exploit the possibilities
Showing 1 - 25 of 448 RSS Feed

Files Date: 2021-05-01 to 2021-05-31

Backdoor.Win32.NerTe.772 Code Execution
Posted May 30, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NerTe.772 malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
MD5 | a9370f85e3b72ca57a311664a057df8f
Backdoor.Win32.NerTe.772 Authentication Bypass / Code Execution
Posted May 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NerTe.772 malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
MD5 | 685dc3b6d0abd438b7bf5c0e69d6cf54
Trojan.Win32.Scar.dulk Insecure Permissions
Posted May 29, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Scar.dulk malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | 791d3cce91d800f2706967a3c993f5ab
Trixbox 2.8.0.4 Remote Code Execution
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

tags | exploit, shell, php
advisories | CVE-2017-14535
MD5 | b20a34f5709b4607d3383fa6db1f537f
Trixbox 2.8.0.4 Path Traversal
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

tags | exploit, php, file inclusion
advisories | CVE-2017-14537
MD5 | ebe53272a318e753d01ffa4b44a12413
PHPFusion 9.03.50 Remote Code Execution
Posted May 28, 2021
Authored by ThienNV, g0ldm45k

PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-24949
MD5 | 7b268932c3f92c2d35fb62cadc94ca0d
Ubuntu Security Notice USN-4967-2
Posted May 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
MD5 | 80cc8e13b352e34dd9a56edc56696000
The Game Of Threat Hunting
Posted May 28, 2021
Authored by Akash Sarode

This paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.

tags | paper
MD5 | a51877e8a593e357843e3416dee99fcd
QNAP MusicStation / MalwareRemover File Upload / Command Injection
Posted May 28, 2021
Authored by polict | Site shielder.it

QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.

tags | advisory, remote, arbitrary, root, vulnerability, file upload
advisories | CVE-2020-36197, CVE-2020-36198
MD5 | e0f4de64c7524a918a49796c1ab9986e
WordPress LifterLMS 4.21.0 Cross Site Scripting
Posted May 28, 2021
Authored by Captain_hook

WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24308
MD5 | c047b79bb03f1a1f0db714247c79a29b
Selenium 3.141.59 Remote Code Execution
Posted May 28, 2021
Authored by Jon Stratton

Selenium version 3.141.59 remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 320bf2b4bef0650b3ad098cb7f2c44a1
CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).

tags | exploit
advisories | CVE-2021-33216
MD5 | ba631713fa893c049bed8ca418aac150
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.

tags | exploit, web, local
advisories | CVE-2021-33217
MD5 | 01f76e2f3cd29c5598a0f1af3ea32c57
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.

tags | exploit, web, python
advisories | CVE-2021-33215
MD5 | 2724d4df92c848a08c44acdbe877cbba
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.

tags | exploit, web
advisories | CVE-2021-33219
MD5 | e932d35bc4e7719d825ba1be4bb7279d
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33218
MD5 | 5740648678f15b7f6412ea99e50e0f72
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33220
MD5 | a371c9a3579a7e44179b80583f8b88ba
CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller.

tags | exploit
advisories | CVE-2021-33221
MD5 | 9b7f6d3b4a6ae1280473eadd42878e24
Ubuntu Security Notice USN-4969-2
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4969-2 - USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-25217
MD5 | 3dea7da9c9ee1a799585b2a234e1c84b
Ubuntu Security Notice USN-4969-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4969-1 - Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-25217
MD5 | eea0d00a7d6e633d48ce49f82d3cc8f6
Red Hat Security Advisory 2021-2139-01
Posted May 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2139-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-10771, CVE-2020-26258, CVE-2020-26259, CVE-2021-21290, CVE-2021-21295, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-21409, CVE-2021-31917
MD5 | 4a1406b6c27819468f880503f534b265
Gentoo Linux Security Advisory 202105-39
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-39 - Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. Versions less than 14.2.21 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10753, CVE-2020-1759, CVE-2020-1760, CVE-2020-25660, CVE-2020-25678, CVE-2020-27781, CVE-2021-20288
MD5 | d9c394d2cb2d7f6645bb6b9ed70f12a0
Red Hat Security Advisory 2021-2136-01
Posted May 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2136-01 - An Openshift Logging bug fix release addresses an index validation issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2019-13012, CVE-2019-18811, CVE-2019-19523, CVE-2019-19528, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-0431, CVE-2020-10543, CVE-2020-10878, CVE-2020-11608, CVE-2020-12114, CVE-2020-12362, CVE-2020-12464, CVE-2020-13434, CVE-2020-13543, CVE-2020-13584, CVE-2020-13776, CVE-2020-14314, CVE-2020-14344, CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14356, CVE-2020-14360
MD5 | f8b368d2ff22aab14d375e3009b81cdd
Ubuntu Security Notice USN-4968-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
MD5 | b71409af01196b5e8a73a4a839432e0e
Gentoo Linux Security Advisory 202105-38
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-23017
MD5 | 1d166f7e28c58ba00613c75ab288fa9d
Page 1 of 18
Back12345Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    11 Files
  • 19
    Jun 19th
    1 Files
  • 20
    Jun 20th
    3 Files
  • 21
    Jun 21st
    2 Files
  • 22
    Jun 22nd
    21 Files
  • 23
    Jun 23rd
    19 Files
  • 24
    Jun 24th
    12 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close