exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2020-06-18

Agent Tesla Panel Remote Code Execution
Posted Jun 18, 2020
Authored by Ege Balci, mekhalleh, gwillcox-r7 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as user running the web server. Agent Tesla panels released on or after this date can still be exploited however, provided that attackers have valid credentials for the Agent Tesla control panel. Note that this module presently only fully supports Windows hosts running Agent Tesla on the WAMP stack. Support for Linux may be added in a future update, but could not be confirmed during testing.

tags | exploit, remote, web, php, code execution, sql injection
systems | linux, windows
SHA-256 | 642ae2da08c3ed900b9c3760d13a2d1c0fb0e0de2dd1b41ae42a606c6a1d18a4
Red Hat Security Advisory 2020-2479-01
Posted Jun 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2479-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Issues addressed include bypass, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-18367, CVE-2019-11254, CVE-2020-8555
SHA-256 | 23458cd48178a8159bfb19bcf64236f01ddea203375d126505b85dbb0c1d9856
Lynis Auditing Tool 3.0.0
Posted Jun 18, 2020
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This is a major release of Lynis and includes several big changes, including addressed two security issues.
tags | tool, scanner
systems | unix
advisories | CVE-2019-13033, CVE-2020-13882
SHA-256 | 3cc165f9007ba41de6d0b693a1167dbaf0179085f9506dcba64b4b8e37e1bda2
Haveged 1.9.12
Posted Jun 18, 2020
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: Fixed a memory leak in havege_destroy.
tags | tool
systems | linux, unix
SHA-256 | 0b8642515ea7189a1772cdb8072b98a6768cf9b963faf3cd664329fd79975ffa
Ubuntu Security Notice USN-4399-1
Posted Jun 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4399-1 - It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. It was discovered that Bind incorrectly handled certain asterisk characters in zone files. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-8618, CVE-2020-8619
SHA-256 | 6b8a0598afd7e0de323d915de70a0d215f77552ebee8cfea770c8cfd75fd98ca
Red Hat Security Advisory 2020-2478-01
Posted Jun 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2478-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2019-10392, CVE-2019-16538, CVE-2020-2109, CVE-2020-2110, CVE-2020-2111, CVE-2020-2134, CVE-2020-2135, CVE-2020-2136
SHA-256 | f6b30f9a898c6f50aa4c280f90fa2d946eadbd8c1685d8afb8fa5083de5a2227
Cayin xPost 2.5 SQL Injection / Remote Code Execution
Posted Jun 18, 2020
Authored by LiquidWorm, h00die | Site metasploit.com

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfinder_meeting_input.jsp file's wayfinder_seqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and therefore the default settings should work. Results in SYSTEM level access. Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads seem to be valid.

tags | exploit, java, remote, sql injection
advisories | CVE-2020-7356
SHA-256 | 946a83a6a866b8857742cf272ba769a429c18cb24272e4ace13ff969e616262f
Gila CMS 1.1.18.1 SQL Injection / Shell Upload
Posted Jun 18, 2020
Authored by th3d1gger, Carlos Ramirez L | Site metasploit.com

This Metasploit module exploits a remote SQL injection vulnerability in the "query" parameter found on Gila CMS version 1.1.18.1.

tags | exploit, remote, sql injection
advisories | CVE-2020-5515
SHA-256 | 67d47acf6c51ced0b686d0152f6b884da8154b3ba0451ec2e3dcf58ecf577ae2
Cayin CMS NTP Server 11.0 Remote Code Execution
Posted Jun 18, 2020
Authored by LiquidWorm, h00die | Site metasploit.com

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin CMS-SE is built for Ubuntu 16.04 (20.04 failed to install correctly), so the environment should be pretty set and not dynamic between targets. Results in root level access.

tags | exploit, remote, cgi, root, code execution
systems | linux, ubuntu
advisories | CVE-2020-7357
SHA-256 | f7b153a94b13dd779b71e768fae7fc55f56194a7216851fdcf2cba9757607215
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
Posted Jun 18, 2020
Authored by Raif Berkay Dincel

OpenCTI version 3.3.1 suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 89a8f8509d6cb8102d1c1d3f603a62eedb2bc3a7f07ccb924b9fbbba6c75a556
Code Blocks 17.12 Local Buffer Overflow
Posted Jun 18, 2020
Authored by Paras Bhatia

Code Blocks version 17.12 File Name SEH unicode local buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | c1dae29c4709263a913afe83978e44898f719a4880434a72a380b79d2300d6e6
College-Management-System-Php 1.0 SQL Injection
Posted Jun 18, 2020
Authored by BLAY ABU SAFIAN

College-Management-System-Php version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
SHA-256 | cbf4c86af333a96542bd6c2fc1cc82371caf76e7c8a75a8f39f7141ab4442797
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close