exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2022-02-04

CA Harvest Software Change Manager CSV Injection
Posted Feb 4, 2022
Authored by Ken Williams, Merten Nagel | Site www3.ca.com

CA Technologies is alerting customers to a vulnerability in CA Harvest Software Change Manager. A vulnerability exists that can allow a privileged user to perform CSV injection attacks and potentially execute arbitrary code or commands. Note that this vulnerability is specific to the Harvest Workbench and Eclipse Plugin interfaces. CA published solutions to address this vulnerability and recommends that all affected customers implement these solutions. The vulnerability occurs due to insufficient input validation. A privileged user can potentially execute arbitrary code or commands. Versions affected include 13.0.3, 13.0.4, 14.0.0, and 14.0.1.

tags | advisory, arbitrary
advisories | CVE-2022-22689
SHA-256 | a4714b8adbe4fb471da29bb68b71fdc00d58ffcb406ca48c29511036eec88952
Shopmetrics Mystery Shopping Software Broken Access Control / XSS
Posted Feb 4, 2022
Authored by A. Vodyasov, D. Zalmanov | Site sec-consult.com

Shopmetrics Mystery Shopping Software SaaS platform versions before v21-11 suffer from broken access control and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dce7572dd84dddedf1a258c769fb7857f6329fc1f4411e90d66f9c03dd2852c0
Voltage SecureMail Server Business Logic Bypass
Posted Feb 4, 2022
Authored by TING Meng Yean

Voltage SecureMail Server versions prior to 7.3.0.1 suffer from a business logic bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2021-38130
SHA-256 | b53c96eab5d8c151a79e3e19d8f33fb25b15aff01cf1c97bef66654ec56cf63d
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
Posted Feb 4, 2022
Authored by T. Weber | Site sec-consult.com

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504, CVE-2021-39280
SHA-256 | 5a25ab12344f226941a56dbd876e476339306b241e827b61d60cb9042131e4b4
WAGO 750-8xxx PLC Denial Of Service / User Enumeration
Posted Feb 4, 2022
Authored by Gerhard Hechenberger, Steffen Robertz | Site sec-consult.com

WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 (v03.08.08) suffer from denial of service and user enumeration vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2021-34593
SHA-256 | 3baa93a2d3f1b5ab0f4e0408fec68f1c11444bf8af50dc66f28f63e877786d44
Servisnet Tessa Privilege Escalation
Posted Feb 4, 2022
Authored by AkkuS | Site metasploit.com

This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to "/data-service/users/[userid]" with any low-authority user returns other users' information in response. The encrypted password information is included here, but privilege escalation is also possible with the active sessionid value.

tags | exploit
advisories | CVE-2022-22832
SHA-256 | 6e59726691f327427ec484da726b6a4c97e638187f4e7fb596cc5e0268c97f94
Ubuntu Security Notice USN-5264-1
Posted Feb 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5264-1 - It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2018-10196, CVE-2020-18032
SHA-256 | 7b2dda393f432d9f5478beaa0cf42bb994c1eda53dc76d28478cf882b2b62c0a
WBCE CMS 1.5.2 Remote Code Execution
Posted Feb 4, 2022
Authored by Antonio Cuomo

WBCE CMS version 1.5.2 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | ac470b209db9aac30a9ffc3a993d8a7bcead871e9c7d6ee1b377790410f82faf
Ubuntu Security Notice USN-5030-2
Posted Feb 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5030-2 - USN-5030-1 addressed vulnerabilities in Perl DBI module. This update provides the corresponding updates for Ubuntu 16.04 ESM. It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote, perl, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-10402, CVE-2020-14393
SHA-256 | 4156488823a7bad9ce607b22c08fb929d15f81dacd19585771c178426fe8c2b3
Ubuntu Security Notice USN-5262-1
Posted Feb 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5262-1 - The potential for an out of bounds write due to a missing bounds check was discovered to impact the sgdisk utility of GPT fdisk. Exploitation requires the use of a maliciously formatted storage device and could cause sgdisk to crash as well as possibly allow for local privilege escalation.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-0256
SHA-256 | 1c92f0b4395a72700fbde1d7c592c2034f2e570da69cefc8c07d3a1b759e787f
Red Hat Security Advisory 2022-0438-02
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0438-02 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is an update for JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to this updated package. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | e888ef973301222bcca915508c47e021df4b28b81f8500f1d89877fb8146ade6
Servisnet Tessa MQTT Credential Disclosure
Posted Feb 4, 2022
Authored by AkkuS | Site metasploit.com

