what you don't know can hurt you
Showing 1 - 25 of 679 RSS Feed

Operating System: Mac OS X

Red Hat Security Advisory 2021-2813-01
Posted Jul 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2813-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat, osx
advisories | CVE-2020-29573
MD5 | 871020c7b2012dccd40c91ae4a588dd5
Red Hat Security Advisory 2021-1585-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1585-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer over-read vulnerability.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326
MD5 | 502fd63d95535f98b78e35ea0a6586e3
Ubuntu Security Notice USN-4954-1
Posted May 14, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4954-1 - Jason Royes and Samuel Dytrych discovered that the memcpy implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the POSIX regex implementation in the GNU C Library did not properly parse alternatives. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, osx, ubuntu
advisories | CVE-2009-5155, CVE-2020-6096
MD5 | bf1be2fa5ed0acab1c981917d5b783b4
Nagios XI 5.7.3 Remote Code Execution
Posted Apr 21, 2021
Authored by Chris Lyne, Erik Wynter | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-5792
MD5 | 2df6940f1d406eb594bb234456e3e6f5
Nagios XI Remote Code Execution
Posted Apr 15, 2021
Authored by Haboob Team, Erik Wynter | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-35578
MD5 | 91ac1437912ce19fca5580399b1f6625
Nagios XI getprofile.sh Remote Command Execution
Posted Apr 14, 2021
Authored by Erik Wynter, Jak Gibb | Site metasploit.com

This Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run as the nagios user. For versions 5.5.0 through 5.6.5, the commands are run as root. Note that versions prior to 5.2.0 will still be marked as being vulnerable however this module does not presently support exploiting these targets. The module uploads a malicious check_ping plugin to the Nagios XI server via /admin/monitoringplugins.php and then executes this plugin by issuing a HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.3.0 and Nagios 5.6.5, both running on CentOS 7. For vulnerable versions before 5.5.0, it may take a significant amount of time for the payload to get back (up to 5 minutes). If exploitation fails against an older system, it is recommended to increase the WfsDelay setting (default is 300 seconds).

tags | exploit, web, arbitrary, root, php
systems | linux, unix, osx, centos
advisories | CVE-2019-15949
MD5 | c535c12509a747d756650bedc5b31fca
Red Hat Security Advisory 2021-0348-01
Posted Feb 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0348-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer over-read and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat, osx
advisories | CVE-2019-25013, CVE-2020-10029, CVE-2020-29573
MD5 | e85163612008c3d9c255694571499d78
Red Hat Security Advisory 2020-5351-01
Posted Dec 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5351-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | d0c0e105a1db23827e75ce7072db41b9
Red Hat Security Advisory 2020-5352-01
Posted Dec 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5352-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | 12b6bb5f09185927f265dbab3a4e04a4
Red Hat Security Advisory 2020-4444-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4444-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2020-10029, CVE-2020-1751, CVE-2020-1752
MD5 | 842ac2d95b79f7d7ded97e72c2ab14da
Red Hat Security Advisory 2020-3861-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3861-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2019-19126
MD5 | ac8eec1dd3f9741cc0d02537b4820c5b
Red Hat Security Advisory 2020-2210-01
Posted May 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2210-01 - KornShell is a Unix shell which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | fd8c80347cd4ed97e92d1050f4903caf
Red Hat Security Advisory 2020-1828-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1828-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2019-19126
MD5 | 0d4f1c8267ab665f6c5a036ee39a3eb4
Red Hat Security Advisory 2020-1333-01
Posted Apr 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1333-01 - KornShell is a Unix shell developed by AT+T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | 129fab33e89337166620907e653bddf2
Red Hat Security Advisory 2020-1332-01
Posted Apr 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1332-01 - KornShell is a Unix shell developed by AT+T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | 4326e13a6cfed935ccfe0b0a3331ba4c
Nagios XI Authenticated Remote Command Execution
Posted Mar 10, 2020
Authored by Erik Wynter, Jak Gibb | Site metasploit.com

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.

tags | exploit, web, arbitrary, root
systems | linux, unix, osx, centos
advisories | CVE-2019-15949
MD5 | 27aeb9dcadc656869ca4d5c1b08a9963
Red Hat Security Advisory 2020-0568-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0568-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability was addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | 35d10dc44cb1ac3d834aec47733e7e57
Red Hat Security Advisory 2020-0559-01
Posted Feb 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0559-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability was addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | d07ac3d3894450b7c9cc812217316506
Red Hat Security Advisory 2020-0515-01
Posted Feb 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0515-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | f0227d20c5796614746307fea644d248
Red Hat Security Advisory 2020-0431-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0431-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | bd6b017de7b7f5daa19514165ab71658
Red Hat Security Advisory 2019-3513-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3513-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2016-10739
MD5 | 3a0c50a3173d887d3063c7245f1a049e
Red Hat Security Advisory 2019-2118-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2118-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2016-10739
MD5 | 1bfd6b71db21ffef736dcab49b602842
FreeBSD Security Advisory - FreeBSD-SA-19:13.pts
Posted Jul 25, 2019
Authored by syzkaller | Site security.freebsd.org

FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.

tags | advisory, kernel, root
systems | freebsd, bsd, osx
advisories | CVE-2019-5606
MD5 | bb73159089c28abc1e386b3526667139
Ubuntu Security Notice USN-3848-1
Posted Dec 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3848-1 - It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2017-18174, CVE-2018-12896, CVE-2018-18690, CVE-2018-18710
MD5 | 54eea9cfff67d88df3b99da978ff5b90
Ubuntu Security Notice USN-3847-1
Posted Dec 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3847-1 - It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2018-10902, CVE-2018-12896, CVE-2018-14734, CVE-2018-16276, CVE-2018-18445, CVE-2018-18690, CVE-2018-18710
MD5 | 5703c2f44fdffc67aa1c3e986372d1a0
Page 1 of 28
Back12345Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close