what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 323 RSS Feed

Files Date: 2020-08-01 to 2020-08-31

Ubuntu Security Notice USN-4468-1
Posted Aug 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4468-1 - Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, tcp
systems | linux, ubuntu
advisories | CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
SHA-256 | e68968b54f06a09f60aaea3f86c5fd5e18688a0dc2013d6d8a0ac01245a43511
Microsoft Windows CmpDoReadTxRBigLogRecord Memory Corruption Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.

tags | exploit, registry
advisories | CVE-2020-1378
SHA-256 | 0ae399542cc10a8ccc557083deb691282149c87bc3ab0445c6922d410bec88ee
Microsoft Windows CmpDoReDoCreateKey Arbitrary Registry Key Creation Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.

tags | exploit, registry
advisories | CVE-2020-1377
SHA-256 | dc36265f20912463478c32c5203d3f4e619cc492c989532a060ccc10362e3045
Linux/x86 execve /bin/sh Shellcode
Posted Aug 21, 2020
Authored by cybersaki

10 bytes small Linux/x86 execve "/bin/sh" shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | d7b4184b5a7ea47ec13c322c758dac2ceed368f6f5dec7ace02c73c81a32bf49
Linux/x86 /dev/sda Partition Wiping Shellcode
Posted Aug 21, 2020
Authored by cybersaki

35 bytes small Linux/x86 /dev/sda wiping shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 88db311b901ed70f5965fb3a51e043676c4963a4c809de48bb783a32f6fc4239
Seowon SlC 130 Router Remote Code Execution
Posted Aug 21, 2020
Authored by Ali Jalalat

Seowon SlC 130 Router suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-17456
SHA-256 | 2c2caed94290b76cf2dcb160e2fa1928c1b317ff58fa6be49af50b2e9dfe1014
OX App Suite / OX Documents XSS / SSRF / Bypass
Posted Aug 21, 2020
Authored by Martin Heiland

OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected.

tags | exploit, vulnerability, xss, bypass
advisories | CVE-2020-12643, CVE-2020-12644, CVE-2020-12645, CVE-2020-12646, CVE-2020-8542
SHA-256 | 51edab0377b8fe0d44554f6f7f4760f83af8457588e97679c30c8d3bae31cdc2
SMB Enumeration / Exploitation / Hardening
Posted Aug 21, 2020
Authored by Anil Bas

Whitepaper called SMB Enumeration and Exploitation and Hardening.

tags | paper
SHA-256 | 32726ce3c42e32b00d48c74868e7cb991cba241ef1679b9c9a9348a6fb761f60
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass
Posted Aug 20, 2020
Authored by Jack Misiura

WordPress NAB Transact WooCommerce plugin version 2.1.0 suffers from a payment bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-11497
SHA-256 | 38cc536fa634ad0e7e4c8028f098b79ee4e5dc38a1859d06b32822642b372df3
Joomla Adagency 6.1.2 Cross Site Scripting
Posted Aug 20, 2020
Authored by Vincent666 ibn Winnie

Joomla Adagency component version 6.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | abb8431114fe989f411ee64dae2f7a471688ffc43c4c3da83f30f573d71b8dc2
ElkarBackup 1.3.3 Cross Site Scripting
Posted Aug 20, 2020
Authored by Enes Ozeser

ElkarBackup version 1.3.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 155269b3cd80f03f0df79bd44adf7aab9af4e49dffb380a4a25e846c3ed37aee
PNPSCADA 2.200816204020 SQL Injection
Posted Aug 20, 2020
Authored by Ismail Erkek

