sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
b0f25a4ba27787ab55cc939969bcc7ddbe550558759859424be478e6363f8bc3
This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus (HPE) Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attacker to execute a custom binary with root privileges.
197967db244e27202009402db1e1d26c3d47f8f13b8233e38059fe7d6f165aa2
This archive contains all of the 170 exploits added to Packet Storm in October, 2019.
bd2d581d813158abc225eacce35210eeee1d84351b3fabaa41a98d371247ca63
eIDAS-Node versions 2.3 and below suffer from an authentication bypass vulnerability.
abcaa58e91fe819fa9249825cfac8238f70910ce571dbd8fc6495d4a244f7d5e
Red Hat Security Advisory 2019-3300-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
beb6b1d77b9bcf9f9ef10db39d78327f2328e4335e115b82bd7b15c5a0f34690
Red Hat Security Advisory 2019-3299-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and information leakage vulnerabilities.
3e6fa23a90586dc864b7d2f66f36956feb884ebbfb6236d5061b8a831b9c3da8
Apple Security Advisory 2019-10-29-3 - tvOS 13.2 is now available and addresses code execution and cross site scripting vulnerabilities.
4ef41a125e1134fb25e4d7d053ab82f1f36fdf8861accabc9ef3de58ca6e99b8
Apple Security Advisory 2019-10-29-11 - iOS 13.1 and iPadOS 13.1 address code execution and resource exhaustion vulnerabilities.
8fd4fdc818768a649f35b14f2540f768dff70a791a7006991a6b15ab8d2f96b0
Apple Security Advisory 2019-10-29-2 - macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra are now available and address code execution and denial of service vulnerabilities.
1208bac9afc5843ce93d2e878004b47aa3d3a9a09b26b4b5827df695939c9784
Apple Security Advisory 2019-10-29-10 - macOS Catalina 10.15 addresses buffer overflow, code execution, cross site scripting, denial of service, and resource exhaustion vulnerabilities.
b0db0d9f5babe0cc674768cef3438e5d2b4245d2a6fff643d9bfbb8d2906aa43
Apple Security Advisory 2019-10-29-4 - watchOS 6.1 is now available and addresses code execution and cross site scripting vulnerabilities.
ef63226321dc9e8f027cd7bf05ea7f965bf6738f5849630e48e69298553a9aa2
Apple Security Advisory 2019-10-29-8 - watchOS 6 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.
7546a27908a8b42cbb95ce794c075aca5e06ecd44858b288feef11c6f6001d4d
Apache Solr version 8.2.0 suffers from a remote code execution vulnerability.
6f9edda45d2543706780fab6083082539dc4760c48770c2975cc9bd5be303aad
Apple Security Advisory 2019-10-29-6 - iOS 13 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.
6bc6241d865e8182e203727089125bb1dadf31d53fe940fed6f99aeed26e66c1
Apple Security Advisory 2019-10-29-9 - tvOS 13 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.
a82bed00db21ac94cf46aa1e5f3703cdebb693121e81f9bcc1cf9eef11ddf80b
ownCloud version 10.3.0 Stable suffers from a cross site request forgery vulnerability.
c22b2a37ba5d1cb6b5858d7411c84b3b052ad0aa8deb6f83ddf846ab7d9d2e99
Apple Security Advisory 2019-10-29-5 - Safari 13.0.3 is now available and addresses code execution and cross site scripting vulnerabilities.
bc0c148d8672e38ab1fc185a7b3fc770e79798c8ac7073107e046726603b9e16
Apple Security Advisory 2019-10-29-1 - iOS 13.2 and iPadOS 13.2 are now available and address code execution and cross site scripting vulnerabilities.
ec225e25bb93744161a0d71146f8879d61334a1c21a94c2d57c5c5660aff43a4
Apple Security Advisory 2019-10-29-7 - Safari 13 addresses code execution and cross site scripting vulnerabilities.
03a2dfda164ab288722395efc4dacce0fb3068d01626f72fbff5275d82e59f8e
OpenVPN Private Tunnel version 2.8.4 suffers from an ovpnagent unquoted service path vulnerability.
601b759e7aa7665e1861a3a3970a92ae3c6a1cd2db186097845882044c1600b9
TheJshen contentManagementSystem version 1.04 suffers from a remote SQL injection vulnerability.
5270c61b1e0a21aaca05ae6bb267b3f5283614c2720994b35695c1a5dc55f4ae
Red Hat Security Advisory 2019-3297-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.5.0 serves as an update to Red Hat Process Automation Manager 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
482b49e13a101d713d5e44514944c4d9887eff8dd52e0581070afd49e0b6efaf
Red Hat Security Advisory 2019-3286-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
7304dc47b76c864680b043fc336ccda597671bf04477f555432ebebabf62b6e2
Red Hat Security Advisory 2019-3287-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An underflow issue was addressed.
f2c619fb3e7bb7d49ee0cc9dabfe17e54252f5e593fd2fe152d53a87081f5b36
Red Hat Security Advisory 2019-3292-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.5.0 serves as an update to Red Hat Decision Manager 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
e0caaf13aa781312edf2cfad999a61a2c76e5c4a9bf9bdd4050235eda030f6f1