what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2021-11-12

Ubuntu Security Notice USN-5145-1
Posted Nov 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5145-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23214
SHA-256 | 0a95ded6de0e7c131df6f75fcd52434d727c24d1f5e7d16fd516ebe9ffed294c
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
Posted Nov 12, 2021
Authored by Erik Wynter, Erik de Jong | Site metasploit.com

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain remote code execution as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the application responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a.

tags | exploit, remote, shell, local, root, php, vulnerability, code execution, file inclusion
advisories | CVE-2020-16152
SHA-256 | f4fce0d3935a3baeeca64e47d1f3ececd06846dd7a61129d94c68314b7e81dbb
Red Hat Security Advisory 2021-4531-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4531-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as the initial Windows release of OpenJDK 17. For further information, refer to the release notes linked to in the References section.

tags | advisory, java
systems | linux, redhat, windows
advisories | CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | 082e65c3466680b61175b95ae62fefca45ebd9871a01dee85f8faf2d71bbe8db
WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting
Posted Nov 12, 2021
Authored by Murat Demirci

WordPress AccessPress Social Icons plugin version 1.8.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3d28795af2e5b7c30c8e0b1f47c5922424aba560fef29b28762e89efeb828946
Red Hat Security Advisory 2021-4532-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4532-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as the initial portable Linux release of OpenJDK 17. For further information, refer to the release notes linked to in the References section.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | 75037d8d382efe0c1ddc771fc434d6b6db41fdce63eb4f8363ef0b0eaec0fd31
Xlight FTP 3.9.3.1 Buffer Overflow
Posted Nov 12, 2021
Authored by Yehia Elghaly

Xlight FTP version 3.9.3.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 3dabb6c449afa7a3c575affa67b35587c650c44ef61038914bd7c28eaba98ea7
Ubuntu Security Notice USN-5144-1
Posted Nov 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5144-1 - It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3933
SHA-256 | 9828e32eeb5aefab2394f5b1f785c86678e0450cb349ce482ca5e6bbe7503f97
WordPress WP Symposium Pro 2021.10 Cross Site Scripting
Posted Nov 12, 2021
Authored by Murat Demirci

WordPress WP Symposium Pro version 2021.10 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 87bf68076d3cb18db38faa59c8db59d1a7f9b0580cd9b0b2ffed72024871b6fa
Kernel Live Patch Security Notice LSN-0082-1
Posted Nov 12, 2021
Authored by Benjamin M. Romer

Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. Various other vulnerabilities were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2020-29660, CVE-2020-29661, CVE-2021-3444, CVE-2021-3715
SHA-256 | 4c43b77dc14ec38d515895508c90603e29e4435a67390143e2cb91e68bc70e9d
Microsoft Windows MultiPoint Server 2011 SP1 Local Privilege Escalation
Posted Nov 12, 2021
Authored by Marcio Mendes

Microsoft MultiPoint Server 2011 version 6.1 Compilation 7601 Service Pack 1 suffers from an RpcEptMapper and Dnschade local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 8be97a788656d251874f333f549ef913b4af5f496c16095cfdea95d98bc09ad5
Red Hat Security Advisory 2021-4618-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4618-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, and path sanitization vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-0512, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947, CVE-2021-23017, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32690, CVE-2021-32803, CVE-2021-32804, CVE-2021-33623, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-36222, CVE-2021-3656, CVE-2021-3711, CVE-2021-3712, CVE-2021-3733
SHA-256 | 14809d9261f291a519a153713fcca44c926124a2a48c8d989887911783dba47f
Mumara Classic 2.93 SQL Injection
Posted Nov 12, 2021
Authored by Shain Lakin

Mumara Classic versions 2.93 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 92452b70f8e9fe54fbe27bb88ae426682962a9d7dcfd2dec517e8b15aa9ddde2
Red Hat Security Advisory 2021-4621-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4621-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2021-41159, CVE-2021-41160
SHA-256 | 25f350c3b73b8f530c038049ac1c3390c0f3ed2f058a2b01c02ab2a56949da5a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close