sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
268727dd92e1f9549422eb99459a1154Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
0d0a1918990afa2cbe664861b2ed5a5dGantt-Chart for Jira versions 5.5.4 and below suffer from a cross site scripting vulnerability.
94808b4b06f1ab53f6751d0a04456ee8Gantt-Chart for Jira versions 5.5.3 and below misses a privilege check which allows an attacker to read and write the module configuration for other users.
52b4993502b0e711055c769961f5bb65Red Hat Security Advisory 2020-3247-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. Issues addressed include code execution and cross site scripting vulnerabilities.
09627a046f1dd8dcfac3c537c3f54e08Red Hat Security Advisory 2020-3308-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
64720b7761a12fb3a4767798c78ae258Red Hat Security Advisory 2020-3306-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
caecac300e64d3b48adb292d24855b6fRed Hat Security Advisory 2020-3305-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
6e1799e37ce5f20ef4e6ad6d064b44c3Red Hat Security Advisory 2020-3303-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
c3f05082eb8212198cca368d8f048dc0Red Hat Security Advisory 2020-3302-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include an out of bounds read vulnerability.
bec548ef5732141a71773f0121b6cc60Red Hat Security Advisory 2020-3298-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a denial of service vulnerability.
1f9903312f31065b4efe8a3d1621d7e8Red Hat Security Advisory 2020-3299-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include an out of bounds read vulnerability.
562b0750f9213b43a805d057ccbccc7eRed Hat Security Advisory 2020-3297-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
dea081405f874171c184d5a14d17c67aUbuntu Security Notice 4298-2 - USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d1de1d9403a24bcb05ee45c057fd3d41c-ares version 1.16.0 has an issue where ares_destroy() with pending ares_getaddrinfo() leads to a use-after-free condition.
1464ba2a11ec60f5b9714b8e26693d59Mocha Telnet Lite for iOS version 4.2 denial of service proof of concept exploit.
07006fb34c3849a7f8b2583b33f722deDaily Expenses Management System version 1.0 suffers from a remote SQL injection vulnerability.
9e6e99fea6a5022fef764d130ffc1573RTSP for iOS version 1.0 denial of service proof of concept exploit.
9deb3c878023b0b278fe006ec1c53422Pi-hole version 4.3.2 authenticated remote code execution exploit.
c974a233e43e84e556dfc6ea373f51a4Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
1d51fc20c08bea73509e929eb29de8f1Car Rental Management System version 1.0 unauthenticated remote code execution exploit.
fc76a860fbf88ef19ed2574d10b76719Car Rental Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
f9dd370debecdf2355b932bd9b6d7518
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed