exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2020-10-14 to 2020-10-15

Kernel Live Patch Security Notice LSN-0072-1
Posted Oct 14, 2020
Authored by Benjamin M. Romer

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). Other issues where also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2020-0067, CVE-2020-11494, CVE-2020-11935, CVE-2020-12114, CVE-2020-14386, CVE-2020-16119, CVE-2020-16120
MD5 | 14f02287095aa69b1f4a060649c3f887
Ubuntu Security Notice USN-4583-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4583-1 - It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. Various other issues were also addressed.

tags | advisory, web, php
systems | linux, ubuntu
advisories | CVE-2020-7069, CVE-2020-7070
MD5 | 12cf9b32480b82e7ad683d2a4b2e6274
Ubuntu Security Notice USN-4582-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4582-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. Various other issues were also addressed.

tags | advisory, arbitrary, shell, local
systems | linux, ubuntu
advisories | CVE-2017-17087, CVE-2019-20807
MD5 | e6159e2f38d8be01d2ed2841a3b41473
Ubuntu Security Notice USN-4581-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4581-1 - It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2020-26116
MD5 | d903afd0dba27fdfc0f4fd0f7a1735b8
Guild Wars 2 Insecure Folder Permissions
Posted Oct 14, 2020
Authored by George Tsimpidas

Guild Wars 2 suffers from an insecure folder permissions vulnerability.

tags | exploit
MD5 | 898daaa238ca6e517e0d1677aced8df7
NodeBB Forum 1.14.2 Account Takeover
Posted Oct 14, 2020
Authored by Muhammed Eren Uygun

NodeBB Forum versions 1.12.2 through 1.14.2 suffer from an account takeover vulnerability.

tags | exploit
advisories | CVE-2020-15149
MD5 | 560b2df1f994e52769ed6b202cf888c7
TimeClock Software 1.01 SQL Injection
Posted Oct 14, 2020
Authored by Francois Bibeau

TimeClock Software version 1.01 suffers from an authenticated time-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 017f6dcc3e7c8f8fdfbcbcbe696b977d
Chrome MediaElementEventListener::UpdateSources Use-After-Free
Posted Oct 14, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from a MediaElementEventListener::UpdateSources use-after-free vulnerability.

tags | exploit
advisories | CVE-2020-6549
MD5 | b3898822e20bcb41c1fa9b902ee4ea6d
See-SURF 2.0
Posted Oct 14, 2020
Authored by In3tinct | Site github.com

See-SURF is a python-based scanner to find potential SSRF parameters in a web application.

tags | tool, web, scanner, python
systems | unix
MD5 | 39a28027fc5a86b14024d193c00b4ea5
Taken 1.0
Posted Oct 14, 2020
Authored by In3tinct | Site github.com

Taken is a script that enables you to actively attempt to take over priorly assigned DNS to a given EC2 instance.

tags | tool
systems | unix
MD5 | e7012d143f15454cb2adb438d1852a6d
Red Hat Security Advisory 2020-4256-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4256-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a memory leak vulnerability.

tags | advisory, java, memory leak
systems | linux, redhat
advisories | CVE-2020-25644
MD5 | 673645f872a6d0dbe6b4bb2ba7c15727
Red Hat Security Advisory 2020-4257-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4257-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include a memory leak vulnerability.

tags | advisory, java, memory leak
systems | linux, redhat
advisories | CVE-2020-25644
MD5 | 77684646b9e5b63a17d29ee7d0c36537
Red Hat Security Advisory 2020-4255-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4255-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-12652, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12450, CVE-2019-12749, CVE-2019-14822, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-16935, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-18874, CVE-2019-19126, CVE-2019-19956, CVE-2019-20386, CVE-2019-20388, CVE-2019-5094, CVE-2019-5188, CVE-2019-5482, CVE-2020-12243, CVE-2020-12400, CVE-2020-1240
MD5 | 58f59d6ce0b4b1154f03aa325ad90c26
Red Hat Security Advisory 2020-4254-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4254-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-12652, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12450, CVE-2019-12749, CVE-2019-14822, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-16935, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-18874, CVE-2019-19126, CVE-2019-19956, CVE-2019-20386, CVE-2019-20388, CVE-2019-5094, CVE-2019-5188, CVE-2019-5482, CVE-2020-12243, CVE-2020-12400, CVE-2020-1240
MD5 | 4d31403d6728670d6c8a9619f88b115f
Red Hat Security Advisory 2020-4252-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4252-01 - This release of Red Hat build of Quarkus 1.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10693, CVE-2020-11612, CVE-2020-1714, CVE-2020-1728
MD5 | 109ec127daca115dfe03116af7864696
Red Hat Security Advisory 2020-4251-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4251-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.445. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2020-9746
MD5 | c2db1b3f34ef1ec5b5150da49500b50b
Ubuntu Security Notice USN-4580-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4580-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-16119
MD5 | 47ad87c37ce75e1cc13c79f7ebbb8cfa
Ubuntu Security Notice USN-4579-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4579-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2018-10322, CVE-2020-14314, CVE-2020-16119, CVE-2020-25285
MD5 | add5a165267e2db5c97379f45065737e
Ubuntu Security Notice USN-4578-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4578-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2018-10322, CVE-2019-19448, CVE-2020-14314, CVE-2020-16119, CVE-2020-16120, CVE-2020-25212, CVE-2020-26088
MD5 | d9b01e11bdf2b74c3573fcc5c0826039
Ubuntu Security Notice USN-4577-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4577-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-16119, CVE-2020-16120
MD5 | c65fe18f5d37112dbf0049f05d753dd1
Ubuntu Security Notice USN-4576-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4576-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-14314, CVE-2020-14385, CVE-2020-16119, CVE-2020-16120, CVE-2020-25285, CVE-2020-25641
MD5 | 73dae97a670b565b41f5e2687d970fc6
Ubuntu Security Notice USN-4575-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4575-1 - It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-10683
MD5 | 13c22771427bf9520a58b64280918187
Sifter 10.21g
Posted Oct 14, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Updated README and various other bits.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 19f9c969f57d541617c0a2b33296dead
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close