what you don't know can hurt you
Showing 1 - 25 of 29,429 RSS Feed

Vulnerability Files

Red Hat Security Advisory 2021-1202-01
Posted Apr 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1202-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | a9eb97ddf71ce9ca727565fce2c101b9
Red Hat Security Advisory 2021-1203-01
Posted Apr 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1203-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | 729f47d6be380b2965ef0599a9540c25
Red Hat Security Advisory 2021-1200-01
Posted Apr 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1200-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | b8a6f25dd58376a43f4f40a29517284b
Red Hat Security Advisory 2021-1199-01
Posted Apr 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1199-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | 442a2f818780d73acd032f6e46273fae
Red Hat Security Advisory 2021-1195-01
Posted Apr 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1195-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | dacb6d6c13c5d9b7be6d35069dad438d
Webmail Edition 5.2.22 XSS / Remote Code Execution
Posted Apr 14, 2021
Authored by nu11secur1ty, Ventsislav Varbanovski, Alex Birnberg

Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the Horde_Text_Filter library.

tags | exploit, remote, vulnerability, code execution, xss
advisories | CVE-2021-26929
MD5 | dd1588866001ae370f23e0d6ec8d2f71
Red Hat Security Advisory 2021-1196-01
Posted Apr 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1196-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | 1e20b1d3fa25aae80ecbb9ca2aa74000
Red Hat Security Advisory 2021-1169-01
Posted Apr 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1169-01 - The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2019-20921, CVE-2020-25657, CVE-2020-28458, CVE-2020-28477
MD5 | f30c28086eb6756954fbbebcf8322ae6
Red Hat Security Advisory 2021-1189-01
Posted Apr 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1189-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | 35e740aea2aba5046d28139bf1b9ca72
Red Hat Security Advisory 2021-1171-01
Posted Apr 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
MD5 | fd7794f9e030733f853b32bf9bf1cdfb
Red Hat Security Advisory 2021-1173-01
Posted Apr 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-27364, CVE-2021-27365
MD5 | 29a39411f8522d68c66a87c24114b782
Red Hat Security Advisory 2021-1168-01
Posted Apr 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1168-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console-with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, denial of service, integer overflow, and null pointer vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-14040, CVE-2020-27152, CVE-2020-28374, CVE-2020-28500, CVE-2020-28851, CVE-2020-28852, CVE-2020-29529, CVE-2021-21321, CVE-2021-21322, CVE-2021-23337, CVE-2021-23840, CVE-2021-23841, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3121, CVE-2021-3347, CVE-2021-3449, CVE-2021-3450
MD5 | b9e0eefcc48c75875a38dd990028dd1a
D-Link DSL-320B-D1 Pre-Authentication Buffer Overflow
Posted Apr 8, 2021
Authored by Gabriele Gristina

The D-Link DSL-320B-D1 ADSL modem suffers from multiple pre-authentication stack buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2021-26709
MD5 | 5f8a697c2829e549f81af766926d0ea9
Monospace Directus Headless CMS File Upload / Rule Bypass
Posted Apr 7, 2021
Authored by Moritz Friedmann, Oliver Boehlk | Site sec-consult.com

Monospace Directus Headless CMS versions prior to 8.8.2 suffers from .htaccess rule bypass and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
advisories | CVE-2021-29641
MD5 | a539b17d7f2faaebf90a4f897e76ae67
Red Hat Security Advisory 2021-1093-01
Posted Apr 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1093-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-27152, CVE-2020-28374, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347
MD5 | 5cd97afb5849f42c3e9017765e17a37f
Dell OpenManage Server Administrator 9.4.0.0 File Read
Posted Apr 7, 2021
Authored by Rhino Security Labs

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

tags | exploit, remote, web, vulnerability
advisories | CVE-2020-5377
MD5 | a782a64eb3fb7e8fbc44e13f11d5378a
Red Hat Security Advisory 2021-1081-01
Posted Apr 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1081-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-27152, CVE-2020-28374, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347
MD5 | c13387ded30e131eec84c0c8bae119e8
Ubuntu Security Notice USN-4561-2
Posted Apr 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4561-2 - USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-8161, CVE-2020-8184
MD5 | 04337f9d1336ac329d86fe6c1373cc09
Red Hat Security Advisory 2021-1071-01
Posted Apr 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1071-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
MD5 | bfa99c9a1f3bdb9d91c6b78bc7db931f
Red Hat Security Advisory 2021-1069-01
Posted Apr 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1069-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-27364, CVE-2021-27365
MD5 | 245bb001794052bc35268640547d848e
Red Hat Security Advisory 2021-1070-01
Posted Apr 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1070-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
MD5 | 1484f5eeb720f261b753dfefe6dfa22c
Mini Mouse 9.3.0 Local File Inclusion / Path Traversal
Posted Apr 6, 2021
Authored by gosh

Mini Mouse version 9.3.0 suffers from local file inclusion and path traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 5f48132206c39831f6956e4b977d8857
Trojan.Win32.Sharer.h Buffer Overflow / Denial Of Service / Heap Corruption
Posted Apr 5, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Sharer.h malware suffers from buffer overflow, denial of service, and heap corruption vulnerabilities.

tags | exploit, denial of service, overflow, trojan, vulnerability
systems | windows
MD5 | 46c6973ce9b92bed3583a9cf27f2d773
SQLMAP - Automatic SQL Injection Tool 1.5.4
Posted Apr 2, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 44cb9c378cd0433ae18b4bcf97cabedd
SaltStack Salt API Unauthenticated Remote Command Execution
Posted Apr 1, 2021
Authored by Christophe de la Fuente, Alex Seymour | Site metasploit.com

This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on the master, including custom grain modules in the Extension Module directory. So, this module simply creates a Python script at this location and waits for it to be executed. The time interval is set to 60 seconds by default but can be changed in the master configuration file with the loop_interval option. Note that, if an administrator executes commands locally on the master, the maintenance process check will also be performed. It has been fixed in the following installation packages: 3002.5, 3001.6 and 3000.8. Also, a patch is available for the following versions: 3002.2, 3001.4, 3000.6, 2019.2.8, 2019.2.5, 2018.3.5, 2017.7.8, 2016.11.10, 2016.11.6, 2016.11.5, 2016.11.3, 2016.3.8, 2016.3.6, 2016.3.4, 2015.8.13 and 2015.8.10. This module has been tested successfully against versions 3001.4, 3002 and 3002.2 on Ubuntu 18.04.

tags | exploit, root, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-25281, CVE-2021-25282
MD5 | c836d9acbeb076642702599310fe13a4
Page 1 of 1,178
Back12345Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close