exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2020-09-28

Mida eFramework 2.8.9 Remote Code Execution
Posted Sep 28, 2020
Authored by elbae

Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-15922
SHA-256 | c8c3442a86453108afc78a8c318c4066965ecee2291d2821b49be30d0944428d
Joplin 1.0.245 Cross Site Scripting / Code Execution
Posted Sep 28, 2020
Authored by Ademar Nowasky Junior

Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution.

tags | exploit, remote, code execution, xss
advisories | CVE-2020-15930
SHA-256 | 31ca9b8599ce9c83932797054a4edb9d935327170c17b0b17e8f585827a0591e
Ubuntu Security Notice USN-4554-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4554-1 - It was discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-6673
SHA-256 | 6d5153e654756beff626ad2eb82d2e791ca48f621d8dfcfb3cc42c74a5783daf
Ubuntu Security Notice USN-4553-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4553-1 - It was discovered that Teeworlds server did not properly handler certain network traffic. A remote, unauthenticated attacker could use this vulnerability to cause Teeworlds server to crash.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-12066
SHA-256 | 7a11e879569425a13eec2e1f66923bcca40e224fecf7d9534d42ffdbc14b6970
Ubuntu Security Notice USN-4552-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4552-1 - Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-16729
SHA-256 | 15615425af77cbc41f0d9e94f0ad4a8524f300eabfc6621848fb8b81998123a7
Ubuntu Security Notice USN-4550-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4550-1 - Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host.

tags | advisory, denial of service, arbitrary, crypto
systems | linux, ubuntu
advisories | CVE-2020-14374, CVE-2020-14378
SHA-256 | d8af98378677f0c95696fed25979abbe5c17bc959e6fb291f1db9dd93bd3a233
Ubuntu Security Notice USN-4551-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4551-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
SHA-256 | 9e92ebd0c9f2c2349eaed8ad48b4f324787d866a46db0c2c35da9b6a79c5a38f
Ubuntu Security Notice USN-4547-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4547-1 - It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, info disclosure
systems | linux, ubuntu
advisories | CVE-2018-15127, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20749, CVE-2018-7225, CVE-2019-15681
SHA-256 | e4c50aa2b1573b7262150b8b4b002ebcb5cceb0ae668df08c6e6bc1f95f45750
Ubuntu Security Notice USN-4548-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4548-1 - It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8252
SHA-256 | d01405ec577f0b65154300bc1671139dba5d4bdca797c3c731f81314edda4412
Ubuntu Security Notice USN-4549-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4549-1 - It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-19948
SHA-256 | f991989eee76f3bc6a01074eab8c20a59c3449a03c65cbcbe08ec8104ca8604a
MSI Ambient Link Driver 1.0.0.8 Privilege Escalation
Posted Sep 28, 2020
Authored by Matteo Malvica

MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2020-17382
SHA-256 | d3812dcad998d0f840196864aac543b840cbaf34007890de731a2ca9e42a75b2
Debian Security Advisory 4758-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4758-1 - Several vulnerabilities have been discovered in the X.Org X server. Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges. In addition an ASLR bypass was fixed.

tags | advisory, local, root, vulnerability
systems | linux, debian
advisories | CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362
SHA-256 | f766d86a2ab873536eefe0870f0c90e55ca00d335094de674bfbccbfff6552d7
Debian Security Advisory 4759-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4759-1 - Fabian Vogt reported that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory.

tags | advisory
systems | linux, debian
advisories | CVE-2020-24654
SHA-256 | e952c13ded54efaf8d191ee6b8dbf6989ef4ccc147b6b43789a9e7bfcf70434d
Debian Security Advisory 4760-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4760-1 - Multiple security issues were discovered in QEMU, a fast processor emulator.

