what you don't know can hurt you
Showing 26 - 50 of 386 RSS Feed

Files Date: 2021-07-01 to 2021-07-31

Red Hat Security Advisory 2021-2438-01
Posted Jul 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion, and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2020-15106, CVE-2020-15112, CVE-2020-15113, CVE-2020-15114, CVE-2020-15136, CVE-2020-26160, CVE-2020-26541, CVE-2020-28469, CVE-2020-28500, CVE-2020-28852, CVE-2020-7774, CVE-2021-20206, CVE-2021-20271, CVE-2021-20291, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22133, CVE-2021-23337, CVE-2021-23362, CVE-2021-23368, CVE-2021-23382, CVE-2021-25735
MD5 | dda5a75b5b7fd18f58795ba51eeb6a02
Denver Smart Wifi Camera SHC-150 Remote Code Execution
Posted Jul 28, 2021
Authored by Ivan Nikolsky

Denver Smart Wifi Camera SHC-150 has a hardcoded backdoor login vulnerability available via telnet that gives a shell.

tags | exploit, shell
MD5 | a9a3afa83abcffe28d96ceb14d65cdc7
Red Hat Security Advisory 2021-2437-01
Posted Jul 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2437-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-25735, CVE-2021-25737, CVE-2021-3114, CVE-2021-3121, CVE-2021-3636
MD5 | 782481b65c3e32523ef90d1e2d134ef9
eGain Chat 15.5.5 Cross Site Scripting
Posted Jul 28, 2021
Authored by Hassy Vinod Eshan, Brandon Ming Yang Ho

eGain Chat version 15.5.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-15948
MD5 | 8f713683de3e61e3153e8052e40aa17b
TripSpark VEO Transportation SQL Injection
Posted Jul 28, 2021
Authored by Sedric Louissaint

TripSpark VEO Transportation suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 189e05e837b3360b20c7fe7a7553e8e5
Ubuntu Security Notice USN-5023-1
Posted Jul 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5023-1 - It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-25051
MD5 | 3dbda93d05f3a1889e17abf72c12aa2d
Red Hat Security Advisory 2021-2914-01
Posted Jul 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2914-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
MD5 | 305ee62b0573cecec578f4e283f8acec
Jira Ehcache RMI Missing Authentication
Posted Jul 27, 2021
Authored by Atlassian

Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.

tags | advisory, arbitrary
advisories | CVE-2020-36239
MD5 | 74ded10ddbdc265a72fe7aa123d82993
Red Hat Security Advisory 2021-2763-01
Posted Jul 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2763-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-33909, CVE-2021-33910
MD5 | 4eeaa031957c915d44293421cb226c42
PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
Posted Jul 27, 2021
Authored by Faisal Alhadlaq

PHP version 7.3.15-3 suffers from a PHP_SESSION_UPLOAD_PROGRESS session data injection vulnerability.

tags | exploit, php
MD5 | c88e9682c0140b88e53745d1f1516e69
WordPress Social Warfare 3.5.2 Remote Code Execution
Posted Jul 27, 2021
Authored by Raed Ahsan

WordPress Social Warfare plugin version 3.5.2 remote code execution exploit. This fully automated exploit is a variation of the original discovery made by Luka Sikic and hash3liZer in May of 2019.

tags | exploit, remote, code execution
advisories | CVE-2019-9978
MD5 | fb7aee67e4e3485ee6bbbc9c8e188cbc
Ubuntu Security Notice USN-5022-1
Posted Jul 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5022-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.26 in Ubuntu 20.04 LTS and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.35. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2339, CVE-2021-2354, CVE-2021-2370, CVE-2021-2384, CVE-2021-2390, CVE-2021-2417, CVE-2021-2425, CVE-2021-2437
MD5 | dd37bcf6f26ea1961db0a990da7b0f1c
Exploiting PHP_SESSION_UPLOAD_PROGRESS
Posted Jul 27, 2021
Authored by Faisal Alhadlaq

This whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.

tags | paper, remote, local, code execution, file inclusion
MD5 | 30b82ecd437ab784ec81665a82576757
Red Hat Security Advisory 2021-2881-01
Posted Jul 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2881-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
MD5 | 9ff18897e6c682c14fffd9e00b43d129
Gentoo Linux Security Advisory 202107-55
Posted Jul 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-55 - Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service condition. Versions less than 2.0.14-r1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14409, CVE-2020-14410
MD5 | c23795e5885e59c93af1f4c4059b0b3b
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
MD5 | d73daa7ac6681410691920aff7640598
Backdoor.Win32.Nbdd.bgz Buffer Overflow
Posted Jul 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Nbdd.bgz malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
MD5 | 0ab45590ad1c5bc094284a8fe02af3b1
Backdoor.Win32.Bifrose.acci Buffer Overflow
Posted Jul 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bifrose.acci malware suffers from a buffer overflow vulnerability that can allow for code execution.

tags | exploit, overflow, code execution
systems | windows
MD5 | 15ce9434ff14f4275aa538464484e1b9
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
MD5 | 75b29e689541f825031d9308d2c36b24
Kernel Live Patch Security Notice LSN-0079-1
Posted Jul 26, 2021
Authored by Benjamin M. Romer

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2021-33909, CVE-2021-3600
MD5 | 3d25210f32b7ce386710ced319ba74bc
Gentoo Linux Security Advisory 202107-54
Posted Jul 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-54 - Multiple vulnerabilities have been found in libyang, the worst of which could result in a Denial of Service condition. Versions less than 1.0.236 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-28902, CVE-2021-28903, CVE-2021-28904, CVE-2021-28905, CVE-2021-28906
MD5 | ffb176b4ae82462de6137dc6b7fc5c34
Backdoor.Win32.PsyRat.b Code Execution
Posted Jul 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.PsyRat.b malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
MD5 | 871963dc1f8704795330612d4aaaa001
NoteBurner 2.35 Denial Of Service
Posted Jul 26, 2021
Authored by Achilles

NoteBurner version 2.35 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | aa3389946376d9c650f5562f084b7810
Backdoor.Win32.PsyRat.b Denial Of Service
Posted Jul 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.PsyRat.b malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
MD5 | 365677d7c72828dbeba71b71220f92a2
Backdoor.Win32.Agent.cu Code Execution
Posted Jul 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Agent.cu malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
MD5 | 5437ec7780a9b74aaee43b55b5383497
Page 2 of 16
Back12345Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    1 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    20 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close