exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2020-08-13

Wireshark Analyzer 3.2.6
Posted Aug 13, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Multiple bug fixes including a dissector crash.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2020-17498
MD5 | f14ef8d73fa5f30b57fec51283e6b73e
vBulletin 5.x Remote Code Execution
Posted Aug 13, 2020
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.

tags | exploit, remote, php, code execution
systems | linux, ubuntu
advisories | CVE-2019-16759, CVE-2020-7373
MD5 | b60b0666592e30c6b174a6e6343f7c54
Microsoft Windows AppContainer Enterprise Authentication Capability Bypass
Posted Aug 13, 2020
Authored by James Forshaw, Google Security Research

On Microsoft Windows 10 1909, LSASS does not correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials.

tags | exploit
systems | windows
advisories | CVE-2020-1509
MD5 | a9c5a593a7fd8beb544d51baa38c1730
Ubuntu Security Notice USN-4458-1
Posted Aug 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4458-1 - Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-11984, CVE-2020-11993, CVE-2020-1927, CVE-2020-1934, CVE-2020-9490
MD5 | 7140a6d9fa7d076a14e596e4242f90fd
GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery
Posted Aug 13, 2020
Authored by Bobby Cooke, hyd3sec

GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | b7868197fa770b7cffbd822964b7f528
QiHang Media Web Digital Signage 3.0.9 Remote Code Execution
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a pre-authentication remote code execution vulnerability.

tags | exploit, remote, web, code execution
MD5 | 7c248458391a49820ad700528da5bdc1
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, web, arbitrary
MD5 | 4b229bf7159213f08c6c5c724d811ce5
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability.

tags | exploit, web, arbitrary
MD5 | 4ec2d17bffc03ecbcdff736a646ec399
QiHang Media Web Digital Signage 3.0.9 Credential Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.

tags | exploit, web
MD5 | a4df03562be6c4ac8f645486ee2b5b2d
QiHang Media Web Digital Signage 3.0.9 Password Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.

tags | exploit, remote, web
MD5 | 642489cbf934a4731b9a002f38dc0571
Car Rental Script Cross Site Scripting
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Car Rental Script from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.

tags | exploit, xss
MD5 | c54fadda84fad4b944f42258942bee49
Car Rental Script SQL Injection
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Car Rental Script from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.

tags | exploit, remote, sql injection
MD5 | 2e01a55b635c9bfb17fe3f6b96de3983
Online Book Store Cross Site Scripting
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Online Book Store from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.

tags | exploit, xss
MD5 | 59379692b0998d9478549f62ca32e52f
Online Book Store SQL Injection
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Online Book Store from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.

tags | exploit, remote, sql injection
MD5 | 757d48894e0ef8c8453eae8239ef8a41
Online Shopping System SQL Injection
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Online Shopping System from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.

tags | exploit, remote, sql injection
MD5 | 5cd6ea230e51b30015c5faaf9ec98179
vBulletin 5.6.2 Cross Site Scripting
Posted Aug 13, 2020
Authored by Vincent666 ibn Winnie | Site pentest-vincent.blogspot.com

vBulletin version 5.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1b6668ec0a558c0fd5cc39154cc3d71d
CMS Made Simple 2.2.14 Shell Upload
Posted Aug 13, 2020
Authored by Roel van Beurden

CMS Made Simple version 2.2.14 suffers from an authenticated shell upload vulnerability.

tags | exploit, shell
MD5 | c88d34ecd4d1716eecd2778aa52e4bd3
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close