what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-08-06

Docker Privileged Container Escape
Posted Aug 6, 2020
Authored by stealthcopter | Site metasploit.com

This Metasploit module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against any container started with the following flags: --cap-add=SYS_ADMIN, --privileged.

tags | exploit, root
systems | linux
MD5 | 1119f42290936fb48ebeebd091ecf88d
Ubuntu Security Notice USN-4451-2
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4451-2 - USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-15704
MD5 | e87d8f20499aa2e18c7cd3040c62a44f
Red Hat Security Advisory 2020-3358-01
Posted Aug 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss, ruby
systems | linux, redhat
advisories | CVE-2020-10777, CVE-2020-10778, CVE-2020-10779, CVE-2020-10780, CVE-2020-10783, CVE-2020-14296, CVE-2020-14324, CVE-2020-14325
MD5 | dbaeedb15bc59ebaac47e32fb56252f6
Red Hat Security Advisory 2020-3345-01
Posted Aug 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3345-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | 59cd78d7b6e9b4402cb455e1047b5f7b
Red Hat Security Advisory 2020-3344-01
Posted Aug 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3344-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | c395f112193982c8ee9c2c427c184ea8
Red Hat Security Advisory 2020-3341-01
Posted Aug 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3341-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | eb4dfc7f3d6039c96d14a044d3b48385
Red Hat Security Advisory 2020-3342-01
Posted Aug 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | 6daff0fe461a4358316d8b25e1c182ca
Red Hat Security Advisory 2020-3343-01
Posted Aug 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | 8fd68b6ae62ee1a7b5b913892ebfc299
Ubuntu Security Notice USN-4453-1
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4453-1 - Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals method. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14556, CVE-2020-14577, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | a0c890f204d84cac8ed235ff33fa9d9a
Victor CMS 1.0 SQL Injection
Posted Aug 6, 2020
Authored by Edo Maland

Victor CMS version 1.0 suffers from a search remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to BKpatron.

tags | exploit, remote, sql injection
MD5 | 68049baf49f74824b0b93ea4e1fc7670
Online Shopping Alphaware 1.0 Unauthorized Administrative Access
Posted Aug 6, 2020
Authored by Edo Maland

Online Shopping Alphaware version 1.0 suffers from an unauthorized administrative functionality access vulnerability.

tags | exploit, bypass
MD5 | 4c97b6fd4c8e3b8fd6c9fa3b7d34d160
Online Shopping Alphaware 1.0 Arbitrary File Upload
Posted Aug 6, 2020
Authored by Edo Maland

Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ac99c740e91732de1ca528611dc05ba5
Online Shopping Alphaware 1.0 Cross Site Request Forgery
Posted Aug 6, 2020
Authored by Edo Maland

Online Shopping Alphaware version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 0e473b277cc5006c19c5c1b0cd4d436f
Daily Expenses Management System 1.0 SQL Injection
Posted Aug 6, 2020
Authored by Edo Maland

Daily Expenses Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Daniel Ortiz.

tags | exploit, remote, vulnerability, sql injection
MD5 | 1e0fcc5209709de3fa6c0c22a21e0f65
Daily Expenses Management System 1.0 Cross SIte Request Forgery
Posted Aug 6, 2020
Authored by Edo Maland

Daily Expenses Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 0db14f4bbeaa206a86465fe712c6ac28
Daily Expenses Management System 1.0 Cross Site Scripting
Posted Aug 6, 2020
Authored by Edo Maland

Daily Expenses Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 08890c255b0d743000d529bfb1a35746
Curfew e-Pass Management System 1.0 SQL Injection
Posted Aug 6, 2020
Authored by Mucahit Karadag

Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau.

tags | exploit, remote, vulnerability, sql injection
MD5 | a86ff9fc24a454605eb91b9a93042a64
QlikView 12.50.20000.0 Denial Of Service
Posted Aug 6, 2020
Authored by Luis Martinez

QlikView version 12.50.20000.0 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | cdd13e0571ec5dbf02014ba7a5e24f8e
ACTi NVR3 Standard / Professional Server 3.0.12.42 Denial Of Service
Posted Aug 6, 2020
Authored by MegaMagnus

ACTi NVR3 Standard or Professional Server version 3.0.12.42 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2020-15956
MD5 | ddafde4ec60b225d8fa65e4b783b45f6
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close