exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-09-21

nfstream 6.1.3
Posted Sep 21, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Added QUIC User-agent Identifier extraction. Minor CSV interface fix.
tags | tool, python
systems | unix
MD5 | dfc5202034aceb0c1fd29662b2a4315d
Ubuntu Security Notice USN-4524-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4524-1 - Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-18849
MD5 | a78e8f2a7370ccd4de7083c10e0fac3f
Ubuntu Security Notice USN-4523-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4523-1 - It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-9656
MD5 | a23b7d22d1b3ff45fcb73f73dbb1c7ba
Seat Reservation System 1.0 Shell Upload
Posted Sep 21, 2020
Authored by Rahul Ramkumar

Seat Reservation System version 1.0 suffers from an unauthenticated file upload vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, file upload
advisories | CVE-2020-25763
MD5 | f3302d01404a38c2cf0a759d35184237
Red Hat Security Advisory 2020-3780-01
Posted Sep 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3780-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14040
MD5 | ec4479c22be2c7c1ca2c5af978a5772a
Ubuntu Security Notice USN-4522-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4522-1 - It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting attacks.

tags | advisory, remote, web, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2017-18635
MD5 | 59a7e5a0c092d88cf983a64841479d13
Ubuntu Security Notice USN-4521-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4521-1 - It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-13881
MD5 | dda028d0b9bc6515369ca27ea7ce1c42
Mida eFramework 2.9.0 Backdoor Access
Posted Sep 21, 2020
Authored by elbae

Mida eFramework version 2.9.0 suffers from having a backdoor access vulnerability.

tags | exploit
advisories | CVE-2020-15921
MD5 | e8b7e0eb6e6ebba6c19edb679497ca26
BlackCat CMS 1.3.6 Cross Site Request Forgery
Posted Sep 21, 2020
Authored by Noth

BlackCat CMS version 1.3.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-25453
MD5 | 0d40c200edac875394952e0642ee20ab
Seat Reservation System 1.0 SQL Injection
Posted Sep 21, 2020
Authored by Augkim

Seat Reservation System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | eb79e8afb34549490ba1a7f72dac97f9
Online Shop Project 1.0 SQL Injection
Posted Sep 21, 2020
Authored by Augkim

Online Shop Project version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 872cf9ea3f6686dd3e593f402a74b82a
VyOS restricted-shell Escape / Privilege Escalation
Posted Sep 21, 2020
Authored by Brendan Coles, Rich Mirch | Site metasploit.com

This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell system shell intended for use by low privilege users with operator privileges. This module exploits a vulnerability in the telnet command to break out of the restricted shell, then uses sudo to exploit a command injection vulnerability in /opt/vyatta/bin/sudo-users/vyatta-show-lldp.pl to execute commands with root privileges. This module has been tested successfully on VyOS 1.1.8 amd64 and VyOS 1.0.0 i386.

tags | exploit, arbitrary, shell, root, vulnerability
advisories | CVE-2018-18556
MD5 | 3d5d65d5e0f254ce3c9343e508e95b9d
Ubuntu Security Notice USN-4520-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4520-1 - It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-19920
MD5 | bcae77b44bb6e85060eafc7da7bd23c7
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Posted Sep 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

B-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php script thru the rec_poza POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in the /usr/users directory. Due to an undocumented and hidden maintenance account admin_m which has the highest privileges in the application, an attacker can use these hard-coded credentials to authenticate and use the vulnerable image upload functionality to execute code on the server.

tags | exploit, arbitrary, php, code execution
MD5 | b8122e7dc5d8a3a0549b1366c4226983
ForensiTAppxService 2.2.0.4 Unquoted Service Path
Posted Sep 21, 2020
Authored by Burhanettin Ozgenc

ForensiTAppxService version 2.2.0.4 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | a5cdcad662a91575ab25729284923ad1
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close