what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2020-08-21

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.

tags | exploit, arbitrary
SHA-256 | 21b41f43af648dca662d0ab37642578564bfab81368e243c65e5691dcaa6ebde
Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.

tags | exploit, remote, root
SHA-256 | 0d192381d844963ab4c8b3ddc8c524eb72ca395130b9ffd616038a9114703f4e
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.

tags | exploit, remote
SHA-256 | 3bf4ec39b2a0441671c1f3efdce8c8ed94b5e7df19f1cb7c73ed27a82277da18
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability.

tags | exploit
SHA-256 | a97197dcba6a888b4ff5eb9cf844c8008659f343aa9bc34666c47cbcd4a02cc4
Ubuntu Security Notice USN-4468-1
Posted Aug 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4468-1 - Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, tcp
systems | linux, ubuntu
advisories | CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
SHA-256 | e68968b54f06a09f60aaea3f86c5fd5e18688a0dc2013d6d8a0ac01245a43511
Microsoft Windows CmpDoReadTxRBigLogRecord Memory Corruption Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.

tags | exploit, registry
advisories | CVE-2020-1378
SHA-256 | 0ae399542cc10a8ccc557083deb691282149c87bc3ab0445c6922d410bec88ee
Microsoft Windows CmpDoReDoCreateKey Arbitrary Registry Key Creation Privilege Escalation
Posted Aug 21, 2020
Authored by James Forshaw, Google Security Research

The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.

tags | exploit, registry
advisories | CVE-2020-1377
SHA-256 | dc36265f20912463478c32c5203d3f4e619cc492c989532a060ccc10362e3045
Linux/x86 execve /bin/sh Shellcode
Posted Aug 21, 2020
Authored by cybersaki

10 bytes small Linux/x86 execve "/bin/sh" shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | d7b4184b5a7ea47ec13c322c758dac2ceed368f6f5dec7ace02c73c81a32bf49
Linux/x86 /dev/sda Partition Wiping Shellcode
Posted Aug 21, 2020
Authored by cybersaki

35 bytes small Linux/x86 /dev/sda wiping shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 88db311b901ed70f5965fb3a51e043676c4963a4c809de48bb783a32f6fc4239
Seowon SlC 130 Router Remote Code Execution
Posted Aug 21, 2020
Authored by Ali Jalalat

Seowon SlC 130 Router suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-17456
SHA-256 | 2c2caed94290b76cf2dcb160e2fa1928c1b317ff58fa6be49af50b2e9dfe1014
OX App Suite / OX Documents XSS / SSRF / Bypass
Posted Aug 21, 2020
Authored by Martin Heiland

OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected.

tags | exploit, vulnerability, xss, bypass
advisories | CVE-2020-12643, CVE-2020-12644, CVE-2020-12645, CVE-2020-12646, CVE-2020-8542
SHA-256 | 51edab0377b8fe0d44554f6f7f4760f83af8457588e97679c30c8d3bae31cdc2
SMB Enumeration / Exploitation / Hardening
Posted Aug 21, 2020
Authored by Anil Bas

Whitepaper called SMB Enumeration and Exploitation and Hardening.

tags | paper
SHA-256 | 32726ce3c42e32b00d48c74868e7cb991cba241ef1679b9c9a9348a6fb761f60
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close