exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-03-05

Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
Posted Mar 5, 2020
Authored by David Jorm, Erik Wynter | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\\admin\\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/<payload>.jsp on the target in order to trigger the payload and obtain a shell.

tags | exploit, web, shell
systems | windows
advisories | CVE-2015-1830
MD5 | d70509a7229f04053ab2e6c54f80f4a5
PHP-FPM 7.x Remote Code Execution
Posted Mar 5, 2020
Authored by cdelafuente-r7, neex | Site metasploit.com

This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.

tags | exploit, local, php, code execution
advisories | CVE-2019-11043
MD5 | bcbc7e0f55f9d8c8cc54d552dc319ffa
Google Chrome 72 / 73 Array.map Corruption
Posted Mar 5, 2020
Authored by timwr, Istvan Kurucsai, dmxcsnsbh | Site metasploit.com

This Metasploit module exploits an issue in Chrome version 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, arbitrary
advisories | CVE-2019-5825
MD5 | 2d254d561447d584fca1cf0562293577
Google Chrome 67 / 68 / 69 Object.create Type Confusion
Posted Mar 5, 2020
Authored by saelo, timwr | Site metasploit.com

This Metasploit modules exploits a type confusion in Google Chrome's JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work.

tags | exploit
advisories | CVE-2018-17463
MD5 | 2040ec95b119e742369ae8f7039cd437
netkit-telnet 0.17 Remote Code Execution
Posted Mar 5, 2020
Authored by Ronald Huizer

netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.

tags | exploit, remote, code execution
systems | linux, fedora
MD5 | 503ae749118ebb1b92bd9fc3e9b4caba
Red Hat Security Advisory 2020-0652-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-16276
MD5 | 5500d5cd55d62c2df3fd2f6e2022d801
Red Hat Security Advisory 2020-0734-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0734-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-8659, CVE-2020-8660, CVE-2020-8661, CVE-2020-8664
MD5 | 8455b2a551ac356e8e1bbaba953464a5
Red Hat Security Advisory 2020-0731-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0731-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-1711
MD5 | e0bfbb346da6804c34ceadf7acde259e
Red Hat Security Advisory 2020-0730-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0730-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An out-of-bounds heap access issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11135, CVE-2020-1711
MD5 | 57daf6779b74a19b4aa9de9d3feaa1a0
SQLMAP - Automatic SQL Injection Tool 1.4.3
Posted Mar 5, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Multiple updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 441532375d2cf56bdce09438da062dfd
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation
Posted Mar 5, 2020
Authored by wvu, Qualys Security Advisory | Site metasploit.com

This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses.

tags | exploit, root
advisories | CVE-2020-8794
MD5 | 229752794172ef51ce4a73f8eb7d3948
Google Chrome 80 JSCreate Side-Effect Type Confusion
Posted Mar 5, 2020
Authored by Clement LECIGNE, timwr, Istvan Kurucsai, Vignesh S Rao | Site metasploit.com

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, shellcode
advisories | CVE-2020-6418
MD5 | 2477d57f77b12b3980be7a18ed9dedf2
Red Hat Security Advisory 2020-0726-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0726-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
MD5 | 01356176772fe7cb0dc81fe448595fd2
Red Hat Security Advisory 2020-0729-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0729-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2015-9251, CVE-2019-14888, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335
MD5 | 60449c5fd2265e3d7c406380657f5b43
Red Hat Security Advisory 2020-0728-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0728-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.4 serves as a replacement for Red Hat Data Grid 7.3.3 and includes bug fixes and enhancements. An incorrect privilege issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14838
MD5 | 07a081fe889e18832e337f7cbe832abc
Red Hat Security Advisory 2020-0727-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0727-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include code execution, deserialization, and insecure handling vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14335, CVE-2019-10173, CVE-2019-10174, CVE-2019-10184, CVE-2019-10212, CVE-2019-14379, CVE-2019-3805, CVE-2019-3888, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518
MD5 | 9325793954ccb6340c11f2197e897260
Red Hat Security Advisory 2020-0720-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0720-01 - Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. HTTP request smuggling was addressed.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2019-16785, CVE-2019-16786, CVE-2019-16789
MD5 | 90adc25c769c4cb55504c7a2a2f038be
Red Hat Security Advisory 2020-0721-01
Posted Mar 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0721-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. A failure to require client certificates was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-17134
MD5 | a9f358d5433916ee6f6e3e7a27859bf8
Fuzzing VIM
Posted Mar 5, 2020
Authored by Dhiraj Mishra

This is a brief whitepaper that discusses fuzzing the VIM editor.

tags | paper
MD5 | cbf9769b6b0bca565ecb0c138d7549e2
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close