what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2022-03-16

Ubuntu Security Notice USN-5331-1
Posted Mar 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5331-1 - It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16301, CVE-2020-8037
SHA-256 | 1d5f8cad45dcdb42f66dccd02e8ff366a5939d04f5522deaf7673ae1a91d5ad3
nfstream 6.4.3
Posted Mar 16, 2022
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Added CSV rotating files feature. Added pypi wheels for aarch64 and armhf. nDPI maintenance update. Fixed RAW datalink handling on Windows.
tags | tool, python
systems | unix
SHA-256 | 9731627a953810a577873c5bb602e83d5338288165babb0b69ad6cec1104b403
Windows SpoolFool Privilege Escalation
Posted Mar 16, 2022
Authored by Shelby Pace, Oliver Lyak | Site metasploit.com

The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via SetPrinterDataEx() provided the caller has the PRINTER_ACCESS_ADMINISTER permission. If the SpoolDirectory path does not exist, it will be created once the print spooler reinitializes. Calling SetPrinterDataEx() with the CopyFiles\ registry key will load the dll passed in as the pData argument, meaning that writing a dll to the SpoolDirectory location can be loaded by the print spooler. Using a directory junction and UNC path for the SpoolDirectory, the exploit writes a payload to C:\Windows\System32\spool\drivers\x64\4 and loads it by calling SetPrinterDataEx(), resulting in code execution as SYSTEM.

tags | exploit, registry, code execution
systems | windows
advisories | CVE-2022-21999
SHA-256 | 3e62199fe39127be4320ed28c4a8d52211edb9c506d1e42a0aba3faef33cb58c
Red Hat Security Advisory 2022-0810-01
Posted Mar 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0810-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.4. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-0811
SHA-256 | ff8809034d98671fb3a02a895b832152cf7fea97fbdddc5fbea5810459a6a58b
OpenSSL Toolkit 3.0.2
Posted Mar 16, 2022
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

Changes: Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever for non-prime moduli. Added ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL greater than or equal to 3. Made the AES constant time code for no-asm configurations optional due to the resulting 95% performance degradation. Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty passphrase strings. The negative return value handling of the certificate verification callback was reverted. The replacement is to set the verification retry state with the SSL_set_retry_verify() function.
tags | tool, encryption, protocol
systems | unix
SHA-256 | 98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63
OpenSSL Toolkit 1.1.1n
Posted Mar 16, 2022
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever for non-prime moduli. Added ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL greater than or equal to 3.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2022-0778
SHA-256 | 40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a
Chrome HandleTable::AddDispatchersFromTransit Integer Overflow
Posted Mar 16, 2022
Authored by Google Security Research, Glazvunov

Chrome suffers from an integer overflow vulnerability in HandleTable::AddDispatchersFromTransit that can lead to memory corruption.

tags | exploit, overflow
advisories | CVE-2022-0608
SHA-256 | 0ef0d4da3c4dc9fb06483f95973add0c92d39c6c630ce2e22e5798641135e44a
Moodle 3.11.5 SQL Injection
Posted Mar 16, 2022
Authored by Chris Anastasio

Moodle version 3.11.5 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e3e0c7cc36660ea59837d1a1c82382ac6a351a5640124aceb9c996e84a54cefe
Ubuntu Security Notice USN-5329-1
Posted Mar 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5329-1 - It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-20193
SHA-256 | d93524b4faa9c1873b080dc859dd24b00c0efd3f24655cd4fc09089b4c00fbb6
Red Hat Security Advisory 2022-0889-01
Posted Mar 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0889-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a double free vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-4091
SHA-256 | 3849b3e6d4f40fa1a8150605f73e9e68c5089e715748df3c9a9ef051afc71bb0
Pluck CMS 4.7.16 Shell Upload
Posted Mar 16, 2022
Authored by Ashish Koli

Pluck CMS version 4.7.16 suffers from a remote shell upload execution vulnerability.

tags | exploit, remote, shell
advisories | CVE-2022-26965
SHA-256 | bf6f44f933518e9393899fb057325ea7d49f49869dd8df70566967d915f22733
Ubuntu Security Notice USN-5330-1
Posted Mar 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5330-1 - It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-25636
SHA-256 | d94aeeeb61dfcd89177a7196875ad92b6f248086ce260ff4e8b41f78182cb078
Hikvision IP Camera Backdoor
Posted Mar 16, 2022
Authored by Sobhan Mahmoodi

Hikvision IP Camera has a backdoor where a magic string allows instant access regardless of authentication.

tags | exploit
SHA-256 | 5f6dfb93637a2bf560169ca8d350af523d2b8bf97671349af8d90046510d15a5
Red Hat Security Advisory 2022-0896-01
Posted Mar 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0896-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat, osx
advisories | CVE-2021-3999, CVE-2022-23218, CVE-2022-23219
SHA-256 | 94618bd1923ee16e9583843b26014c8d1ab90b9651bcd564e5b4ba54a6d69eef
Ubuntu Security Notice USN-5328-2
Posted Mar 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5328-2 - USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-0778
SHA-256 | 430ed6ae784aa19fce563ff6583b07a4b30cb7aa230b49f3afeae1479d4b25c0
Ubuntu Security Notice USN-5328-1
Posted Mar 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5328-1 - Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-0778
SHA-256 | d8d4b07eeb8763e7b7a34ddc0d388de4237be41a497c26eb786337d40ef72343
Tiny File Manager 2.4.6 Shell Upload
Posted Mar 16, 2022
Authored by Febin Mon Saji

Tiny File Manager version 2.4.6 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2021-40964, CVE-2021-45010
SHA-256 | 8c1751eb9ff4c26941c447356d457c46a2da2db8622eeb60736d773e284eb0e5
Ubuntu Security Notice USN-5327-1
Posted Mar 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5327-1 - Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-7282
SHA-256 | 158487c92bb418865e2ce8a252f00f2674e325b914f065a30afb1cc8df724549
Apache APISIX 2.12.1 Remote Code Execution
Posted Mar 16, 2022
Authored by Ven3xy

Apache APISIX version 2.12.1 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-24112
SHA-256 | 1a7e1d54f9dea840e2f5decd4c7806d1bf0fb96825738ea5b11723e9659f59b2
Red Hat Security Advisory 2022-0899-01
Posted Mar 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0899-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23308
SHA-256 | b351efd491d264387d82218d182c29372966a823604809e5ed09bb881d1055f5
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close