exploit the possibilities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2020-09-01

SQLMAP - Automatic SQL Injection Tool 1.4.9
Posted Sep 1, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | f79dac9b60f40ccdb4e1a05797b7cdc6
moziloCMS 2.0 Cross Site Scripting
Posted Sep 1, 2020
Authored by Abdulkadir Kaya

moziloCMS version 2.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | bff0264ef0e365ae654bd0dadaf5dc3d
Mara CMS 7.5 Remote Code Execution
Posted Sep 1, 2020
Authored by Michele Cisternino

Mara CMS version 7.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 01153c71819eaa4b8c162c658fe780ab
Nos-Santos-Izquierdo Field
Posted Sep 1, 2020
Authored by Pedro el Banquero, Francisco Blas Izquierdo, Enrique S, Vicent Nos Ripolles

This paper explains how the Nos-Santos-Izquierdo Field (NSIF) works, focusing in the similarities between the RSA problem, factorization, and the calculation decimal expansions.

tags | paper
MD5 | d79eed2672631e469adcfb58d853b01e
Kamailio 5.4.0 Header Smuggling
Posted Sep 1, 2020
Authored by Sandro Gauci | Site rtcsec.com

Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.

tags | exploit, bypass
MD5 | 105120a096c11895c654ec5a53e7893d
Red Hat Security Advisory 2020-3598-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3598-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-10757
MD5 | 0d3742eef33868d3f28a11d7624dba22
Red Hat Security Advisory 2020-3592-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
MD5 | 6866e5562af91fd7c2e0245ba478bbd0
Rebar3 3.13.2 Command Injection
Posted Sep 1, 2020
Authored by Alexey Pronin

Rebar3 versions 3.0.0-beta.3 through 3.13.2 suffer from a command injection vulnerability.

tags | exploit
advisories | CVE-2020-13802
MD5 | 8127fb63c3513575f8e1080b8847e3ce
Sagemcom F@ST 5280 Privilege Escalation
Posted Sep 1, 2020
Authored by Ryan Delaney

Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.

tags | exploit
advisories | CVE-2020-24034
MD5 | 2e29a279e3f0441a3a7d075a6b67e5ae
Bagisto Credential Disclosure
Posted Sep 1, 2020
Authored by devsecweb

As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.

tags | exploit, root, info disclosure
MD5 | 7fc061d5cf8581a756c5a61f9a15896f
Red Hat Security Advisory 2020-3588-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3588-01 - LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2017-18922
MD5 | 07df140530997268c9b25b94d0a08046
Red Hat Security Advisory 2020-3587-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3587-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include file disclosure and server-side request forgery vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10086, CVE-2019-9827, CVE-2020-11994
MD5 | f62bfd5513ca21b278192262f6d5fa72
Ubuntu Security Notice USN-4481-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4481-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11095, CVE-2020-11099, CVE-2020-4032
MD5 | 090b672f0d3e9db866a8396ad60db36c
Ubuntu Security Notice USN-4471-2
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4471-2 - USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-15861, CVE-2020-15862
MD5 | 2cc417ea47dd6dbe894197bffb7d3374
Ubuntu Security Notice USN-4480-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4480-1 - It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692
MD5 | ced71790f13db7d62bd8925fc39f9941
Ubuntu Security Notice USN-4479-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4479-1 - It was discovered that Django, when used with Python 3.7 or higher, incorrectly handled directory permissions. A local attacker could possibly use this issue to obtain sensitive information, or escalate permissions.

tags | advisory, local, python
systems | linux, ubuntu
advisories | CVE-2020-24583
MD5 | e5a717807762e4eeebb4af1aa894f99a
Red Hat Security Advisory 2020-3586-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3586-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include information leakage and out of bounds read vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10756, CVE-2020-14339
MD5 | 85cdb8a12983c50089207347db2993af
Ubuntu Security Notice USN-4478-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4478-1 - It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2020-13757
MD5 | 9638622054d5e92db4add776c8cc9632
Packet Storm New Exploits For August, 2020
Posted Sep 1, 2020
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 128 exploits added to Packet Storm in August, 2020.

tags | exploit
MD5 | 7fab10a74669db57a9421a328de6095e
Sifter 10
Posted Sep 1, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Script Execution fixes. Result viewing issues addressed. Properly creates Result directories where need be. Tool install fixes. Rearranged some tools within categories.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 66c88a57ab2fdc923291df1b13bcf592
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close