sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
7bd7f6e25fa407c482356769f7f7ba0e
This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus (HPE) Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attacker to execute a custom binary with root privileges.
176176eb167f93f37396bef2dc4cc6a0
This archive contains all of the 170 exploits added to Packet Storm in October, 2019.
8a340f9c35ddb81632882ccfd2fab1dd
eIDAS-Node versions 2.3 and below suffer from an authentication bypass vulnerability.
65072a0c9c2296301838749bb045f471
Red Hat Security Advisory 2019-3300-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
ea89ba3e13dae1bcf3172b6046169d59
Red Hat Security Advisory 2019-3299-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and information leakage vulnerabilities.
0b3a743000a8d1ce9382590da63feba1
Apple Security Advisory 2019-10-29-3 - tvOS 13.2 is now available and addresses code execution and cross site scripting vulnerabilities.
409e1b4bbfece56a931ed6dda5a585f7
Apple Security Advisory 2019-10-29-11 - iOS 13.1 and iPadOS 13.1 address code execution and resource exhaustion vulnerabilities.
74560e2ec0a182f44a5fbc3f305fd141
Apple Security Advisory 2019-10-29-2 - macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra are now available and address code execution and denial of service vulnerabilities.
9a38fdcb0067e1455b3e5e2369b0afe8
Apple Security Advisory 2019-10-29-10 - macOS Catalina 10.15 addresses buffer overflow, code execution, cross site scripting, denial of service, and resource exhaustion vulnerabilities.
518f9e92c63508e719b53c82e5f17e67
Apple Security Advisory 2019-10-29-4 - watchOS 6.1 is now available and addresses code execution and cross site scripting vulnerabilities.
16d46a9008552ffd5aed03e5b33b7111
Apple Security Advisory 2019-10-29-8 - watchOS 6 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.
4f3ca39a9410b921b50a3449e7321ce6
Apache Solr version 8.2.0 suffers from a remote code execution vulnerability.
178538737f29c3953d6ee25a8ede0bc9
Apple Security Advisory 2019-10-29-6 - iOS 13 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.
31217f2b59e711140acc94a36bdcfddc
Apple Security Advisory 2019-10-29-9 - tvOS 13 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.
4c976214a058b43168361e333355b8c1
ownCloud version 10.3.0 Stable suffers from a cross site request forgery vulnerability.
c50590357ac359cdf9a8476bb5f7da9d
Apple Security Advisory 2019-10-29-5 - Safari 13.0.3 is now available and addresses code execution and cross site scripting vulnerabilities.
f49545b2ea44a8e739b76d721d1b536d
Apple Security Advisory 2019-10-29-1 - iOS 13.2 and iPadOS 13.2 are now available and address code execution and cross site scripting vulnerabilities.
24f4f16e2436b2a0d8c4428c5320e1aa
Apple Security Advisory 2019-10-29-7 - Safari 13 addresses code execution and cross site scripting vulnerabilities.
b8a854411133161eda404295b80e58bc
OpenVPN Private Tunnel version 2.8.4 suffers from an ovpnagent unquoted service path vulnerability.
04a62ff89d68a0968bef289b5a954cec
TheJshen contentManagementSystem version 1.04 suffers from a remote SQL injection vulnerability.
c3d5cc605298db70d11011d59c71fed3
Red Hat Security Advisory 2019-3297-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.5.0 serves as an update to Red Hat Process Automation Manager 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
8e812f0abc4be96b7e0d7b38b692675e
Red Hat Security Advisory 2019-3286-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
a411df94a49b4d272eceff9bbc0ef65d
Red Hat Security Advisory 2019-3287-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
6d6ec7c1a7537484209f9de4cb88fce8
Red Hat Security Advisory 2019-3292-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.5.0 serves as an update to Red Hat Decision Manager 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
8f6485ac2a3393fff6ebeea06cf75376