what you don't know can hurt you
Showing 1 - 25 of 29 RSS Feed

Files Date: 2020-06-04

Red Hat Security Advisory 2020-2407-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2407-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2020-13398
MD5 | 0bf8392cbe09e017c458f702b3e5039d
Red Hat Security Advisory 2020-2406-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2406-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2020-13398
MD5 | 9e7881be36352f4116f7c4ffaca69ac7
WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted Jun 4, 2020
Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload
advisories | CVE-2020-12800
MD5 | 8741d1320b67d5240a0da5c63f0f5065
WebLogic Server Deserialization Remote Code Execution
Posted Jun 4, 2020
Authored by Shelby Pace, Y4er, Quynh Le | Site metasploit.com

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.

tags | exploit, java, remote, arbitrary, code execution, protocol
advisories | CVE-2020-2883
MD5 | 70d9c90a8b31214d86ae1cb6e37b7167
Ubuntu Security Notice USN-4382-1
Posted Jun 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4382-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11042, CVE-2020-11049, CVE-2020-11523, CVE-2020-13397
MD5 | d66aa9aa039b0b13b0421f5b3b6dcb06
Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.

tags | exploit, arbitrary, sql injection
MD5 | d6686dcd290750e64871dcec7268adfc
VMWare vCloud Director 9.7.0.15498291 Remote Code Execution
Posted Jun 4, 2020
Authored by Tomas Melicher

VMWare vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 697658590aa5e4209d66313afcf6c893
Cayin Content Management Server 11.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.

tags | exploit, web, arbitrary, shell, cgi, root
MD5 | 2b40a82dbae2a46bd38664601734d373
Navigate CMS 2.8.7 Cross Site Request Forgery
Posted Jun 4, 2020
Authored by Gus Ralph

Navigate CMS version 2.8.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 70129b1732ee864fbabae6f9f394621e
Cayin Signage Media Player 3.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

tags | exploit, web, arbitrary, shell, cgi, root
MD5 | 9a04cbad2c7bcc1e00789b91f73a0061
Red Hat Security Advisory 2020-2404-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2404-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. Fetch limitation and logic errors were addressed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
MD5 | 731be848d6b8772086617406ef6c30c2
NeonLMS Learning Management System PHP Laravel Script 4.6 XSS
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 2e508022471e1a49271d4745b0b3e811
NeonLMS Learning Management System PHP Laravel Script 4.6 File Download
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, php, info disclosure
MD5 | e762859b96e7391cb7c4d0f1d5bc1371
Red Hat Security Advisory 2020-2367-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2367-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.13 serves as a replacement for Red Hat support for Spring Boot 2.1.12, and includes security and bug fixes and enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-14888, CVE-2020-1745, CVE-2020-1935, CVE-2020-1938
MD5 | 0bb1faf39aa0c667cf7478cb7feaf07c
Ubuntu Security Notice USN-4381-2
Posted Jun 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4381-2 - USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-13254, CVE-2020-13596
MD5 | c23631d7ff96cbf352c3c09ca0f5f6bc
Navigate CMS 2.8.7 Directory Traversal
Posted Jun 4, 2020
Authored by Gus Ralph

Navigate CMS version 2.8.7 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-13795
MD5 | e422428b73acd01b8faae4427b9bcb16
Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.

tags | exploit, arbitrary, cgi, vulnerability
MD5 | 71fd7f2810f3f64fb2be820cb487f7b5
Online Marriage Registration System 1.0 Remote Code Execution
Posted Jun 4, 2020
Authored by Selim Enes Karaduman

Online Marriage Registration System version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 30df76e6681b75d7099836e01dfd2aea
Secure Computing SnapGear Management Console SG560 3.1.5 CSRF
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 9068570c9d23605eb5c081c323c3b293
D-Link DIR-615 T1 20.10 CAPTCHA Bypass
Posted Jun 4, 2020
Authored by Huzaifa Hussain

D-Link DIR-615 T1 version 20.10 suffers from a CAPTCHA bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2019-17525
MD5 | 4a055172c5256e9335439777f8a4cffd
Underconstructionpage Cross Site Scripting
Posted Jun 4, 2020
Authored by Atmon3r

Underconstructionpage versions prior to 3.75 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | b288398557517cd440d97d8d83ddea66
Clinic Management System 1.0 Shell Upload
Posted Jun 4, 2020
Authored by BKpatron

Clinic Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | aef32468a77bdfeb84c28f99eb758777
Red Hat Security Advisory 2020-2381-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2381-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-12405, CVE-2020-12406, CVE-2020-12410
MD5 | 58588e5f563d089d297af73ed3d32081
Hostel Management System 2.0 SQL Injection
Posted Jun 4, 2020
Authored by Selim Enes Karaduman

Hostel Management System version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6283b938cc0817e4de2f7605525a64c5
Oriol Espinal CMS 1.0 SQL Injection
Posted Jun 4, 2020
Authored by TSAR

Oriol Espinal CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c02941f13b461b54c222a2bd074379bc
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close