exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2020-07-06

openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
SHA-256 | 942c0ce311ce709dd7c1790955789b1f88040cee422935d166bdf0e150147703
Mandos Encrypted File System Unattended Reboot Utility 1.8.12
Posted Jul 6, 2020
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 993c91ea03b2eecab50695a5fc31b4fb0991af53fe6736e3e45cd8bd255ed1d4
Sifter 7.8
Posted Jul 6, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Various updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
SHA-256 | e8e484a5973b3a86d0f5e9f00e728ee585979a72e846bdd2d4f13a5cc032d6ee
Red Hat Security Advisory 2020-2824-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
SHA-256 | 6c84acd38b40987a084c4304884a54a90d2f683f9b887fbe6a3b1f997b088baa
Red Hat Security Advisory 2020-2823-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
SHA-256 | e7842fbbcf3bae47b075a53a2a176c7fd73322cb94b6f298a861b649a712e938
Ubuntu Security Notice USN-4417-2
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4417-2 - USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-12402
SHA-256 | 8cc46dfd734fdf34a52d97e8b2f176253a381484125d0877cf205886992e0c63
Ubuntu Security Notice USN-4418-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4418-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15305
SHA-256 | ff848b0d4adb287d6946f1d2779e5a0b418a304a2e30908517e2d9796b99af2a
RSA IG+L Aveksa 7.1.1 Remote Code Execution
Posted Jul 6, 2020
Authored by Jakub Palaczynski, Lukasz Plonka

RSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.

tags | exploit, remote, code execution
advisories | CVE-2019-3759
SHA-256 | 16bc444575b590b35b69a5534bc7552c0f81d8f9daaa2cefa85554c9f8e4c8ce
VIPRE Password Vault 1.100.1090 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
systems | ios
advisories | CVE-2020-14981
SHA-256 | ad2b385769262f6b82c11eb32205aa58cc8946448f0a2abb7f3f31a2dd608b59
Sophos Secure Email Android Application 3.9.4 Man-In-The-Middle
Posted Jul 6, 2020
Authored by David Coomber

Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.

tags | advisory
advisories | CVE-2020-14980
SHA-256 | 564bf74464507abc31328cd13ce11650838cbcc6c851afff00c70b4726aa428c
Red Hat Security Advisory 2020-2789-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2789-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-9283
SHA-256 | 1c6ccb253794abb733d3e31d483f7d098517d3dbfc1b095f37484c46fa921578
Ubuntu Security Notice USN-4417-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4417-1 - Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-12402
SHA-256 | b07d3665f6e61dc3a025ddaae562a72a3dcc898d1de9424f2cdc5635f505f6b2
rauLink Software Domotica Web 2.0 SQL Injection
Posted Jul 6, 2020
Authored by LiquidWorm | Site zeroscience.mk

rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
SHA-256 | cbf3ed802e825293535183521f91de02e124c6d128407bab90d18f025301d703
Red Hat Security Advisory 2020-2825-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2825-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
SHA-256 | 387f9e5699e149616d1ef8a5e43e2834a6bb5e6f6664c74912f4c8d7f805e18e
Fire Web Server 0.1 Denial Of Service
Posted Jul 6, 2020
Authored by Saeed reza Zamanian

Fire Web Server version 0.1 remote denial of service proof of concept exploit.

tags | exploit, remote, web, denial of service, proof of concept
SHA-256 | f1c5f784404e86de0d149052c36a321e850e0a3f633de7e5dc821c983f309360
Red Hat Security Advisory 2020-2793-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2793-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-9283
SHA-256 | 84502dfeaf7db15db93c0789f14c26a6666025ac7ed55efbf4106f93bfbd7e18
Ubuntu Security Notice USN-4416-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4416-1 - Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12133, CVE-2017-18269, CVE-2018-11236, CVE-2018-11237, CVE-2018-19591, CVE-2018-6485, CVE-2019-19126, CVE-2019-9169, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752
SHA-256 | ad00074c48095e1094b2946c458fba7c26cd42996ac22eb17a94175a5a0b9a15
Nagios XI 5.6.12 Remote Code Execution
Posted Jul 6, 2020
Authored by Basim Alabdullah

Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.

tags | exploit, remote, php, code execution
SHA-256 | c8065ab61aa72b884d87befb918a614c7f8f98f327a9db383fbbd87f7aae2874
Red Hat Security Advisory 2020-2819-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2819-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10744
SHA-256 | da4450cf4e2bcbd352894ad1eff64d6fd639ded1098d6ed09525c7551fbd15ef
Ubuntu Security Notice USN-4415-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4415-1 - Felix Doerre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. Various other issues were also addressed.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-4067
SHA-256 | 321d1146672c0be1922e159ad05e21957107127cde0fb58973b870f004a8f676
Assembly "Wrapping": A Technique For Anti-Disassembly
Posted Jul 6, 2020
Authored by Andre Lima

Whitepaper called Assembly "Wrapping": A Technique for Anti-Disassembly.

tags | paper
SHA-256 | bcb4bfdb398a855f8452d150dbc37b847398d22915dd193c3a2e4236a1738ed1
Red Hat Security Advisory 2020-2790-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2790-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-9283
SHA-256 | 0eeb80c2dc144e4e3d5f99db187c534b626e68a34e5c09ca37fb3aa16b0dbba7
Red Hat Security Advisory 2020-2792-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2792-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379
SHA-256 | aebf3b0588993a60453d917fb1503f3720fd2b0796dae569921d987fd81d1bf4
Microsoft Windows MSHTA.EXE .HTA File XML Injection
Posted Jul 6, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.

tags | exploit, local
systems | windows
SHA-256 | c2f70b789eac66e7e0227b39147f2ee878460b9df5a5059f2aa17a51234cda97
Grafana 7.0.1 Denial Of Service
Posted Jul 6, 2020
Authored by mostwanted002

Grafana version 7.0.1 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2020-13379
SHA-256 | c2b33824f0c2688564f8f963b13b5ec71fc672bdd9957ef87ebc449f73ba2c64
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close