exploit the possibilities
Showing 1 - 25 of 305 RSS Feed

Files Date: 2020-08-01 to 2020-08-31

MikroTik RouterOS Memory Corruption / NULL Pointer Dereference / Division By Zero
Posted Aug 30, 2020
Authored by Qian Chen

MikroTik RouterOS suffers from NULL pointer dereference, memory corruption and division by zero vulnerabilities.

tags | advisory, vulnerability
MD5 | 1e3a80eae94e4c7f171cb74762439c42
Visual Studio VSIX Installer Validation Issues
Posted Aug 29, 2020
Authored by SignPath | Site about.signpath.io

The VSIX Installer of Visual Studio allows for revival of expired code-signing certificates and modification of timestamps.

tags | advisory, bypass
MD5 | 0820db3baca073cc40bc281ba64f90f6
Online Book Store 1.0 SQL Injection
Posted Aug 29, 2020
Authored by Moaaz Taha

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 793a931976d0bc8ffd4af95e86e9f766
TP-Link WDR4300 Remote Code Execution
Posted Aug 28, 2020
Authored by Patrik Lantz

TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2017-13772
MD5 | 38390c706886084d27ba36ed81ec08cf
Gentoo Linux Security Advisory 202008-18
Posted Aug 28, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-18 - Multiple vulnerabilities have been found in X.org X11 library, the worst of which could result in the arbitrary execution of code. Versions less than 1.6.12 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14344, CVE-2020-14363
MD5 | d0ab1e41ff7ebed3a58b9501ce1fcea9
Symphony CMS 3.0.0 Cross Site Scripting
Posted Aug 28, 2020
Authored by SunCSR

Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 057fa5a8fd0169b62ab2a607007249aa
WordPress Autoptimize 2.7.6 Shell Upload
Posted Aug 28, 2020
Authored by SunCSR

WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 07265bbb9062f5d7ecf6fa2ea1b61683
Gentoo Linux Security Advisory 202008-17
Posted Aug 28, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in the arbitrary execution of code. Versions less than 5.0.9 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15047, CVE-2020-14147
MD5 | cbead2459b280eb6450f64a23bc18eb2
SUPERAntiSpyware Professional X Trial Privilege Escalation
Posted Aug 28, 2020
Authored by b1nary

SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 5be6a8fdf15bd591a4a30b92b4832891
Nagios Log Server 2.1.6 Cross Site Scripting
Posted Aug 28, 2020
Authored by Jinson Varghese Behanan

Nagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-16157
MD5 | cc19be03fa25a1355bcb37f808626ba0
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
Posted Aug 27, 2020
Authored by T. Weber | Site sec-consult.com

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.

tags | exploit, vulnerability
advisories | CVE-2019-3422
MD5 | 5fee15e2fe67f4a312641b206b87d209
Eikon Thomson Reuters 4.0.42144 File Permissions
Posted Aug 27, 2020
Authored by Khalil Bijjou | Site sec-consult.com

Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.

tags | exploit, code execution
advisories | CVE-2019-10679
MD5 | 6d91015a714754463b09047fbee74073
Ubuntu Security Notice USN-4477-1
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4477-1 - Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. RĂ©gis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
MD5 | 44c77ca040383d52dd8b135b79c2c848
Ubuntu Security Notice USN-4476-1
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4476-1 - It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-12403
MD5 | cea24f01d8bde28567ed3a511bb39e16
Red Hat Security Advisory 2020-3574-01
Posted Aug 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass and code execution vulnerabilities.

tags | advisory, web, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2020-10778, CVE-2020-10783, CVE-2020-14324, CVE-2020-14325
MD5 | bd03d4978fc69d3110e68b9684b0e2b9
Mida eFramework 2.9.0 Remote Code Execution
Posted Aug 27, 2020
Authored by elbae

Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-15920
MD5 | 8be781eaf06f1659e68f4efbe0b4df1b
ASX To MP3 Converter 3.1.3.7.2010.11.05 Buffer Overflow
Posted Aug 27, 2020
Authored by Paras Bhatia

ASX to MP3 Converter version 3.1.3.7.2010.11.05 .wax local buffer overflow proof of concept exploit with DEP and ASLR bypass.

tags | exploit, overflow, local, proof of concept
MD5 | b975aa6681a32ca65d9f4b200fd584c1
GNU Privacy Guard 2.2.22
Posted Aug 27, 2020
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Changed the default key algorithm to rsa3072. Added regular expression support for Trust Signatures on all platforms. Various other updates and fixes.
tags | tool, encryption
MD5 | 34594b2b90e23555145f07679c5c8d07
Ubuntu Security Notice USN-4475-1
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4475-1 - It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14367
MD5 | 14921cf609df424352817f166e5b905c
Ubuntu Security Notice USN-4446-2
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4446-2 - USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676
MD5 | 3ce54dac1a09ed855009027ca7b777d9
Gentoo Linux Security Advisory 202008-16
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-16 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.12.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15664, CVE-2020-15669
MD5 | d2d5fa8f239faecd411afea010b9d763
Gentoo Linux Security Advisory 202008-15
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-15 - A flaw in Docker allowed possible information leakage. Versions less than 19.03.12 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2020-13401
MD5 | ad76bcba9d38c6fbc310757dcab17135
Red Hat Security Advisory 2020-3541-01
Posted Aug 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16541, CVE-2020-13757, CVE-2020-1741, CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
MD5 | 0ecdeb89cf242d6818269471c5c3a3fd
Gentoo Linux Security Advisory 202008-14
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-14 - A vulnerability in Wireshark could lead to a Denial of Service condition. Versions less than 3.2.6 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2020-17498
MD5 | 1e5459042bd089d4d832228eae1cc37e
Gentoo Linux Security Advisory 202008-13
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-13 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in privilege escalation. Versions less than 9.5.23:9.5 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14349, CVE-2020-14350
MD5 | 6f214f2c2e8cff8f24516622f39f523b
Page 1 of 13
Back12345Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close