what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2020-06-04

Red Hat Security Advisory 2020-2407-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2407-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2020-13398
SHA-256 | e3ea8b46bb971bb187276b9cdff85462f0668f78030c102b3386dc8a72f7fb90
Red Hat Security Advisory 2020-2406-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2406-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2020-13398
SHA-256 | 3e44dcd5389cda942cd270183d524056b12cc78a773e9e1f3d29ea29736a4d80
WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted Jun 4, 2020
Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload
advisories | CVE-2020-12800
SHA-256 | d94c9f0362d25709f05afe545bc81aff8520f8eb38e83726bf24a2463da16a0a
WebLogic Server Deserialization Remote Code Execution
Posted Jun 4, 2020
Authored by Shelby Pace, Y4er, Quynh Le | Site metasploit.com

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.

tags | exploit, java, remote, arbitrary, code execution, protocol
advisories | CVE-2020-2883
SHA-256 | d85d76c6388cafa88aef4ce4d17b77d3a4f2d6383ddcb075ea187fa645df106e
Ubuntu Security Notice USN-4382-1
Posted Jun 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4382-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11042, CVE-2020-11049, CVE-2020-11523, CVE-2020-13397
SHA-256 | 4f115def6b91787851cd5c7dfa23961d619d487be7fdca2f5cde63cdb4c692f9
Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.

tags | exploit, arbitrary, sql injection
SHA-256 | 83113d8769abd0415eb42018b84a2962a1732ec8f7b88a0191d5f1ae278ac44d
VMWare vCloud Director 9.7.0.15498291 Remote Code Execution
Posted Jun 4, 2020
Authored by Tomas Melicher

VMWare vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f8ca6e31136d38818092e0ad39e95a75baa6dba1c482ec02257a02235562471f
Cayin Content Management Server 11.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.

tags | exploit, web, arbitrary, shell, cgi, root
SHA-256 | c6b2b08c6ef854d4b4ed8b7de843a0a934625c2672a6c6e51c51658ce8b989f8
Navigate CMS 2.8.7 Cross Site Request Forgery
Posted Jun 4, 2020
Authored by Gus Ralph

Navigate CMS version 2.8.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 8961bc4b73d4b971e3607195eec88ef23a82d04fa182498a545278923bf0f714
Cayin Signage Media Player 3.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

tags | exploit, web, arbitrary, shell, cgi, root
SHA-256 | 8227decab2e3303eb2fd3fd07c388f1eab6298ce3df14f3c461ac9bd2a02e376
Red Hat Security Advisory 2020-2404-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2404-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. Fetch limitation and logic errors were addressed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
SHA-256 | 47243a4457d50457d3883bf9f3e25b574afb32b07c68f75964e45b41139f98bb
NeonLMS Learning Management System PHP Laravel Script 4.6 XSS
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | a03fae941188a13b262247d193b72cb8c6020929d45d54b9d550247447b208d4
NeonLMS Learning Management System PHP Laravel Script 4.6 File Download
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, php, info disclosure
SHA-256 | b6fc64a5ae4e8a0ec2c9cdc1017fd4675419adad3fce5fe5f687cefd700382cb
Red Hat Security Advisory 2020-2367-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2367-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.13 serves as a replacement for Red Hat support for Spring Boot 2.1.12, and includes security and bug fixes and enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-14888, CVE-2020-1745, CVE-2020-1935, CVE-2020-1938
SHA-256 | 648d3e7e6b8b0230e170a363c66446ba991afc1894fe7567edce53d9d649b7f8
Ubuntu Security Notice USN-4381-2
Posted Jun 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4381-2 - USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-13254, CVE-2020-13596
SHA-256 | 6d6997c59d71b6a3d4224bd5191cc2032e0a291956e6c4109ab9ccdca617e0c6
Navigate CMS 2.8.7 Directory Traversal
Posted Jun 4, 2020
Authored by Gus Ralph

Navigate CMS version 2.8.7 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-13795
SHA-256 | 574f4aff0804ec6c6a6b6b7a761deacb09295697b33a4a7f345b0cbc98bceec8
Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.

tags | exploit, arbitrary, cgi, vulnerability
SHA-256 | 4449413e7a452a485083ac7846a6b076384afa328c5248552e7cc7c560e30d26
Online Marriage Registration System 1.0 Remote Code Execution
Posted Jun 4, 2020
Authored by Selim Enes Karaduman

Online Marriage Registration System version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 266854280602b87a3cbca870488d6972726cdf03e7425720743ce54fe99fb9fa
Secure Computing SnapGear Management Console SG560 3.1.5 CSRF
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b4767984fc103e8a156c2fd786f676e1d794f4e2922e08d9742526ae255d6244
D-Link DIR-615 T1 20.10 CAPTCHA Bypass
Posted Jun 4, 2020
Authored by Huzaifa Hussain

D-Link DIR-615 T1 version 20.10 suffers from a CAPTCHA bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2019-17525
SHA-256 | 927c998aba2229a5da7435240af1366b6fbea05d84f905742341817d7cb1ce24
Underconstructionpage Cross Site Scripting
Posted Jun 4, 2020
Authored by Atmon3r

Underconstructionpage versions prior to 3.75 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b5743771cfb84683c18f99ecbebf23513dd37292e3ee8d66de2169fbb1467772
Clinic Management System 1.0 Shell Upload
Posted Jun 4, 2020
Authored by BKpatron

Clinic Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 17550036bdef42a832b70180a2bb524a2ed1b45da3b1dbed9a484457ba51e913
Red Hat Security Advisory 2020-2381-01
Posted Jun 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2381-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-12405, CVE-2020-12406, CVE-2020-12410
SHA-256 | 79e687fd252f94cfa466d42dcce07c03c92efe390e508dd430c4a4d059a40dc2
Hostel Management System 2.0 SQL Injection
Posted Jun 4, 2020
Authored by Selim Enes Karaduman

Hostel Management System version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2ac0ab30dc8f4eee842eb9574e1bcb7352d29c0bd64b812b927bcacecb9ed6b4
Oriol Espinal CMS 1.0 SQL Injection
Posted Jun 4, 2020
Authored by TSAR

Oriol Espinal CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ded109beee0a7c61db52b22a191ac52791c2f84f052a265250a574302a0ef120
Page 1 of 2
Back12Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close