exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-09-07

Hyland OnBase Log Injection
Posted Sep 7, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from log injection vulnerabilities.

tags | advisory, vulnerability
SHA-256 | a48e63cf7f4fd470753b57ad80a193df8afba0c05a5bd54b3d1d491b9d27386c
macOS cfprefsd Arbitrary File Write / Local Privilege Escalation
Posted Sep 7, 2020
Authored by timwr, Insu Yun, Taesoo Kim, Jungwon Lim, Yonghwi Jin | Site metasploit.com

This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login a user can then login as root with the login root command without a password.

tags | exploit, arbitrary, root
advisories | CVE-2020-9839
SHA-256 | 931484ae445d7eeffdc56096c8dbc47f24916e5073c7902aafc42973e228e845
Red Hat Security Advisory 2020-3642-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3642-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
SHA-256 | b38946a623b5520f37ff7a35588a50179075703c8d39fdf65c702a0459485b6b
Red Hat Security Advisory 2020-3638-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3638-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
SHA-256 | d3ba29bedcfb9bcac7f28a2f10606474560b6de9dd8934c538d5ce2e42ae1802
Red Hat Security Advisory 2020-3637-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3637-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
SHA-256 | c8520f1454bdf92859dac7d1f1ebce269533a37e61e2c44904d7bbde6c038d30
Red Hat Security Advisory 2020-3639-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3639-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
SHA-256 | ea21216679a7a8c8610d283dead99fe6351f679ca2310268170ed188c7b09532
Gentoo Linux Security Advisory 202009-02
Posted Sep 7, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202009-2 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.11.3 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
SHA-256 | a8406344c7b252401291699045d45ef5f15fde228e7644af31cac3f16f9741c0
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Posted Sep 7, 2020
Authored by Angelo D'Amato | Site zeroscience.mk

Rapid7 Nexpose Installer version 6.6.39 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 356d8c73a8db71d5e7994c72f64ae3892b1f75a01f48caa28edaeaf7bd363757
Red Hat Security Advisory 2020-3634-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3634-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15664, CVE-2020-15669
SHA-256 | cac193252b615e7dbfcb5d9b1bfb7a0a8bf41d6b9de911407ec854984e33cde7
Red Hat Security Advisory 2020-3632-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3632-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15664, CVE-2020-15669
SHA-256 | c97b0206f14987060f943a239d4d67affa7009f84b1b9bc3ea7f5e04dc24e75f
Grocy 2.7.1 Cross Site Scripting
Posted Sep 7, 2020
Authored by Mufaddal Masalawala

Grocy version 2.7.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 494038f46cda16cb6b551f44883e02a48297f05f73ff92a9b15c0660b8b4c326
Red Hat Security Advisory 2020-3633-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3633-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15664, CVE-2020-15669
SHA-256 | 4e456c316c38bc5899e8df479456cf1596e29d99eabe2a8b3572c41dea6fd29e
Red Hat Security Advisory 2020-3631-01
Posted Sep 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3631-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15664, CVE-2020-15669
SHA-256 | fa045db7161cfa8e8ac0da6cdda878ae303bb00ffc163738eca2db56643e9196
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
Posted Sep 7, 2020
Authored by thelastvvv

Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2020-23972
SHA-256 | 4563c49b5f140d4c97097c0714861f19d0ef0655690b42573600db44b51a3c2a
Cabot 0.11.12 Cross Site Scripting
Posted Sep 7, 2020
Authored by Abhiram V

Cabot version 0.11.12 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b48bcc95a0fa44e864eba57231f2d1b1d8bda5a46716c0cac0690f14dd4623bf
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close