what you don't know can hurt you
Showing 101 - 125 of 29,505 RSS Feed

Vulnerability Files

SaltStack Salt API Unauthenticated Remote Command Execution
Posted Apr 1, 2021
Authored by Christophe de la Fuente, Alex Seymour | Site metasploit.com

This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on the master, including custom grain modules in the Extension Module directory. So, this module simply creates a Python script at this location and waits for it to be executed. The time interval is set to 60 seconds by default but can be changed in the master configuration file with the loop_interval option. Note that, if an administrator executes commands locally on the master, the maintenance process check will also be performed. It has been fixed in the following installation packages: 3002.5, 3001.6 and 3000.8. Also, a patch is available for the following versions: 3002.2, 3001.4, 3000.6, 2019.2.8, 2019.2.5, 2018.3.5, 2017.7.8, 2016.11.10, 2016.11.6, 2016.11.5, 2016.11.3, 2016.3.8, 2016.3.6, 2016.3.4, 2015.8.13 and 2015.8.10. This module has been tested successfully against versions 3001.4, 3002 and 3002.2 on Ubuntu 18.04.

tags | exploit, root, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-25281, CVE-2021-25282
MD5 | c836d9acbeb076642702599310fe13a4
ScadaBR 1.0 Shell Upload
Posted Apr 1, 2021
Authored by Fellipe Oliveira

ScadaBR version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 8626f1f23af69cc594f9e46083b387d9
School Registration And Fee System 1.0 Cross Site Scripting
Posted Apr 1, 2021
Authored by Richard Jones

School Registration and Fee System version 1.0 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 798bee95d57d77d1e00e72e66cb8c083
Backdoor.Win32.Burbul.b Authentication Bypass / Man-In-The-Middle
Posted Mar 31, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Burbul.b malware suffers from bypass and man-in-the-middle vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | c78d63aa6aa039b11938e3036991d041
Red Hat Security Advisory 2021-1050-01
Posted Mar 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1050-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-27827, CVE-2020-35498
MD5 | 5ff8aca5506d26ec6be3fd12d445df48
Red Hat Security Advisory 2021-1051-01
Posted Mar 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1051-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2020-27827
MD5 | 0db1df594bd5aabba0243d259f43fb74
Gentoo Linux Security Advisory 202103-03
Posted Mar 31, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202103-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1k are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23840, CVE-2021-23841, CVE-2021-3449, CVE-2021-3450
MD5 | 07c6a7c57274c3e07d6e5c3532051d5e
Gentoo Linux Security Advisory 202103-01
Posted Mar 31, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202103-1 - Multiple vulnerabilities have been found in Salt, the worst of which could allow remote attacker to execute arbitrary commands. Versions less than 3000.8 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-25284, CVE-2021-3144, CVE-2021-3148, CVE-2021-3197
MD5 | 0cd739c7c18a6d6fa64563d34a9ef065
Red Hat Security Advisory 2021-1026-01
Posted Mar 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1026-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include out of bounds read and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-11756, CVE-2019-17006, CVE-2020-12403
MD5 | 89f5e642f98b9254896cd26838b85e52
Red Hat Security Advisory 2021-1032-01
Posted Mar 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1032-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities.

tags | advisory, web, denial of service, overflow, perl, vulnerability
systems | linux, redhat
advisories | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
MD5 | 2ddb4b768adb43305929cb7dab3ed45a
IRC-Worm.Win32.Jane.a Authentication Bypass / Man-In-The-Middle
Posted Mar 30, 2021
Authored by malvuln | Site malvuln.com

IRC-Worm.Win32.Jane.a malware suffers from bypass and man-in-the-middle vulnerabilities.

tags | exploit, worm, vulnerability
systems | windows
MD5 | 90701fec5ba325d00d5cda1bc06ea330
IRC-Worm.Win32.Jane.a Authentication Bypass / Code Execution
Posted Mar 30, 2021
Authored by malvuln | Site malvuln.com

IRC-Worm.Win32.Jane.a malware suffers from bypass and code execution vulnerabilities.

tags | exploit, worm, vulnerability, code execution
systems | windows
MD5 | bc5fafa0d28f3f6af4f4c0b4f3234792
Red Hat Security Advisory 2021-1024-01
Posted Mar 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1024-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2021-3449, CVE-2021-3450
MD5 | ad384095ef826a0f5bc31f9f3c62eaba
Red Hat Security Advisory 2021-1004-01
Posted Mar 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1004-01 - This release of Red Hat build of Quarkus 1.11.6 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, information leakage, and traversal vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-25633, CVE-2020-25724, CVE-2020-26238, CVE-2021-20218
MD5 | 9dd650d085ce61e3b38f01cd8b92389e
Project Expense Monitoring System 1.0 SQL Injection
Posted Mar 29, 2021
Authored by Richard Jones

Project Expense Monitoring System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | d1309a20427fbf815bd46a6a7024ac5b
Equipment Inventory System 1.0 Cross Site Scripting
Posted Mar 29, 2021
Authored by Jitendra Kumar Tripathi

Equipment Inventory System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b7b8ed83bdf65794cf25f59d91b295d9
Id Card Generator 1.0 Cross Site Scripting
Posted Mar 28, 2021
Authored by Richard Jones

Id Card Generator version 1.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f28ea598bf9a391524ad5a07e3d3ecbc
Ubuntu Security Notice USN-4888-2
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4888-2 - USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-27840, CVE-2021-20277
MD5 | a7edc38f2801676f33f9cbf0c9e31080
Backdoor.Win32.Kwak.12 Authentication Bypass / Code Execution
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
MD5 | f2ab2d12fa3f59fb53e62ee77516a4fe
GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 26, 2021
Authored by Abhishek Joshi

GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 0274807889f69e5cd2d483307e8a0a7e
Backdoor.Win32.Kwak.12 Authentication Bypass / Man-In-The-Middle
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 91be9bd27e99d03cc1a518b4174d4eb9
Red Hat Security Advisory 2021-0833-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0833-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.404. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-27813
MD5 | 0054f0a5dcb0f8e09a45161ad0b1d254
Red Hat Security Advisory 2021-0986-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0986-01 - The release of Red Hat AMQ Online 1.7.0 serves as a replacement for earlier AMQ Online releases, and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include information leakage and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-20218, CVE-2021-21290, CVE-2021-21295
MD5 | 6b56f46d3725e7aaf7da8d302289fcd5
Red Hat Security Advisory 2021-0976-01
Posted Mar 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0976-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2020-27827
MD5 | a7382fea42e90d76347dcac72b38eb1c
URL Exploiting - XXE To SSRF
Posted Mar 24, 2021
Authored by Team SafeSecurity

This whitepaper explains how xml external entity and server-side request forgery vulnerabilities work and how they can be combined to perform attacks.

tags | paper, vulnerability
MD5 | ade02889096d0c4736522c32d4c95692
Page 5 of 1,181
Back34567Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close