what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files Date: 2021-02-19 to 2021-02-20

Faraday 3.14.1
Posted Feb 19, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added forgot password, update services by bulk_create, and FARADAY_DISABLE_LOGS variable to disable logs to filesystem. Various other additions and modifications.
tags | tool, rootkit
systems | unix
MD5 | e7438256b759cf939fd9c1c06d671b67
Ubuntu Security Notice USN-4740-1
Posted Feb 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4740-1 - It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-11989
MD5 | d99b67e87de86e39e67a7473af9d2565
Red Hat Security Advisory 2021-0611-01
Posted Feb 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0611-01 - The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-27135
MD5 | 51f66ed8edce38b19efb2b9c4b34d91e
Asterisk Project Security Advisory - AST-2021-005
Posted Feb 19, 2021
Authored by Joshua Colp, Mauri de Souza Meneguzzo | Site asterisk.org

Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.

tags | advisory, remote
advisories | CVE-2021-26906
MD5 | b4624391a09222a4116bec0705ce80b4
Firejail TOCTOU Race Condition
Posted Feb 19, 2021
Authored by Roman Fiedler | Site unparalleled.eu

This program demonstrates a time-of-check-time-of-use TOCTOU vulnerability in Firejail. Winning it causes Firejail to create an insecure overlayfs layout, that is then used to escalate privileges by making /etc/ld.so.preload user writable.

tags | exploit
MD5 | 46b73dcb5fab3f322630255797e9c8f5
Ubuntu Security Notice USN-4741-1
Posted Feb 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-15095
MD5 | e3e7583b332766aed829a8c80c341bff
Asterisk Project Security Advisory - AST-2021-004
Posted Feb 19, 2021
Authored by gjoseph, Edvin Vidmar | Site asterisk.org

Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.

tags | advisory, overflow
advisories | CVE-2021-26714
MD5 | dc5c07944f96d4d9261f4fc7c3838eba
Asterisk Project Security Advisory - AST-2021-003
Posted Feb 19, 2021
Authored by Alexander Traud, gjoseph | Site asterisk.org

An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.

tags | advisory, remote
advisories | CVE-2021-26712
MD5 | 0f76303538e81a54f1a8afa8eb908e23
dataSIMS Avionics ARINC 664-1 4.5.3 Buffer Overflow
Posted Feb 19, 2021
Authored by Kagan Capar

dataSIMS Avionics ARINC 664-1 version 4.5.3 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | b35c61735f270473a31e925b82681d2e
Asterisk Project Security Advisory - AST-2021-002
Posted Feb 19, 2021
Authored by Kevin Harwell, Gregory Massel | Site asterisk.org

When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.

tags | advisory, remote
advisories | CVE-2021-26717
MD5 | 393c91771be975cf6c93cae48baaac28
Asterisk Project Security Advisory - AST-2021-001
Posted Feb 19, 2021
Authored by gjoseph, Ivan Poddubny | Site asterisk.org

If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.

tags | advisory
advisories | CVE-2020-35776
MD5 | ed8e67d55a417eabcbc813bf6eeba9d9
Online Exam System With Timer 1.0 SQL Injection
Posted Feb 19, 2021
Authored by Suresh Kumar

Online Exam System With Timer version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 932961570021ec25a49daf5395158925
Beauty Parlour Management System 1.0 Cross Site Scripting
Posted Feb 19, 2021
Authored by Thinkland Security Team

Beauty Parlour Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | e9aca58f9670c3d1db7818d087e48ccc
Beauty Parlour Management System 1.0 SQL Injection
Posted Feb 19, 2021
Authored by Thinkland Security Team

Beauty Parlour Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Prof. Kailas Patil in June of 2020.

tags | exploit, remote, sql injection
MD5 | fb2705159935e02c9c63471174893ff6
Backdoor.Win32.Bionet.10 Anonymous Login
Posted Feb 19, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bionet.10 malware has an ftp service that allows for anonymous login.

tags | exploit
systems | windows
MD5 | 17803aed7636479ba3f6b2e26a546ced
Comment System 1.0 Cross Site Scripting
Posted Feb 19, 2021
Authored by Pintu Solanki

Comment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 6997a61d360f295bdd36ac877a4726dc
Backdoor.Win32.DarkKomet.apcc Insecure Permissions
Posted Feb 19, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkKomet.apcc malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
MD5 | 85fc80fb3bc90a30ac42224d63b0242e
Backdoor.Win32.DarkKomet.bhfh Insecure Permissions
Posted Feb 19, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkKomet.bhfh malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
MD5 | 2495a3e669e584f4844ea3d7f7403027
OpenText Content Server 20.3 Cross Site Scripting
Posted Feb 19, 2021
Authored by Kamil Brenski

OpenText Content Server version 20.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 57cc336e2265f5c56aae7c4279e49c50
Neo LMS / Matrix LMS Cross Site Scripting
Posted Feb 19, 2021
Authored by Mauro M.

This is a whitepaper that details identifying cross site scripting vulnerabilities in both the Neo and Matrix LMS codebase.

tags | exploit, paper, vulnerability, xss
MD5 | b43cb5c01e20a16db9784dcffb0c586f
Page 1 of 1
Back1Next

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    25 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close