what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2022-04-11

Ubuntu Security Notice USN-5374-1
Posted Apr 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5374-1 - It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-26280
SHA-256 | 0d4f3575b87fe0c1a853cb7b11a12c9dc828bce0d0b34bf38a43c7aede12654c
Red Hat Security Advisory 2022-1306-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1306-01 - A security update to Red Hat Integration Camel Extensions for Quarkus 2.2.1 is now available. Issues addressed include a remote code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2022-22965
SHA-256 | c3c5d0930ccc1fe38ee5366563b5d922321b3645300f06dfcd16a55e0f841566
Windows User Profile Service Privlege Escalation
Posted Apr 11, 2022
Authored by Grant Willcox, KLINIX5 | Site metasploit.com

The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction() function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability to plant a malicious DLL in a system directory and then trigger a UAC prompt to cause this DLL to be loaded and executed by ProfSrv as the NT AUTHORITY\SYSTEM user. Note that this bug was originally identified as CVE-2021-34484 and was subsequently patched a second time as CVE-2022-21919, however both patches were found to be insufficient. This bug is a patch bypass for CVE-2022-21919 and at the time of publishing, has not yet been patched, though plans are in place to patch it as CVE-2022-26904.

systems | windows
advisories | CVE-2021-34484, CVE-2022-21919, CVE-2022-26904
SHA-256 | d30eae074af8b00dd694a057dd1c7a07694de0851d5e48da9ee462ed23d2a3ce
Ubuntu Security Notice USN-5373-2
Posted Apr 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5373-2 - USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack.

tags | advisory, remote, vulnerability, sql injection
systems | linux, ubuntu
advisories | CVE-2021-32052, CVE-2022-28346
SHA-256 | 2d0ada8dcc7b8cd95184a6cb883e28067fd48b7855c636b3d44e3bc4d67ac669
Haveged 1.9.18
Posted Apr 11, 2022
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: Round bits up and target full pool size. Specify the right kernel commit in README.
tags | tool
systems | linux, unix
SHA-256 | b835fa02b52ee7d06276e028571cadcb14d08f5e5a4b5767adf81451f70561c7
Red Hat Security Advisory 2022-1305-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1305-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289
SHA-256 | a391422e9bea70842e432e4e26b4c839e51f0526da5c0637398cbc285780b1c1
Ansible Quick Shot Red Teaming Cheatsheet
Posted Apr 11, 2022
Authored by Cody Sixteen | Site code610.blogspot.com

This is a small document that provides a cheat sheet for use of Ansible during penetration testing and red teaming activities.

tags | paper
SHA-256 | 0c12a80286493aa8bd0c790357f229f5d0169bc51d3a6f38387aea2b27d0ce5d
Ubuntu Security Notice USN-5373-1
Posted Apr 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5373-1 - It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. It was discovered that Django incorrectly handled certain option names in the QuerySet.explain method. A remote attacker could possibly use this issue to perform an SQL injection attack. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 21.10.

tags | advisory, remote, sql injection
systems | linux, ubuntu
advisories | CVE-2021-32052, CVE-2022-28346, CVE-2022-28347
SHA-256 | 83b3874a7e07bf1426c94457033cfdda1d9ad9d05c7d7c13567c8466dda3e2b5
Red Hat Security Advisory 2022-1301-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1301-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289
SHA-256 | 2fa591380f12d1c005495a0fdba76afc32625f3ba8d6e492de9f1632cec22956
Razer Sila 2.0.418 Command Injection
Posted Apr 11, 2022
Authored by Kevin Randall

Razer Sila versions 2.0.441_api through 2.0.418 suffer from a command injection vulnerability.

tags | exploit
SHA-256 | 8d4dce671307b0506af35d07cd539a18cb3de819355fd82c5a8446f004bff643
Razer Sila 2.0.418 Local File Inclusion
Posted Apr 11, 2022
Authored by Kevin Randall

Razer Sila versions 2.0.441_api through 2.0.418 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 6363e3e4801fa8c1578d66fb8a359d85cf16f7ebcee3a51f79ee9dadf54e6098
Red Hat Security Advisory 2022-1303-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1303-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289
SHA-256 | fbcbe2a187ffb5d294d0f095e2d7ba9a3587a2765ce5cc5a4894871465a46d99
Red Hat Security Advisory 2022-1302-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1302-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289
SHA-256 | 839065cd2c1cd3d58db4a10f20c2f884f19d2e9514c687f85b804f663847868d
WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting
Posted Apr 11, 2022
Authored by Taurus Omar

WordPress Anti-Malware Security and Brute-Force Firewall plugin versions prior to 4.20.96 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0953
SHA-256 | 15deb4bb3fa3074a878f4ff2971d4437fe72194ad2e849ace53c61818887db29
WordPress LayerSlider Cross Site Scripting
Posted Apr 11, 2022
Authored by Taurus Omar

WordPress LayerSlider versions prior to 7.1.2 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-1153
SHA-256 | 233ee8cdcefede58dd027f8be9e66aa49dc17875ea99ad481954f410e434deb8
Ubuntu Security Notice USN-5331-2
Posted Apr 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5331-2 - USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-16301, CVE-2020-8037
SHA-256 | 38b46a173218a86068577a31a1c94662185b8daf7a603f126f70a1f8cb5f6b6f
Red Hat Security Advisory 2022-1296-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1296-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 1de26c3c6ecdff823b58463236c3fe59d86abca7b36687d8db235b7714dca37d
Red Hat Security Advisory 2022-1297-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1297-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 58a7101151b88b40315fc79b2d43c72de0330ccf0217461528bae2197e6d2d95
Telesquare TLR-2855KS6 Arbitrary File Deletion
Posted Apr 11, 2022
Authored by Momen Eldawakhly

Telesquare TLR-2855KS6 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-46419
SHA-256 | c4ecdd376217b87a01721109712a5b118e9f13a405929fe785250ecb485166b8
Telesquare TLR-2855KS6 Arbitrary File Creation
Posted Apr 11, 2022
Authored by Momen Eldawakhly

Telesquare TLR-2855KS6 suffers from an arbitrary file creation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-46418
SHA-256 | 51830bffb637cef49bdb853322fff457da3ba1d9f08243e590d0df94378971fa
Red Hat Security Advisory 2022-1299-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1299-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, denial of service, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 38ef3cdf417ff2fa4436ce0f5afd1722d4b504dcfab834e960434daca0289dc1
Red Hat Security Advisory 2022-1291-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1291-01 - Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-22963
SHA-256 | 9feef76368da978f68221f391059ead0c6b9074e5810adbb913303328d782a09
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion
Posted Apr 11, 2022
Authored by Momen Eldawakhly

Franklin Fueling Systems Colibri Controller Module version 1.8.19.8580 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2021-46417
SHA-256 | f45a40ee7fe8f2f856deb113c48a0f102823cf6b887757553709163f470b6fe5
SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference
Posted Apr 11, 2022
Authored by Momen Eldawakhly

SAM SUNNY TRIPOWER version 5.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2021-46416
SHA-256 | ff1ca49edf9be89972d8549fdf9a5476f59811a6d9f46d080ce2d1f75b24dd15
Red Hat Security Advisory 2022-1162-01
Posted Apr 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1162-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.8.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-0567
SHA-256 | 8fabdc807fb62a2f0d6520e1707c9dcc4a3f0e6f01c55c6e9434731ebd5c6461
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close