what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files Date: 2020-07-06

openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
MD5 | 07a638401a07dae3fe0cc15b5a196965
Mandos Encrypted File System Unattended Reboot Utility 1.8.12
Posted Jul 6, 2020
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 1dcf1f6b7712852fbd463df5241736b6
Sifter 7.8
Posted Jul 6, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Various updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | e949cb34e77af181abdfa0f99f1bbf41
Red Hat Security Advisory 2020-2824-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
MD5 | 04a7cdccc509e40d553224fbc5d269e9
Red Hat Security Advisory 2020-2823-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | 2fdf47cd71242eae7e056c3735e53336
Ubuntu Security Notice USN-4417-2
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4417-2 - USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-12402
MD5 | 6beff0f6338dd54f6fb90b69d9a0df10
Ubuntu Security Notice USN-4418-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4418-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15305
MD5 | 5d0c63ae06263e9ba6a5f62e7a671b92
RSA IG+L Aveksa 7.1.1 Remote Code Execution
Posted Jul 6, 2020
Authored by Jakub Palaczynski, Lukasz Plonka

RSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.

tags | exploit, remote, code execution
advisories | CVE-2019-3759
MD5 | 7f8a7faeaf6a30052a2f2e03d4e71999
VIPRE Password Vault 1.100.1090 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
systems | ios
advisories | CVE-2020-14981
MD5 | 82d37852c91e2ee7b39bd7164fcdcea8
Sophos Secure Email Android Application 3.9.4 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
advisories | CVE-2020-14980
MD5 | 0af4af6cc034077229b0fc5e55b878d0
Red Hat Security Advisory 2020-2789-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2789-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-9283
MD5 | 81a1bfe33e453b7550fc9feb09fc88b4
Ubuntu Security Notice USN-4417-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4417-1 - Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-12402
MD5 | e9274f982c4cc0c30bfbf3a764a56313
rauLink Software Domotica Web 2.0 SQL Injection
Posted Jul 6, 2020
Authored by LiquidWorm | Site zeroscience.mk

rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
MD5 | 2e87055a57f33f9b29edeaf78101e3e4
Red Hat Security Advisory 2020-2825-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2825-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
MD5 | 4dacbdd82dac1d8f815059abe37f4899
Fire Web Server 0.1 Denial Of Service
Posted Jul 6, 2020
Authored by Saeed reza Zamanian

Fire Web Server version 0.1 remote denial of service proof of concept exploit.

tags | exploit, remote, web, denial of service, proof of concept
MD5 | cf922f7b9acdf5e4a7459a6f7875b4dc
Red Hat Security Advisory 2020-2793-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2793-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-9283
MD5 | f610637cab987dce2b3dabcaa2af890b
Ubuntu Security Notice USN-4416-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4416-1 - Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12133, CVE-2017-18269, CVE-2018-11236, CVE-2018-11237, CVE-2018-19591, CVE-2018-6485, CVE-2019-19126, CVE-2019-9169, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752
MD5 | 975e041e3d37f449a833dd5fe6546f60
Nagios XI 5.6.12 Remote Code Execution
Posted Jul 6, 2020
Authored by Basim Alabdullah

Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.

tags | exploit, remote, php, code execution
MD5 | 31691ce3c81c37946e036a7240a1b83f
Red Hat Security Advisory 2020-2819-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2819-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10744
MD5 | d9454eedd50c4772984258dc5beb8b94
Ubuntu Security Notice USN-4415-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4415-1 - Felix Doerre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. Various other issues were also addressed.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-4067
MD5 | 11f9ee05e1860d5ec55b80a92f75d1b8
Assembly "Wrapping": A Technique For Anti-Disassembly
Posted Jul 6, 2020
Authored by Andre Lima

Whitepaper called Assembly "Wrapping": A Technique for Anti-Disassembly.

tags | paper
MD5 | 47e084698e68187ea5222a31c0d9a875
Red Hat Security Advisory 2020-2790-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2790-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-9283
MD5 | 7d7433ab81392d8ee2a3b1f29098b275
Red Hat Security Advisory 2020-2792-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2792-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379
MD5 | d5553c3c530f3a9fa60b585f4bb3649b
Microsoft Windows MSHTA.EXE .HTA File XML Injection
Posted Jul 6, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.

tags | exploit, local
systems | windows
MD5 | 3d485c03f4489132e6fd1b36a2775fe9
Grafana 7.0.1 Denial Of Service
Posted Jul 6, 2020
Authored by mostwanted002

Grafana version 7.0.1 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2020-13379
MD5 | 33392e953ed4c0751cbb690ba0307eb9
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    3 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close