exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-09-03

Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
Posted Sep 3, 2020
Authored by T. Weber | Site sec-consult.com

Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.

tags | exploit, shell, vulnerability, xss, csrf
advisories | CVE-2020-16204, CVE-2020-16206, CVE-2020-16208, CVE-2020-16210
SHA-256 | e25651886495730ba652afb5121baaf7e7f37336a3e296f81df774de5fa1a7b8
GNU Privacy Guard 2.2.23
Posted Sep 3, 2020
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Fixed AEAD preference list overflow. Fixed a possible segv in the key cleaning code. Various other updates and fixes.
tags | tool, encryption
SHA-256 | 10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c
Faraday 3.12
Posted Sep 3, 2020
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added agent and executor data to Activity Feed. Added session timeout configuration to server.ini configuration file. Added hostnames to already existing hosts when importing a report. Various other additions and fixes.
tags | tool, rootkit
systems | unix
SHA-256 | 3ef9e44fac1906a556cf29af0fd8811f4bdcae0f1c06591cdabaaf2648a9a3c2
Ubuntu Security Notice USN-4474-2
Posted Sep 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4474-2 - USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-15665, CVE-2020-15668
SHA-256 | 584112a39c0d75a49b8d4f20934eaf3084c31ce2908581ce5f37a18faf5e8871
Red Hat Security Advisory 2020-3626-01
Posted Sep 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3626-01 - Red Hat Data Grid is a distributed, in-memory datastore. This release of Red Hat Data Grid 8.1.0 replaces Red Hat Data Grid 8.0, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11612, CVE-2020-9488
SHA-256 | 637a3a27735c2ee5f9135aa2dd799bd97e2069af5df9dd68a49e84031a462ca7
Red Hat Security Advisory 2020-3623-01
Posted Sep 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3623-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-15810, CVE-2020-15811
SHA-256 | 354a925e6a668ec118e434a366b4c1593bf3c280b02cbf02cd6f9d5d1d303110
Red Hat Security Advisory 2020-3617-01
Posted Sep 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3617-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
SHA-256 | 3e7cf4227b43d701bce0f2c45f34690a4bc28657983ceb7b548761524b3dd143
Ubuntu Security Notice USN-4449-2
Posted Sep 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4449-2 - USN-4449-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Ryota Shiga working with Trend Micro

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-11936, CVE-2020-15701, CVE-2020-15702
SHA-256 | ffb793bfff3a1b4e66e77c6a248277ad735ccb9ec98a034dab9dd52fc0c58890
Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks
Posted Sep 3, 2020
Authored by Pietro Oliva

Noise-Java suffers from an issue located in the ChaChaPolyCipherState.encryptWithAd() method defined in ChaChaPolyCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.

tags | exploit, java
advisories | CVE-2020-25021
SHA-256 | f3994b64ff5442dca9b210aa3ea273c585602af6661380803b314457b75427d5
Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks
Posted Sep 3, 2020
Authored by Pietro Oliva

Noise-Java suffers from an issue located in the AESGCMFallbackCipherState.encryptWithAd() method defined in AESGCMFallbackCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.

tags | exploit, java
advisories | CVE-2020-25022
SHA-256 | 4e410b9fd9e7aa4bb4aa52ef1b488bee68cddf57081ac0029713f8e54a1eba53
Hyland OnBase Cross Site Request Forgery
Posted Sep 3, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
SHA-256 | b83e315aa3cdcb74476b6676b4b10d4f8fe0564ad863af190cc764e742051d47
Hyland OnBase Insufficient Logging
Posted Sep 3, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an insufficient logging vulnerability due to client-side enforcement.

tags | advisory
SHA-256 | e2e4ea911a0df0f9d26138b96ced126c65fbab9a191f866f72aaa2ebe7f277f3
SiteMagic CMS 4.4.2 Shell Upload
Posted Sep 3, 2020
Authored by V1n1v131r4

SiteMagic CMS version 4.4.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 52ab8d8d0f4bc273bb44e5ff8db49c6bda3e718093e522b514d74f09130db8ee
Nord VPN 6.31.13.0 Unquoted Service Path
Posted Sep 3, 2020
Authored by chipo

Nord VPN version 6.31.13.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | c9d19cc32d38b92b47d1cab674bfa4141e7f47c611b8f1c3d5637a6c626cbe98
Hyland OnBase SQL Injection
Posted Sep 3, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a multitude of remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | c0b7adf784ee96968a327fe89aa2b4c947205685d73dfef19a6b729e6c80f341
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close