what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2020-06-05

Ubuntu Security Notice USN-4384-1
Posted Jun 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4384-1 - It was discovered that GnuTLS incorrectly handled session ticket encryption keys. A remote attacker could possibly use this issue to bypass authentication or recover sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-13777
SHA-256 | 492abbc577184d8e91af368a59566ed8ddd0e0406382a8c4734a76657eeb48e5
Red Hat Security Advisory 2020-2405-01
Posted Jun 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2405-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include an out of bounds write vulnerability.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2020-13398
SHA-256 | 03f48fd9588e6ed49fb7fbc6e30bb4d86fb083d409fceec90f266381ee03aa95
Red Hat Security Advisory 2020-2366-01
Posted Jun 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2366-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.12 serves as a replacement for Red Hat support for Spring Boot 2.1.6, and includes security and bug fixes and enhancements. Issues addressed include bypass, cross site request forgery, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2019-0199, CVE-2019-10199, CVE-2019-10201, CVE-2019-14832, CVE-2019-3868, CVE-2019-3875
SHA-256 | 354667e4cac1cdbe056ab77c3d622d7bb555695ab87c9226010ab61e85d7455b
Ubuntu Security Notice USN-4383-1
Posted Jun 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2020-12399, CVE-2020-12407, CVE-2020-12408, CVE-2020-12411
SHA-256 | 275aa1dbc98d8c1f1f63c59a5ec99a85629f398784fe354d12af97a619f77497
WinGate Insecure Permissions / Privilege Escalation
Posted Jun 5, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WinGate version suffers from an insecure permissions vulnerability that allows for privilege escalation.

tags | exploit
advisories | CVE-2020-13866
SHA-256 | 2b5dfe00be1334114c04e743db783c3a3f1ad2d5004db2216f1ead8c50be8631
Avaya IP Office 11 Insecure Transit / Password Disclosure
Posted Jun 5, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Avaya IP Office versions through 11 suffer from an insecure transit vulnerability that allows for password disclosure.

tags | exploit
advisories | CVE-2020-7030
SHA-256 | feed9ac59fa8c29769c827c9ab64c5533cc3930d33aaf789ed75c1605b9ace7e
Faraday 3.11.1
Posted Jun 5, 2020
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed missing shodan icon and invalid link in dashboard and hosts list. Upgraded marshmallow, webargs, werkzeug and flask-login dependencies to latest versions in order to make packaging for distros easier.
tags | tool, rootkit
systems | unix
SHA-256 | e2cf9a49c9ae692d8c3847655c69ef56c52f2136a398f92f3a079985f9b40312
Cisco UCS Director Cloupia Script Remote Code Execution
Posted Jun 5, 2020
Authored by mr_me, wvu | Site metasploit.com

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of

tags | exploit, arbitrary, root
systems | cisco
advisories | CVE-2020-3243, CVE-2020-3250
SHA-256 | e1a3270999313093f5713647237e1d7494e0c1bc022d9a26053bf23d8ac80fe3
Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure
Posted Jun 5, 2020
Authored by Aaron Bishop

Castel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure, csrf
advisories | CVE-2020-11679, CVE-2020-11680, CVE-2020-11681, CVE-2020-11682
SHA-256 | 479f4579b4b9aa4978606f0a9f84e9bbac7947654e1a57a9e42f9f18e0988c1b
Online Course Registration 1.0 SQL Injection
Posted Jun 5, 2020
Authored by BKpatron

Online Course Registration version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 089325e7bfc1c02f46a101209bf25fc841b972561e36c3fb3946dc33690310a3
Quick Player 1.3 Denial Of Service
Posted Jun 5, 2020
Authored by Felipe Winsnes

Quick Player version 1.3 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 286bf64e77c4c5d59437659d61217a58b6f0141b0cd1bb2bed028ef7c48a678e
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By