what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 376 RSS Feed

Files Date: 2020-06-01 to 2020-06-30

Debian Security Advisory 4711-1
Posted Jun 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4711-1 - Several vulnerabilities were discovered in coturn, a TURN and STUN server for VoIP.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2020-4067, CVE-2020-6061, CVE-2020-6062
SHA-256 | 94e74ee6e965430d2e69c9021feb0e95c097ca0170c9498a6756dfe99f8b5ed7
Debian Security Advisory 4712-1
Posted Jun 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4712-1 - Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2019-10649, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12977, CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13137, CVE-2019-13295
SHA-256 | b442fec96018f2e85386811aa674d59a7d8358e77e88772714fbddc8ec4b1f1d
Windscribe 1.83 Unquoted Service Path
Posted Jun 28, 2020
Authored by Ethan Seow

Windscribe version 1.83 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 3a69097c69131501de9a2d82ddd6f5a72a10ad74914c97973bbec4417c602330
OpenEMR 5.0.1 Remote Code Execution
Posted Jun 28, 2020
Authored by Emre OVUNC

OpenEMR version 5.0.1 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 30c2dce13c4d30c1351faa3934ffc815807ae3f57ed30e9c09176e6fe07bef30
KiteService 1.2020.618.0 Unquoted Service Path
Posted Jun 27, 2020
Authored by Marcos Antonio Leon

KiteService version 1.2020.618.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 9f1969c9c40c04b042621ad8bb3cb88b82b11330fa83a1668a4726b74582010c
Fire Web Server Pre-Alpha Denial Of Service
Posted Jun 26, 2020
Authored by Saeed reza Zamanian

Fire Web Server Pre-Alpha version suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
SHA-256 | e57467b419ce3fa77ec60d1ede7a8ea90d39c83b42464e2cde3fa519c3fe4149
Ubuntu Security Notice USN-4404-1
Posted Jun 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4404-1 - Thomas E. Carroll discovered that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-5963, CVE-2020-5967, CVE-2020-5973
SHA-256 | 253907a293c3559c28ca018709778bb82587a57c67788cee94708031dbbedb71
Ubuntu Security Notice USN-4404-2
Posted Jun 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4404-2 - USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Thomas E. Carroll discovered that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-5963, CVE-2020-5967, CVE-2020-5973
SHA-256 | bdd8d190651c895026843c3791261be2715e80d62047c893bb820713ccf006d7
Inductive Automation Ignition Remote Code Execution
Posted Jun 25, 2020
Authored by Pedro Ribeiro, Radek Domanski | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).

tags | exploit, java, remote, root, code execution
systems | linux, windows
advisories | CVE-2020-10644, CVE-2020-12004
SHA-256 | 9d49478c9a416ef64a062b712cd22c68e5b37e2e0f0dbc80fc3655a1c2e3d686
iOS / macOS Wifi Proximity Kernel Double-Free
Posted Jun 25, 2020
Authored by Google Security Research, Ian Beer

iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3843, CVE-2020-9844
SHA-256 | 185ed329e279974bff794995bb28d911a3d0487fe537cf5e9f91c71beea77fb6
Red Hat Security Advisory 2020-2755-01
Posted Jun 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | d11adf3d805faf3dbef817e9ef58c4c6f4cd13bf9ad3634b2d52a78080852383
Online Student Enrollment System 1.0 Shell Upload
Posted Jun 25, 2020
Authored by BKpatron, th3d1gger | Site metasploit.com

This Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.

tags | exploit, shell, csrf
SHA-256 | b6366584b46649d37ada0b665f649825e40650ad568620f751b7363d7e66995e
FHEM 6.0 Local File Inclusion
Posted Jun 25, 2020
Authored by Emre OVUNC

FHEM version 6.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 5160e3d33cbb28402cdd7c05ddca7fa56063505199fb9e026f19326dc0072f10
Exploit Command Injection Router Via Reverse Firmware Technique
Posted Jun 25, 2020
Authored by SunCSR

Whitepaper called Exploit Command Injection Router via reverse firmware technique.

