what you don't know can hurt you
Showing 1 - 25 of 29,232 RSS Feed

Remote Files

Ubuntu Security Notice USN-5180-1
Posted Dec 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5180-1 - It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-44227
MD5 | 8d5a793c1d3a87ebce752576a0f804e1
Reprise License Manager 14.2 Remote Binary Execution
Posted Dec 8, 2021
Authored by Andreas Fyhn Andersen, Mark Staal Steenberg, Oliver Lind Nordestgaard, Gionathan Armando Reale, Bilal El Ghoul

Reprise License Manager version 14.2 suffers from an authenticated remote binary execution vulnerability.

tags | exploit, remote
advisories | CVE-2021-44153
MD5 | 168a71810d65bf8de3fe62438600faa2
Ubuntu Security Notice USN-5168-4
Posted Dec 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-4 - USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | 268760165ba1221a3f3d235bd7035bf9
Ubuntu Security Notice USN-5179-1
Posted Dec 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5179-1 - It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that BusyBox incorrectly handled certain malformed LZMA archives. If a user or automated system were tricked into processing a specially crafted LZMA archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly leak sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-28831, CVE-2021-42374, CVE-2021-42380, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385
MD5 | 01b6c0084a8d9d9b7eae9133958e19df
Ubuntu Security Notice USN-5178-1
Posted Dec 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5178-1 - Sjoerd Job Postmus and TengMA discovered that Django incorrectly handled URLs with trailing newlines. A remote attacker could possibly use this issue to bypass certain access controls.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-44420
MD5 | 3b4b2a16be4593d6a9eec188679fffa5
Ubuntu Security Notice USN-5171-1
Posted Dec 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5171-1 - It was discovered that Long Range ZIP incorrectly handled certain specially crafted lrz files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-8844, CVE-2018-10685, CVE-2018-5786
MD5 | 07e3fbd46037a8b0af7fb998bd30e0d3
Croogo 3.0.2 Remote Code Execution
Posted Dec 6, 2021
Authored by Deha Berkin Bir

Croogo version 3.0.2 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 6d2d1a5cf85bc8370d04c49ba21b5b7a
Ubuntu Security Notice USN-5174-1
Posted Dec 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5174-1 - Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. Andrew Bartlett discovered that Samba did not properly check sensitive attributes. An authenticated attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, remote, local, root
systems | linux, ubuntu
advisories | CVE-2016-2124, CVE-2020-25717, CVE-2020-25722, CVE-2021-3671
MD5 | 36154f364ec799ffdf2210a0c6ceff95
Simple Online Men's Salon Management System 1.0 SQL Injection
Posted Dec 6, 2021
Authored by nu11secur1ty

Simple Online Men's Salon Management System version 1.0 appears to suffer from a time-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0ff9c235bb0c8f1fc99b9b6c56fd1d6d
Online Magazine Management System 1.0 SQL Injection
Posted Dec 3, 2021
Authored by Mohamed Habib Smidi

Online Magazine Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 15bcfb5c1cee090cb30cf5fc8ab0b96b
M-Files Web Denial Of Service
Posted Dec 3, 2021
Authored by Murat Aydemir

M-Files Web versions prior to 20.10.9524.1 and M-Files Web versions prior to 20.10.9445.0 contain an improper range header processing vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges (via HTTP requests with a specially-crafted Range or Request-Range headers) to cause the web application to compress each of the requested bytes, resulting in a crash due to excessive memory and CPU consumption and preventing users from accessing the system.

tags | exploit, remote, web, denial of service
advisories | CVE-2021-37253
MD5 | 702b153b49271134180706c5326c98a0
Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection
Posted Dec 3, 2021
Authored by Mohamed Habib Smidi

Online Pre-Owned / Used Car Showroom Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | d44e57fcdb32c5957528044e2c181c4d
Red Hat Security Advisory 2021-4902-06
Posted Dec 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4902-06 - The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, web, denial of service, shell, vulnerability
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-27304, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23343, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-28153
MD5 | b64d35446450d50ff8f7d41b4f3938e5
Ubuntu Security Notice USN-5168-3
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-3 - USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | 106341b60664441783f0031ef8f6265a
Ubuntu Security Notice USN-5168-1
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-1 - Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | 0e4142ce22ed9c20ba17227b9f26297f
Ubuntu Security Notice USN-5168-2
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-2 - Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | cceb150b416aa2150d692f26de8cb22b
Ubuntu Security Notice USN-5165-1
Posted Dec 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5165-1 - It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface implementation. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2021-3760, CVE-2021-3772, CVE-2021-42327, CVE-2021-42739, CVE-2021-43056, CVE-2021-43267, CVE-2021-43389
MD5 | 9b62ebc65593eec8e7ee5817b3b82e23
Advanced Comment System 1.0 Remote Command Execution
Posted Dec 1, 2021
Authored by Nicole Daniella Murillo Mejias

Advanced Comment System version 1.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 842196b79ae25188b19919d1c8170b75
Laundry Booking Management System 1.0 Remote Code Execution
Posted Nov 30, 2021
Authored by Pablo Santiago

Laundry Booking Management System version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 33e3b7d9f8f26e8ad11d2b21ca65b079
Orangescrum 1.8.0 SQL Injection
Posted Nov 29, 2021
Authored by Hubert Wojciechowski

Orangescrum version 1.8.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 6d24e2e764688c396f1e29fbc2755de9
Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation
Posted Nov 29, 2021
Authored by Apaar Farmaha, Aman Saxena, Shlok Yadav

This document aims at explaining some recent vulnerabilities in Apache HTTP Server that leads to attacks like path traversal and remote code execution.

tags | exploit, paper, remote, web, vulnerability, code execution
advisories | CVE-2021-42013
MD5 | feda936f15f34e868bc723af3bf3cca5
D-Link DSL-3782 Pre-Authentication Remote Root
Posted Nov 27, 2021
Authored by Cody Sixteen

D-Link DSL-3782 pre-authentication remote root exploit.

tags | exploit, remote, root
MD5 | a6737ad9475fdc7acd7e5df474362dd1
Gerdab.ir SQL Injection
Posted Nov 25, 2021
Authored by E1.Coders

Gerdab.ir suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 18fdb5b23ba7c3cffe7a903bb4fc9a8e
Ubuntu Security Notice USN-5155-1
Posted Nov 24, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5155-1 - It was discovered that BlueZ incorrectly handled the Discoverable status when a device is powered down. This could result in devices being powered up discoverable, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. It was discovered that BlueZ incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause BlueZ to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3658, CVE-2021-41229, CVE-2021-43400
MD5 | 720bbe1eb49a598986078fe04f230c13
CMSimple 5.4 Local File Inclusion / Remote Code Execution
Posted Nov 24, 2021
Authored by S1lv3r

CMSimple version 5.4 local file inclusion to remote code execution exploit.

tags | exploit, remote, local, code execution, file inclusion
MD5 | 7d206d745fd2639b990408dc45a77919
Page 1 of 1,170
Back12345Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close