exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 447 RSS Feed

Files Date: 2021-05-01 to 2021-05-31

Backdoor.Win32.NerTe.772 MVID-2021-0229 Code Execution
Posted May 30, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NerTe.772 malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | dc6f6de9e48d1c019f02244275891b5506c3ae3d7c532d5e4f3e8caef4170cc2
Backdoor.Win32.NerTe.772 MVID-2021-0228 Authentication Bypass / Code Execution
Posted May 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NerTe.772 malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
SHA-256 | fc4fe6e27b86fe9058ca95693b6b46fb8aa8171b7b7ecee3fc3554484033834c
Trojan.Win32.Scar.dulk MVID-2021-0227 Insecure Permissions
Posted May 29, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Scar.dulk malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | cbd8ec549f7fbd1dd0daf13796d11776585e8b3c0ff98930ced6d586c8924356
Trixbox 2.8.0.4 Remote Code Execution
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

tags | exploit, shell, php
advisories | CVE-2017-14535
SHA-256 | aaabb057afb92bb25d1dc9037d5a6c0fb333f4768b0c90b7a44651f47b7bcfa7
Trixbox 2.8.0.4 Path Traversal
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

tags | exploit, php, file inclusion
advisories | CVE-2017-14537
SHA-256 | fb3bf69481578dad07624872eec1f5d1da61660965e5ddb444e9193956929ed2
PHPFusion 9.03.50 Remote Code Execution
Posted May 28, 2021
Authored by ThienNV, g0ldm45k

PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-24949
SHA-256 | 0c1ea73a71c985e2370b23c0a29caa04d041fd12d0eccc6de21797149b8536e6
Ubuntu Security Notice USN-4967-2
Posted May 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
SHA-256 | fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755
The Game Of Threat Hunting
Posted May 28, 2021
Authored by Akash Sarode

This paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.

tags | paper
SHA-256 | 6af7c1449c75828f7976e682efcd001d246afb3c611194a09d283daac934ebe6
QNAP MusicStation / MalwareRemover File Upload / Command Injection
Posted May 28, 2021
Authored by polict | Site shielder.it

QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.

tags | advisory, remote, arbitrary, root, vulnerability, file upload
advisories | CVE-2020-36197, CVE-2020-36198
SHA-256 | dddda20f7202ce5358af06526c5259d1f75a28b841ba2fcc6fd3fd23682bb880
WordPress LifterLMS 4.21.0 Cross Site Scripting
Posted May 28, 2021
Authored by Captain_hook

WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24308
SHA-256 | 20b27b98b2e22747764f7a39e413c4251aa23f2a701c00e2bc61df557d7309b3
Selenium 3.141.59 Remote Code Execution
Posted May 28, 2021
Authored by Jon Stratton

Selenium version 3.141.59 remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 31a04d36d587ab0a205023d11f001f9667bf27577d83ddca22b7e833833f61a8
CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).

tags | exploit
advisories | CVE-2021-33216
SHA-256 | f6519f57eed331c93ca5644c3a83e240cb6fe2ee50133663e8ee3dad642af551
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.

tags | exploit, web, local
advisories | CVE-2021-33217
SHA-256 | ab0f31561d42610f5ba5969c33fa30d3f807865c8f1eaac846a5b376b04319c7
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.

tags | exploit, web, python
advisories | CVE-2021-33215
SHA-256 | 671f09dc7253e2fd4b96a2bd934c4db733ea5c114369ba82a1d81b35d72836f3
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.

tags | exploit, web
advisories | CVE-2021-33219
SHA-256 | 2486beac57efb14715dc2756e1ddce5fd0beb0268fa52ef3547894a1a7be04a5
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33218
SHA-256 | df1716ceee1afc4991054f7d3e009a901d7b28289e89a2bebb461c0a64b3b1d9
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33220
SHA-256 | b4f5b79b878528d1365915db1dfcf08d2ea164bfda75ebc9baab1499e553cb33
CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller.

tags | exploit
advisories | CVE-2021-33221
SHA-256 | a8546049f222180c6bd593bbd28ea7a598ba7bbcd08ac8c48b4f8ac76357ba7c
Ubuntu Security Notice USN-4969-2
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4969-2 - USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-25217
SHA-256 | e9cc2d12e74cf591ba5ef27f62ce025cf56eca8cf710a2e58d5e1102895452d6
Ubuntu Security Notice USN-4969-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4969-1 - Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-25217
SHA-256 | be06ea6c2a98df3627755ff70eeb0760f093153455bffd6255cef51b438c3d29
Red Hat Security Advisory 2021-2139-01
Posted May 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2139-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-10771, CVE-2020-26258, CVE-2020-26259, CVE-2021-21290, CVE-2021-21295, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-21409, CVE-2021-31917
SHA-256 | 26b79e23d99e81d46adcd853630427afc565a8681dad9bf539101220d92dd7b9
Gentoo Linux Security Advisory 202105-39
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-39 - Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. Versions less than 14.2.21 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10753, CVE-2020-1759, CVE-2020-1760, CVE-2020-25660, CVE-2020-25678, CVE-2020-27781, CVE-2021-20288
SHA-256 | 7ab3522f846f6a648172b2520a0ceaea2ea557ede4081b724f6d25d68464c1a9
Red Hat Security Advisory 2021-2136-01
Posted May 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2136-01 - An Openshift Logging bug fix release addresses an index validation issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2019-13012, CVE-2019-18811, CVE-2019-19523, CVE-2019-19528, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-0431, CVE-2020-10543, CVE-2020-10878, CVE-2020-11608, CVE-2020-12114, CVE-2020-12362, CVE-2020-12464, CVE-2020-13434, CVE-2020-13543, CVE-2020-13584, CVE-2020-13776, CVE-2020-14314, CVE-2020-14344, CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14356, CVE-2020-14360
SHA-256 | 8f9746dfa68f5ebe03798d9f8686052c21773b749d26577fe45138585199782b
Ubuntu Security Notice USN-4968-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
SHA-256 | 836e6f2c1fadbf1f7e75b0617c9bff905779ac807e186968f98c72a2f7cf62a7
Gentoo Linux Security Advisory 202105-38
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-23017
SHA-256 | 20572af334a8f1e1ee046ba9e037e28de9c8585c3e1753cd1216bebc3019b5be
Page 1 of 18
Back12345Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close