what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-03-05

Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
Posted Mar 5, 2020
Authored by David Jorm, Erik Wynter | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\\admin\\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/<payload>.jsp on the target in order to trigger the payload and obtain a shell.

tags | exploit, web, shell
systems | windows
advisories | CVE-2015-1830
SHA-256 | 962139239272b0ab745f8a302505e5c8a4403aa9a95316d97e92c5946f3bd92f
PHP-FPM 7.x Remote Code Execution
Posted Mar 5, 2020
Authored by cdelafuente-r7, neex | Site metasploit.com

This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.

tags | exploit, local, php, code execution
advisories | CVE-2019-11043
SHA-256 | b0bb267ae212db3146c03348b75e67574095c1e4c6cca10f25f575609f95bc2f
Google Chrome 72 / 73 Array.map Corruption
Posted Mar 5, 2020
Authored by timwr, Istvan Kurucsai, dmxcsnsbh | Site metasploit.com

This Metasploit module exploits an issue in Chrome version 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, arbitrary
advisories | CVE-2019-5825
SHA-256 | 52e7894b7c0f12d602e2b66b2ab86b9e0c4591cd171e7e1ab5ee86c354cbe687
Google Chrome 67 / 68 / 69 Object.create Type Confusion
Posted Mar 5, 2020
Authored by saelo, timwr | Site metasploit.com

This Metasploit modules exploits a type confusion in Google Chrome's JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work.

tags | exploit
advisories | CVE-2018-17463
SHA-256 | 5a38c9abffbaf08c049cb1b58519cd4edf1737251883302e32656d4b4f6eadc6
netkit-telnet 0.17 Remote Code Execution
Posted Mar 5, 2020
Authored by Ronald Huizer

netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.

tags | exploit, remote, code execution
systems | linux, fedora
SHA-256 | b3e199216f3edbb0703f308315218c7eff607145a1632bdb92a43e0891a62931
Red Hat Security Advisory 2020-0652-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-16276
SHA-256 | aa2fadd109c3d281cc60d74a44e35e56175108108cf9cc6b584692f10b934bc4
Red Hat Security Advisory 2020-0734-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0734-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-8659, CVE-2020-8660, CVE-2020-8661, CVE-2020-8664
SHA-256 | ef27cfff4723c426d2b2b5d577d6bec77d387f5c06510abd00b753b778487c26
Red Hat Security Advisory 2020-0731-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0731-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-1711
SHA-256 | 4bedc352e59f6c7c3d9af431d3c2f64ecbf7fe1ece1c9a201f306f2199000fd3
Red Hat Security Advisory 2020-0730-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0730-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11135, CVE-2020-1711
SHA-256 | 97719d3620325b820aca7c519b2a3ad307d48d09cd3e03f29b0daccf93f84efe
SQLMAP - Automatic SQL Injection Tool 1.4.3
Posted Mar 5, 2020
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Multiple updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | c895b8290cdcb3ac947ffccdda5f3da9726139e85204126fae883022acc79b5c
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation
Posted Mar 5, 2020
Authored by wvu, Qualys Security Advisory | Site metasploit.com

This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses.

tags | exploit, root
advisories | CVE-2020-8794
SHA-256 | eaae80dd2ec7c12121e43d82f332898ca6bf36eb080cf1316770e1ef1e93f2f0
Google Chrome 80 JSCreate Side-Effect Type Confusion
Posted Mar 5, 2020
Authored by Clement LECIGNE, timwr, Istvan Kurucsai, Vignesh S Rao | Site metasploit.com

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, shellcode
advisories | CVE-2020-6418
SHA-256 | a5ee5e57a9ca7e2030588e33fb91d4f11725ab4661382274202790f8a15b4fc7
Red Hat Security Advisory 2020-0726-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0726-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
SHA-256 | fe69aca682e06981b424172235b6a5a59085d438109e2b11884873642b00c606
Red Hat Security Advisory 2020-0729-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0729-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2015-9251, CVE-2019-14888, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335
SHA-256 | 691a4fce3f4a781fa103d043819a3b587563d809ca8c22a14aa50453ba9342d1
Red Hat Security Advisory 2020-0728-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0728-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.4 serves as a replacement for Red Hat Data Grid 7.3.3 and includes bug fixes and enhancements. An incorrect privilege issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14838
SHA-256 | 8379d81cdd991ef7fa5de32e165bbd222a9ab35b797949d06f7661402a1fb932
Red Hat Security Advisory 2020-0727-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0727-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include code execution, deserialization, and insecure handling vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14335, CVE-2019-10173, CVE-2019-10174, CVE-2019-10184, CVE-2019-10212, CVE-2019-14379, CVE-2019-3805, CVE-2019-3888, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518
SHA-256 | 13b6ad944fac107942bc777260ac04437c23735dc9546da3581b3ea6090c6b7c
Red Hat Security Advisory 2020-0720-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0720-01 - Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. HTTP request smuggling was addressed.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2019-16785, CVE-2019-16786, CVE-2019-16789
SHA-256 | 073ff936845e6edb0602084d9e603169e0a3bf734795afc24cfafdd36ab033e2
Red Hat Security Advisory 2020-0721-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0721-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. A failure to require client certificates was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-17134
SHA-256 | 2c07205d683caf4e3a0db587ef0d93c5f4fe6cc5c8aa31144418cb952294bc90
Fuzzing VIM
Posted Mar 5, 2020
Authored by Dhiraj Mishra

This is a brief whitepaper that discusses fuzzing the VIM editor.

tags | paper
SHA-256 | b961ee5f08adf14aeb3683b15f97a4a747d4d428142b2f7ac487d4c97fc8d786
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close