what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 343 RSS Feed

Files Date: 2021-09-01 to 2021-09-30

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.

tags | exploit, remote
SHA-256 | 6ef66ed70e92ad612290d98df48054d67d1c964e07a0683eaed0ee4abc38ad4e
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Backdoor Account
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.

tags | exploit
SHA-256 | 76986786233f93566ddb9953be6f98bfa450885a5ac241ed16617a8870a9ff2b
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Configuration Disclosure
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.

tags | exploit, web
SHA-256 | c9208e538a5afc70b3635572f890f2667c94de059d48740427d2b3abf186786c
FatPipe Networks WARP 10.2.2 Authorization Bypass
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
SHA-256 | d011bfaa75604c3b3dc63ad611330b11fc8a534120edc38f724e1a4f58929d87
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Cross Site Request Forgery
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

The application interface FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | 7e2119d2b169c3fb6fb1b259c686bac08187edd3b7de42bea6ab93a108d54445
Ubuntu Security Notice USN-5090-3
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
SHA-256 | b581416306f3dd476e571d54877a550435c22900a370f6c91efbf9d6ff8a914f
Red Hat Security Advisory 2021-3675-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3675-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | ad9ce160c59df30cf9941c0697bd6c9340ed669c6ce5bb9d5b843c8b6fea9592
WordPress Ultimate Maps 1.2.4 Cross Site Scripting
Posted Sep 28, 2021
Authored by 0xB9

WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24274
SHA-256 | ffbdf36c553fc01d39018fe0185356f74c5cc7f17c0c33a393d62e41f2a8b4f0
Red Hat Security Advisory 2021-3676-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3676-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-3653, CVE-2021-3656
SHA-256 | 3890d30cbbe4c135f4f392438402e64ce8d51636134209fb2750f26e7d7532aa
Ubuntu Security Notice USN-5093-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5093-1 - Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3770, CVE-2021-3778, CVE-2021-3796
SHA-256 | c4de699295308995e581a4fe17697bd8bdf4568f3c040db7dede29c2d61a0c08
Apache James Server 2.3.2 Remote Command Execution
Posted Sep 28, 2021
Authored by shinris3n

Apache James Server version 2.3.2 remote command execution exploit.

tags | exploit, remote
SHA-256 | c9b253ccb01558d000573b82422dd40cdb537674eba685ea7b12e068e995cf6b
Ubuntu Security Notice USN-5092-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5092-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33624, CVE-2021-34556, CVE-2021-35477, CVE-2021-3679, CVE-2021-37159, CVE-2021-37576, CVE-2021-38160, CVE-2021-38199, CVE-2021-38201, CVE-2021-38204, CVE-2021-38205, CVE-2021-41073
SHA-256 | ebcf129926760acf6a8d3e98fe23c9b1ac0c8a4d82db537ed58774cee102bccf
WordPress Popup 1.10.4 Cross Site Scripting
Posted Sep 28, 2021
Authored by 0xB9

WordPress Popup plugin version 1.10.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24275
SHA-256 | ed1b48d005de68bb19e777a8b0f2eaf4468a6b8c5f2311d3d8b400aa188e742b
Ubuntu Security Notice USN-5091-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5091-1 - Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2021-33624, CVE-2021-3679, CVE-2021-37576, CVE-2021-38160, CVE-2021-38199, CVE-2021-38204
SHA-256 | e091ef36b1fd7e00cec219aaafc4dbf41a9c32a20d118dea6371229fe281294a
Red Hat Security Advisory 2021-3631-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3631-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.13.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-25741
SHA-256 | 8e15d9103084ebe3b6008819ce87de2a844281957382e8d746f468506f8e8c30
WordPress Contact Form 1.7.14 Cross Site Scripting
Posted Sep 28, 2021
Authored by 0xB9

WordPress Contact Form plugin version 1.7.14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24276
SHA-256 | 0e0ab4bcf75174837ae5ceeeb37aa6426986dc34ed136e26b958c7fd2bc5c479
Ubuntu Security Notice USN-5090-2
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-2 - USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-34798, CVE-2021-39275, CVE-2021-40438
SHA-256 | 341b8ef0fe4e6777bab5fa98b857529884200d7119257e755b6ca149890c4518
WordPress TranslatePress 2.0.8 Cross Site Scripting
Posted Sep 28, 2021
Authored by Nosa Shandy

WordPress TranslatePress plugin version 2.0.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24610
SHA-256 | 3822bef2a24677b6eb4b93a67de4fe8417a8820f848d7d696fae51a0be909fc2
Ubuntu Security Notice USN-5090-1
Posted Sep 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5090-1 - James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438
SHA-256 | 4f7aac22cc9fea438546a6e2165f1fd88e03efade01784bf4e244e2cf8f08093
iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass
Posted Sep 27, 2021
Authored by IllusionOfChaos | Site github.com

Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.

tags | exploit
systems | apple, ios
SHA-256 | 0af5f880ff757d8f4ecf82631a976eb88cd98d6646578d823eeb66b9199ddf29
iOS 15.0 nehelper Enumeration
Posted Sep 27, 2021
Authored by IllusionOfChaos | Site github.com

Zero day exploit for nehelper on iOS 15.0 that allows any user-installed application to determine whether any application is installed on the device given its bundle ID.

tags | exploit, vulnerability
systems | apple, ios
SHA-256 | 375980bf93ee070923c3bb357ef6f80b43ca064d6099d8de7d730edb2ea93c70
iOS 15.0 Gamed Information Disclosure
Posted Sep 27, 2021
Authored by IllusionOfChaos | Site github.com

Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
systems | apple, ios
SHA-256 | 064f75f646068bb009495ba2efc5724b31cd4cd7265da1713630bea9d23cab50
OpenSSH 8.8p1
Posted Sep 27, 2021
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Various minor bug fixes and improvements.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | 4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9
Red Hat Security Advisory 2021-3666-01
Posted Sep 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3666-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, path sanitization, and use-after-free vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
SHA-256 | c3e88fe61108ab45d44ef8e7ffedeed0ae53649beffdf3ca315f12cedd7d9b64
Simple Attendance System 1.0 Authentication Bypass
Posted Sep 27, 2021
Authored by Richard Jones

Simple Attendance System version 1.0 authentication bypass exploit that adds an administrator.

tags | exploit
SHA-256 | e4a056c4bf0781532ad19c5a4655a2089555c71ce7492598d7a21cf841394ff6
Page 2 of 14
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close