Apport 2.20 - Local Privilege Escalation

Exploit Title: Apport 2.20 - Local Privilege Escalation Date: 18/02/21 Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Appor...

CrackerJack - Web GUI for Hashcat

Web Interface for Hashcat by Context Information Security Demo / StartCracking in Under 5 Minutes Introduction CrackerJack is a Web GUI for Hashcat developed in Python. Architecture This project aims to keep the GUI and Hashcat independent. In a nutshell, here's how it works: User uploads hashes,...

openSUSE Security Update : opera (openSUSE-2021-296)

This update for opera fixes the following issues : - Update to version 74.0.3911.107 - CHR-8311 Update chromium on desktop-stable-88-3911 to 88.0.4324.150 - DNA-90329 Implement clientcapabilities negotiation for Flow / Sync - DNA-90560 Search Tabs Open Tabs On Top - DNA-90620 Add opauto tests for...

OPENSUSE-SU-2021:0296-1 Security update for opera

This update for opera fixes the following issues: - Update to version 74.0.3911.107 - CHR-8311 Update chromium on desktop-stable-88-3911 to 88.0.4324.150 - DNA-90329 Implement clientcapabilities negotiation for Flow / Sync - DNA-90560 Search Tabs Open Tabs On Top - DNA-90620 Add opauto tests for...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

SAP NetWeaver Master Data Management 访问控制错误漏洞

SAP NetWeaver Master Data Management SAP MDM is a software from SAP Germany for managing inter-enterprise collaboration. A security vulnerability exists in SAP Software Provisioning Manager that stems from the failure to set a password option during installation, which can be exploited by an...

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup aka CID-b98e762e3d71.

...

CVE-2021-3229

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.38410177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error...

CVE-2021-3229

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.38410177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error...

Denial of service

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.38410177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error...

Unable to access StoreFront URL, error “can’t reach this page”

• In this scenario, the customer just built a test site running Virtual Apps 1912CU1 • He built one DDC, 2 StoreFront servers, and aleady created a Site and a StoreFront Store • When attempting to access the StoreFront URL, he gets an error saying “can’t reach this page” • Using the StoreFront...

KB5000862: Setup Dynamic Update for Windows 10, version 2004 and 20H2: March 25, 2021

KB5000862: Setup Dynamic Update for Windows 10, version 2004 and 20H2: March 25, 2021 Summary This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 10, version 2004 and 20H2. How to get this update This update is available through Windows...

vulhub1

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments for testing and learning purposes, with no pre-existing knowledge of docker required. The repository contains a variety of vulnerable...

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

Code injection

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

DEBIAN-CVE-2021-3348

nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after-free that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point during device setup, aka CID-b98e762e3d71...