PNPSCADA version 2.200816204020 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 21d4b822f7e6ab7cf0179041bbe32655dba1ed01df891cec21eaff36042ddb51
Ubuntu Security Notice USN-4466-2
Posted Aug 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4466-2 - USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM. Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-8231
SHA-256 | 363e84a6881deb664f7e20ddce597515fb13c1c11a5725e143a645f4a705bca0
Red Hat Security Advisory 2020-3525-01
Posted Aug 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3525-01 - Quay 3.3.1 release has been released. An issue where build triggers can disclose robot account names and existence of private repos within namespaces has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-12049, CVE-2020-13777, CVE-2020-14313
SHA-256 | 3f0048d4bdec59a51f24f090fac9217f3567fd502a0907966e5df07b310946ee
Ubuntu Security Notice USN-4467-1
Posted Aug 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4467-1 - Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-10756, CVE-2020-10761, CVE-2020-12829, CVE-2020-13253, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754, CVE-2020-13765, CVE-2020-13800, CVE-2020-14415, CVE-2020-15863, CVE-2020-16092
SHA-256 | 9aa3179b34eb601658a9a487805ca5302a3e7b10616c6b4f88ebda6983d3906c
Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal
Posted Aug 20, 2020
Authored by Tuygun

Ruijie Networks Switch eWeb S29_RGOS version 11.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | e67947355f710fdb12f0355326f2702534b5e368a8526c7be8b980c28738f6bb
Bypassing Certificate Pinning In Modern Android Application Via Custom Root CA
Posted Aug 20, 2020
Authored by Nghia Van Le

This document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.

tags | paper, root
SHA-256 | e451c3653c39f8c69197cc44125ea0be0963f12054cce2cca25c7696dab74b07
PAC Bypass Due To Unprotected Function Pointer Imports
Posted Aug 19, 2020
Authored by saelo, Google Security Research

PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers (as well as some data pointers) at runtime. However, it seems that imports of function pointers from shared libraries in userspace are not properly protected by PAC, allowing an attacker to sign arbitrary pointers and thus bypass PAC.

tags | advisory, arbitrary
advisories | CVE-2020-9870
SHA-256 | 5678bd6488f4650c38c54830ecab44a07b651b61fd1c0a35953bf286d640cfe7
Red Hat Security Advisory 2020-3518-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3518-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-2911, CVE-2019-2914, CVE-2019-2938, CVE-2019-2946, CVE-2019-2957, CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967, CVE-2019-2968, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011, CVE-2019-3018, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568
SHA-256 | 02da13c760b214c965c5311d654c352bb1978fb987a05a62f56c4111c97fe37d
Ubuntu Security Notice USN-4466-1
Posted Aug 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4466-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-8231
SHA-256 | 47be007788d705a459cd99ccf038f03b19371474d3e506d98d242d9a4eb0aa11
Gentoo Linux Security Advisory 202008-08
Posted Aug 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-8 - NSS has multiple information disclosure vulnerabilities when handling secret key material. Versions less than 3.55 are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2020-12400, CVE-2020-12401, CVE-2020-12403
SHA-256 | c5799ff9c9ac4536d22fedf39e8b495ead17a0bbbfaa825deeeba10016f08a9b
Ubuntu Security Notice USN-4465-1
Posted Aug 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4465-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-12655, CVE-2020-12771, CVE-2020-15393
SHA-256 | d61918c79cfb7d2a7c42dc5a881a9fdf1bf9ceb9e554b0b44c7668274b983ab2
Red Hat Security Advisory 2020-3504-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3504-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10753
SHA-256 | 8a44610a43fa68798d324828d2851d69963c6600d9a04c6fcd433359710f8d98
Red Hat Security Advisory 2020-3505-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3505-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10753
SHA-256 | dfec80f97242ea8e76f690cf34eb5c5ec8fc7cf0cec0668f5baa93848d783f59
Red Hat Security Advisory 2020-3501-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3501-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, deserialization, and improper authorization vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-10758, CVE-2020-11612, CVE-2020-14307, CVE-2020-1710, CVE-2020-1728, CVE-2020-1748
SHA-256 | e390128d6a2fbef2d35e6bbd560115b1a61fac337fcd0f0f08ca070348829b0b
Page 4 of 13
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close