Showing 1 - 4 of 4

Files Date: 2021-11-19 to 2021-11-20

Apache Storm Nimbus 2.2.0 Command Execution: Posted Nov 19, 2021; Authored by Spencer McIntyre, Alvaro Munoz | Site metasploit.com; This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.; tags | exploit, remote, code execution, bash; advisories | CVE-2021-38294; SHA-256 | bdeabaf8ee1de5cc701765d5b3a2960189a0cd18ac93bcb180979bd32c8d528a; Download | Favorite | View

Packet Fence 11.1.0: Posted Nov 19, 2021; Site packetfence.org; PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.; Changes: PacketFence v11 now fully supports multi-factor authentication for its captive portal, CLI and VPN. Advanced integration with Akamai MFA is now included as well as generic support for any TOTP solutions. A few new features and over two dozen enhancements and bug fixes.; tags | tool, remote; systems | unix; SHA-256 | e2b27e0905cf51ca3b59fd5f4b22f91f3532230b7e73bc05f37a93b0e8e00b73; Download | Favorite | View

Ubuntu Security Notice USN-5152-1: Posted Nov 19, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5152-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.; tags | advisory, denial of service, arbitrary, spoof; systems | linux, ubuntu; advisories | CVE-2021-38503, CVE-2021-38509; SHA-256 | 4cf4f8b326d91fae79b633a52f5e15eabec035c4ef4fe52cd1e07e04a4c88083; Download | Favorite | View

Red Hat Security Advisory 2021-4743-03: Posted Nov 19, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4743-03 - LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-42574; SHA-256 | cc2f2c61da319fd573e3a950f95a76aa25b7bd22cc9d81900456a9a34f9653ed; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days