tags | advisory
systems | linux, debian
advisories | CVE-2020-12829, CVE-2020-14364, CVE-2020-15863, CVE-2020-16092
SHA-256 | 9ec9643bb7edebad1c8a64c425392f1a29bfedae27d77a06866086970cb042aa
Debian Security Advisory 4761-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4761-1 - It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled can take advantage of this flaw to cause a denial of service affecting authenticated and encrypted clients.

tags | advisory, remote, denial of service, kernel
systems | linux, debian
advisories | CVE-2020-15166
SHA-256 | 0b04a5aaab9ee659966e2bbeb22a5b3b23c2f888e4a32faf559460daca53aaa1
Debian Security Advisory 4762-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4762-1 - It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default.

tags | advisory, web
systems | linux, debian
advisories | CVE-2020-24660
SHA-256 | 1936fc20f1fce8c046e9a32b0cf72f8389efc42588b36d32567422da6ead95de
Debian Security Advisory 4763-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4763-1 - It was discovered that insufficient sanitising of received network packets in the game server of Teeworlds, an online multi-player platform 2D shooter, could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2020-12066
SHA-256 | 95fb2ad2601783836a3229eb10174e50ad7ea6799ce16534afb9523ff5a7bf41
Debian Security Advisory 4764-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4764-1 - Two security issues were discovered in the pgsql and mysql modules of the InspIRCd IRC daemon, which could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2019-20917, CVE-2020-25269
SHA-256 | 561ab7f18ae1176cc637ced0c4ea9aa5d1f0a0587d8bdb0b528160951dbe5e8c
Debian Security Advisory 4765-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4765-1 - Ervin Hegedues discovered that ModSecurity v3 enabled global regular expression matching which could result in denial of service. For additional information please refer to https://coreruleset.org/20200914/cve-2020-15598/

tags | advisory, web, denial of service
systems | linux, debian
advisories | CVE-2020-15598
SHA-256 | be3b055743eb57fe9c8abc5054dbd71e1eb1dafc84281ecf5a897604f777f6a0
Debian Security Advisory 4766-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4766-1 - Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits.

tags | advisory, web, code execution, xss, csrf
systems | linux, debian
advisories | CVE-2020-15169, CVE-2020-8162, CVE-2020-8164, CVE-2020-8165, CVE-2020-8166, CVE-2020-8167
SHA-256 | b1a73047f2774964fa668a2801d5455ae63d0a6ddd6e35a8004ce02881f79bf8
Debian Security Advisory 4767-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4767-1 - Multiple security issues were discovered in MediaWiki, a website engine existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2020-15005, CVE-2020-25812, CVE-2020-25813, CVE-2020-25814, CVE-2020-25815, CVE-2020-25827, CVE-2020-25828
SHA-256 | c8613614ee7c9f1ac6af0506b3a755746764aa0c99cca5c2deba55fe743bab14
Debian Security Advisory 4768-1
Posted Sep 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4768-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting or spoofing the origin of a download.

tags | advisory, web, arbitrary, spoof, xss
systems | linux, debian
advisories | CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678
SHA-256 | 37cc9917e4afee8359971d48c6af08486b830ce4c6dd2d0ba941a21bcc7b417a
Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call
Posted Sep 28, 2020
Authored by Imre Rad, bwatters-r7 | Site metasploit.com

This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours.

tags | exploit
advisories | CVE-2020-1313
SHA-256 | 3a60a69dcbeb7de997adcc7d739647b41b00df07ef99e3f346dd78c5b1f47616
MaraCMS 7.5 Remote Code Execution
Posted Sep 28, 2020
Authored by Erik Wynter, Michele Cisternino | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).

tags | exploit, web, arbitrary, shell, root, php, file upload
systems | linux, windows
advisories | CVE-2020-25042
SHA-256 | 46bcd0fb88548beb443fdf27155d8d4343ca495c9eb2a3289d06a46da4ac2b7b
OpenSSH 8.4p1
Posted Sep 28, 2020
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Future deprecations scoped and multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | 5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close