tags | paper
SHA-256 | 52e2f44996fd104e80355da0a4c50a392a577914c8465b2dd09f44548afeaad0
Windows Print Spooler Privilege Escalation
Posted Jun 25, 2020
Authored by shubham0d | Site github.com

This is a proof of concept exploit that takes advantage of a privilege escalation vulnerability in the Windows Print Spooler.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2020-1048
SHA-256 | 10cd5282101291a6752965e7e18cbc4e13658d0643547dbb3204e8fd764b8c3a
ASUS Aura Sync 1.07.71 Privilege Escalation
Posted Jun 25, 2020
Authored by Connor McGarr, dhn | Site github.com

ASUS Aura Sync version 1.07.71 ene.sys privilege escalation kernel exploit.

tags | exploit, kernel
advisories | CVE-2019-17603
SHA-256 | e7ab712703b5aec8283763947cace886385e933263c2aec57c840e86c46387e6
Red Hat Security Advisory 2020-2751-01
Posted Jun 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2751-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.7.0 serves as a replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-5183, CVE-2020-10727, CVE-2020-11612, CVE-2020-1953
SHA-256 | 86afa8e16589220829347dd236016a327498a1d6af106f5931992adf9a788c30
Cisco AnyConnect Path Traversal / Privilege Escalation
Posted Jun 25, 2020
Authored by Yorick Koster, Christophe de la Fuente, Antoine Goichot | Site metasploit.com

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).

tags | exploit, arbitrary, x86, local, tcp, code execution
systems | cisco, windows
advisories | CVE-2020-3153
SHA-256 | b6d44c2b494378ff342fef57be9d4be4564327103eadabb01ff166ae6dae9bff
NETGEAR R6700v3 Password Reset / Remote Code Execution
Posted Jun 25, 2020
Authored by Pedro Ribeiro, Radek Domanski | Site github.com

This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon (/usr/sbin/upnpd), running on NETGEAR R6700v3 router with firmware versions V1.0.4.82_10.0.57 and V1.0.4.84_10.0.58. It allows for an unauthenticated reset of the root password and then spawns a telnetd to remotely access the account.

tags | exploit, overflow, root
SHA-256 | 3ccd57c2afc9c37bec7729262aa2b172845c46c639bdb363b6009f40ca166d05
BSA Radar 1.6.7234.24750 Cross Site Scripting
Posted Jun 25, 2020
Authored by William Summerhill

BSA Radar version 1.6.7234.24750 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-14943
SHA-256 | 0a6d9ae3213d039a6276115d9acee975c7246ffd2f7f8ad53860f3603aea7410
Ubuntu Security Notice USN-4403-1
Posted Jun 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4403-1 - It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-14954
SHA-256 | c2829c8ace96da1563a94a14a265cddbae8d0b73a1a4830bb6d026629b1912a1
Hashcat Advanced Password Recovery 6.0.0 Source Code
Posted Jun 24, 2020
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: Refactored hash-mode integration and replaced it with a fully modularized plug-in interface. Converted all existing hardwired hash-modes to hashcat plugins. Various other fixes and improvements.
tags | tool, cracker
systems | unix
SHA-256 | e8e70f2a5a608a4e224ccf847ad2b8e4d68286900296afe00eb514d8c9ec1285
Hashcat Advanced Password Recovery 6.0.0 Binary Release
Posted Jun 24, 2020
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: Refactored hash-mode integration and replaced it with a fully modularized plug-in interface. Converted all existing hardwired hash-modes to hashcat plugins. Various other fixes and improvements.
tags | tool, cracker
SHA-256 | 869c0622696108589cab876c5ec25b9b4787ba0af9554fad6f9e2366d128eff1
Red Hat Security Advisory 2020-2740-01
Posted Jun 24, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2740-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10086
SHA-256 | 4b0d5adcf78b80d6122bf092c1d7a7e09a56194e14a0fd16b79d0df7686a7e3d
Ubuntu Security Notice USN-4402-1
Posted Jun 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4402-1 - Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-8169, CVE-2020-8177
SHA-256 | 7ad6be029b3ae23be7701aa1b9dde82d54233beeaddc75b7a387cc28e8118870
Page 2 of 15
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close