what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files Date: 2020-06-25

Inductive Automation Ignition Remote Code Execution
Posted Jun 25, 2020
Authored by Pedro Ribeiro, Radek Domanski | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).

tags | exploit, java, remote, root, code execution
systems | linux, windows
advisories | CVE-2020-10644, CVE-2020-12004
MD5 | de6af616d3b724854268bccfee1cf557
iOS / macOS Wifi Proximity Kernel Double-Free
Posted Jun 25, 2020
Authored by Google Security Research, ianbeer

iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3843, CVE-2020-9844
MD5 | cdd1c47241bd866a69b6c59cc0b23828
Red Hat Security Advisory 2020-2755-01
Posted Jun 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | 7bfc5e8b93e52968c5e4e2fc6a8a50bd
Online Student Enrollment System 1.0 Shell Upload
Posted Jun 25, 2020
Authored by BKpatron, th3d1gger | Site metasploit.com

This Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.

tags | exploit, shell, csrf
MD5 | 5b27f66c5ed24e68abd5443719b457a4
FHEM 6.0 Local File Inclusion
Posted Jun 25, 2020
Authored by Emre OVUNC

FHEM version 6.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 35ad551f0a301429cff04952d64edc5e
Exploit Command Injection Router Via Reverse Firmware Technique
Posted Jun 25, 2020
Authored by SunCSR

Whitepaper called Exploit Command Injection Router via reverse firmware technique.

tags | paper
MD5 | d656257a28af7647491580460f2f0396
Windows Print Spooler Privilege Escalation
Posted Jun 25, 2020
Authored by shubham0d | Site github.com

This is a proof of concept exploit that takes advantage of a privilege escalation vulnerability in the Windows Print Spooler.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2020-1048
MD5 | b2a9e1b168836f8697b5150dd024d2e8
ASUS Aura Sync 1.07.71 Privilege Escalation
Posted Jun 25, 2020
Authored by Connor McGarr, dhn | Site github.com

ASUS Aura Sync version 1.07.71 ene.sys privilege escalation kernel exploit.

tags | exploit, kernel
advisories | CVE-2019-17603
MD5 | dd506cd09fc47f7ec526c55db6959c62
Red Hat Security Advisory 2020-2751-01
Posted Jun 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2751-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.7.0 serves as a replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-5183, CVE-2020-10727, CVE-2020-11612, CVE-2020-1953
MD5 | e7cf75600cc9e34a1e784408790f3d3f
Cisco AnyConnect Path Traversal / Privilege Escalation
Posted Jun 25, 2020
Authored by Yorick Koster, Christophe de la Fuente, Antoine Goichot | Site metasploit.com

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).

tags | exploit, arbitrary, x86, local, tcp, code execution
systems | cisco, windows, 7
advisories | CVE-2020-3153
MD5 | 0ce466f922be78b19e5b1169c13ef711
NETGEAR R6700v3 Password Reset / Remote Code Execution
Posted Jun 25, 2020
Authored by Pedro Ribeiro, Radek Domanski | Site github.com

This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon (/usr/sbin/upnpd), running on NETGEAR R6700v3 router with firmware versions V1.0.4.82_10.0.57 and V1.0.4.84_10.0.58. It allows for an unauthenticated reset of the root password and then spawns a telnetd to remotely access the account.

tags | exploit, overflow, root
MD5 | 994306f3ed8a91beb01786f127028f55
BSA Radar 1.6.7234.24750 Cross Site Scripting
Posted Jun 25, 2020
Authored by William Summerhill

BSA Radar version 1.6.7234.24750 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-14943
MD5 | 1eedfc8836c2f1de85d089f91bf76b4f
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close