what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2020-09-22

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
Posted Sep 22, 2020
Authored by Redouane Niboucha, Max0x4141 | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system.

tags | exploit, remote, root, code execution
advisories | CVE-2020-17505, CVE-2020-17506
SHA-256 | 078f133f8a5eb45e3921bb8de3c7d640fa15b03306907ebf439e915e4be64e2a
Jenkins 2.56 CLI Deserialization / Code Execution
Posted Sep 22, 2020
Authored by Shelby Pace, SSD | Site metasploit.com

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.

tags | exploit, java, code execution
advisories | CVE-2017-1000353
SHA-256 | 3729c358cb302e4f78e19a3ad5a83bfe54ed6e185ea35041abb6038c065373da
OpenSSL Toolkit 1.1.1h
Posted Sep 22, 2020
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Certificates with explicit curve parameters are now disallowed in verification chains if the X509_V_FLAG_X509_STRICT flag is used. A few other updates as well.
tags | tool, encryption, protocol
systems | unix
SHA-256 | 5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9
Framer Preview 12 Content Injection
Posted Sep 22, 2020
Authored by Julien Ahrens | Site rcesecurity.com

Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the activity nor does it validate the given URL.

tags | advisory
advisories | CVE-2020-25203
SHA-256 | e54f0aa32e54c06b14955e19264b2f743bd0ebfed0a629f5cc6a8d1038c27426
Visitor Management System In PHP 1.0 Cross Site Scripting
Posted Sep 22, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2020-25761
SHA-256 | a2c9a67834ae7b5586ab0924c27409536188445292536240d0435a2a049b9826
Visitor Management System In PHP 1.0 SQL Injection
Posted Sep 22, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2020-25760
SHA-256 | ab71e9e2d73f91afd6433dee7ea244f66a2b959b00c6468e3921bccb4fff8517
Seat Reservation System 1.0 SQL Injection
Posted Sep 22, 2020
Authored by Rahul Ramkumar

Seat Reservation System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-25762
SHA-256 | cb1c652d4ae15d8448990bede6751ce07de7adb24b5262b41a248c1d481c164f
GoogleCloudPlatform OSConfig Privilege Escalation
Posted Sep 22, 2020
Authored by Imre Rad | Site github.com

Google's osconfig agent was vulnerable to local privilege escalation due to relying on a predictable path inside the /tmp directory. An unprivileged malicious process could abuse this flaw to win a race condition and take over the files managed by the high privileged agent process and thus execute arbitrary commands as the root user (full capabilities). Exploitation was possible only during an osconfig recipe being deployed.

tags | exploit, arbitrary, local, root
SHA-256 | 1cc92e5ebabd438a79296409a717f268826979019ed2cd8fa31fe695998e710e
Ubuntu Security Notice USN-4530-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.

tags | advisory, local, root
systems | linux, debian, ubuntu
advisories | CVE-2019-3467
SHA-256 | 1a7e92d97a7c1f613cf335722fd6cd7fd55d3095b3d4c383000f1cffd8a1ec21
Red Hat Security Advisory 2020-3810-01
Posted Sep 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3810-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1120
SHA-256 | c592335a6070d33fd9d693d07348a7b69a1daae7665d8fe47a78932f56c38be2
Ubuntu Security Notice USN-4531-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4531-1 - It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-1000500
SHA-256 | 70f1cf96b918f1bc0dfeb98060d8972adab7ffbc5d8ce11ec4520cf66fbd7054
Ubuntu Security Notice USN-4529-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4529-1 - It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow
systems | linux, ubuntu
advisories | CVE-2019-12211, CVE-2019-12213
SHA-256 | 517e21ba1bcf069a01673d3c7c360d3a1790df57efe1dd0f4d22496b08df865d
Ubuntu Security Notice USN-4528-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4528-1 - Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to perform an HTTP header injection attack. Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-10753, CVE-2020-12059, CVE-2020-1760
SHA-256 | 1f8ff8e5a19c6a860564579db5b280092ff21ca26f8f1cdd7b29616059e8da49
Red Hat Security Advisory 2020-3803-01
Posted Sep 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
SHA-256 | d6f38e216c1e79df65073c477e0b9f6950a67b9786832a4007ce8a159d249021
Red Hat Security Advisory 2020-3804-01
Posted Sep 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3804-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1120
SHA-256 | 90844f0cf711442a43c5aca4e826ffb0bd2a94bedeed4f1b0e81a1b1ab6217c7
Red Hat Security Advisory 2020-3783-01
Posted Sep 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3783-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14040
SHA-256 | 424d1b2c893b99ef926d3bdf4105791bc5744129dcfb09980ecb990214f480e9
Ubuntu Security Notice USN-4526-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4526-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-18808, CVE-2019-19054, CVE-2019-19061, CVE-2019-19067, CVE-2019-19073, CVE-2019-9445, CVE-2020-12888, CVE-2020-14356, CVE-2020-16166
SHA-256 | d6b7f712a559eed0e624ddf1f8561e5e7fec8f15c9791d5ccd1cf54257e0a7d1
Ubuntu Security Notice USN-4527-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4527-1 - It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-19054, CVE-2019-20811, CVE-2019-9445, CVE-2019-9453, CVE-2020-0067, CVE-2020-25212
SHA-256 | 2430b3c99e99151b0e6829325b42b1cab196a3854ee7fd01a6d240819db32636
Ubuntu Security Notice USN-4525-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4525-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-18808, CVE-2019-19054, CVE-2020-12888, CVE-2020-16166, CVE-2020-25212
SHA-256 | b66ee2d07baadb698741d0836d4e3ef0cf5a42260e045fa44b56a517a3e5389d
Flatpress Add Blog 1.0.3 Cross Site Scripting
Posted Sep 22, 2020
Authored by Alperen Ergel

Flatpress Add Blog version 1.0.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b05ba3a8a8edfeb2bc69bce1cc9b801363648b1c925575a4dffaf8545342a5f4
Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution
Posted Sep 22, 2020
Authored by Milad Fadavvi

Comodo Unified Threat Management Web Console version 2.7.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
advisories | CVE-2018-17431
SHA-256 | 9617889b3c5b47d64d52c894091ea3203bd6dca9735e04a1f9c006cf42fe2db7
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close