sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
8bd708fbb486b85b031bb08e662afd5448d344673e3a2aa72538e4db159b5fedmoziloCMS version 2.0 suffers from a persistent cross site scripting vulnerability.
c9035982f243fb3b2495fc832cd4f4f9d0f52ecb916b2f830c439dad2cc7bb55Mara CMS version 7.5 suffers from a remote code execution vulnerability.
bd17fcbb1a0a8560277798e1fbefce8cdb9ff909935dd46e2591c18761156ad1This paper explains how the Nos-Santos-Izquierdo Field (NSIF) works, focusing in the similarities between the RSA problem, factorization, and the calculation decimal expansions.
aeab461b9276a048b8aba6a42be04a1de281069c3bc7e90a37323ed9d990f0ddKamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.
90b01227ec53c669668b75248613fb8d1d22b84fea63434c5f55b4a27dee1fe7Red Hat Security Advisory 2020-3598-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
d5ef4cb02fcbc523b9d881229a20fb9e9cf53d8d08316e62eac3878ae41ea5c7Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
67dc5c6ba3fbf2b09490124b6fc4334e806688dcf2bb5cf1dd12d730ec9c5baaRebar3 versions 3.0.0-beta.3 through 3.13.2 suffer from a command injection vulnerability.
ec2b41f1be4cf19047c4fa3acd9dd1f671c7454b455ba2e568edf51aebae1ffeSagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.
b749b45a358358330f8fd5f3cec1a2eb0a30872b9d8f5cd95aaf47010c1890efAs of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.
74b9f3889f450e046f3f29aa9d6575b5877a84afc22c532d82f65985d7a9c34cRed Hat Security Advisory 2020-3588-01 - LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Issues addressed include a buffer overflow vulnerability.
8b3ae7933846cb4d69b60bf086fb3a8599cfb74db5273079db91237e8d7d671fRed Hat Security Advisory 2020-3587-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include file disclosure and server-side request forgery vulnerabilities.
41f19cd9185d03707f92109bcb2f80ca40f69069eccfd5c39fd5308fff6e0fb0Ubuntu Security Notice 4481-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
752265c51278ff11568ea5a7302397673eca5d4a7c7f8964e28a3ef792b600d8Ubuntu Security Notice 4471-2 - USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
1017733bfb26f81e781ca1324961b481d36d10524492ccdb51984e779c99e588Ubuntu Security Notice 4480-1 - It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. Various other issues were also addressed.
3c08db6e10cf95d2fc1612319b52e834023d3ffc4661cd1510fa0ef8a2b277f3Ubuntu Security Notice 4479-1 - It was discovered that Django, when used with Python 3.7 or higher, incorrectly handled directory permissions. A local attacker could possibly use this issue to obtain sensitive information, or escalate permissions.
cc1c4d80f93f46f20a7f3297df2c7104e9449ead66db8c7aa2894720c5dc55c7Red Hat Security Advisory 2020-3586-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include information leakage and out of bounds read vulnerabilities.
ad8866f7fc0a2a7af79d106635c88771d2aeef777e5d61c1ab39bbbb10d358ebUbuntu Security Notice 4478-1 - It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information.
3005fbc73d2f33c3beb07eeea2aae787a8cd4846989b49ff0b6f25ba9b3ab8a0This archive contains all of the 128 exploits added to Packet Storm in August, 2020.
fc6a187c67bce9ab49a95c0bd50043a6b006fefc5d97c521e4c3172dd7afc14dSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
127207c6984fe08de44fe0116357860d11171e74709ebaac867590be553a5f53
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed