361668f52e
Red Hat Security Advisory 2022-0557-01
Posted Feb 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0557-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29923, CVE-2021-36221
SHA-256 | 2e91b3452fdbc421c55f50de8a4dcf470d0a33611a06ac8632dffe83b77b8e6a
Red Hat Security Advisory 2022-0658-01
Posted Feb 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0658-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-24407
SHA-256 | 1f899de6f90fec4d374d03cac15ac5ef7c78f7d8a99a66268ae66792e4a631e7
Red Hat Security Advisory 2022-0661-01
Posted Feb 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0661-01 - This release of Red Hat Fuse 7.10.1 serves as a replacement for Red Hat Fuse 7.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | f479c300fc79084c051684b2216b5a70471bf4d2ef7a53e18336b4968c31b24c
Simple Mobile Comparison Website 1.0 SQL Injection
Posted Feb 24, 2022
Authored by nu11secur1ty

Simple Mobile Comparison Website version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 695bf39dcd0d3744026fcb148bfc24bfa5cf5578621d80e3431287638536eca1
VMware Security Advisory 2022-0006
Posted Feb 24, 2022
Authored by VMware | Site vmware.com

VMware Security Advisory 2022-0006 - VMware Workspace ONE Boxer update addresses a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2022-22944
SHA-256 | 5a32a12f1a08cf58e9548b3c22be85570f889ee77785c88393248b2b7f9be9fb
Wondershare MirrorGo 2.0.11.346 Insecure File Permissions
Posted Feb 24, 2022
Authored by Luis Martinez

Wondershare MirrorGo version 2.0.11.346 suffers from an insecure permissions vulnerability.

tags | exploit
SHA-256 | 7c357903c71131608d611e554bd946d3f3f155a0d469502402e051e43742df02
Ubuntu Security Notice USN-5300-1
Posted Feb 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5300-1 - It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2015-9253, CVE-2017-9119, CVE-2017-9120, CVE-2021-21707
SHA-256 | a3c43189a77d959782469e503170048c773cfe62638b7e5096d7604ac94e195c
Page 1 of 15
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close