This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code. The module tries to log in to the MQTT service with the credentials it has obtained and reflects the response it receives from the service.

tags | exploit, web, protocol, info disclosure
advisories | CVE-2022-22833
SHA-256 | a526a71a842e124933fbe29b7fe054817479987a1ba9b99072a7022c4655f1ae
Red Hat Security Advisory 2022-0435-03
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0435-03 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 44734862b4b2dc7a2b678aadd5ac73a4aa286f3f4631195f9ac969056346630c
Red Hat Security Advisory 2022-0439-02
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0439-02 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 93413ed5304ce12cc43413e6728add591a8155097ab9004ced779a538389eac2
Red Hat Security Advisory 2022-0437-03
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0437-03 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is an update for JBoss Enterprise Application Platform 6.4. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to this updated package. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 21624b3c4924b9cd81b30a87de939db6403e20ac0297e85e21bd0e0fef92f9c6
Servisnet Tessa Authentication Bypass
Posted Feb 4, 2022
Authored by AkkuS | Site metasploit.com

This Metasploit module exploits an authentication bypass in Servisnet Tessa, triggered by add new sysadmin user. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code.

tags | exploit, web, protocol
advisories | CVE-2022-22831
SHA-256 | 119c3c412df82f46d85f91b4ab7d2315fda2836a2057f29636ed9df61fe7a8bd
Red Hat Security Advisory 2022-0434-05
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0434-05 - This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a memory exhaustion vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-27645, CVE-2021-28153, CVE-2021-29923, CVE-2021-3200, CVE-2021-33560, CVE-2021-33574, CVE-2021-3445, CVE-2021-3580
SHA-256 | 14491b7281705745bd03aadc7664ab3c3eb0abe1d341718c8e9103905c3784c3
Red Hat Security Advisory 2022-0436-03
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0436-03 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 6c39fb6d7bac6a16f4f50bf4a5c79d6f9ba487bbfa01a6413a7f5dab7cc6658f
FLAME II MODEM USB Unquoted Service Path
Posted Feb 4, 2022
Authored by Ismael Nava

FLAME II MODEM USB suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 5b473186562a9fff5589d0662c67f1b610eb0a145eb6c989bd4c5e1ebe3ea59c
Red Hat Security Advisory 2022-0421-02
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0421-02 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-23959
SHA-256 | f7287028275ce71f50acbeffc646868d94dd1ec3b6e7b0720cebef5fc075da93
Red Hat Security Advisory 2022-0422-02
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0422-02 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-23959
SHA-256 | 32ba23bf1a08a19d24fd73d090eb46e3bb1f1290c4a66d05085179fda5ca5244
WordPress IP2Location Country Blocker 2.26.7 Cross Site Scripting
Posted Feb 4, 2022
Authored by Ahmet Serkan Ari

WordPress IP2Location Country Blocker plugin version 2.26.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c62903c5b3daed589c18b7a8a1dbb6b3549569d716f8b4a54c667b541deec3bc
Red Hat Security Advisory 2022-0431-06
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0431-06 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29923, CVE-2021-3712, CVE-2021-42574
SHA-256 | 141890ea599d78e3dc568216578cb9ae701e774ab80404ed6c5b2fea5b1c6afc
Red Hat Security Advisory 2022-0430-03
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0430-03 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.9 replaces Data Grid 7.3.8 and includes bug fixes and enhancements. Find out more about Data Grid 7.3.8 in the Release Notes [3]. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
SHA-256 | 6c69113af212e9a8637ce3e2de36cdaad1a71d9093dc3ebde6fe13ba7c601c0d
Red Hat Security Advisory 2022-0420-02
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0420-02 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-23959
SHA-256 | 5000583bd05166bcc5aa070d554b6c43343cf1c15b44aa9451c3c20e4ff3199e
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close