what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files Date: 2020-09-28

Mida eFramework 2.8.9 Remote Code Execution
Posted Sep 28, 2020
Authored by elbae

Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-15922
MD5 | f225e35594bf7ff572af9b86a1394a6a
Joplin 1.0.245 Cross Site Scripting / Code Execution
Posted Sep 28, 2020
Authored by Ademar Nowasky Junior

Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution.

tags | exploit, remote, code execution, xss
advisories | CVE-2020-15930
MD5 | 00da71016d73cb06ead4d170f5e72d1c
Ubuntu Security Notice USN-4554-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4554-1 - It was discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-6673
MD5 | bfc4216986a760d149d77f8c6b30546b
Ubuntu Security Notice USN-4553-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4553-1 - It was discovered that Teeworlds server did not properly handler certain network traffic. A remote, unauthenticated attacker could use this vulnerability to cause Teeworlds server to crash.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-12066
MD5 | 67e2f0aab1a5f038566b1636c11f252b
Ubuntu Security Notice USN-4552-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4552-1 - Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-16729
MD5 | 9b50a0e88882a3a241628e82fb4462d0
Ubuntu Security Notice USN-4550-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4550-1 - Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host.

tags | advisory, denial of service, arbitrary, crypto
systems | linux, ubuntu
advisories | CVE-2020-14374, CVE-2020-14378
MD5 | 078d6a4237c00a31ffbd2417dbef8c6b
Ubuntu Security Notice USN-4551-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4551-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
MD5 | 3eafffe142c5a1479c54fa5c9e297c33
Ubuntu Security Notice USN-4547-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4547-1 - It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, info disclosure
systems | linux, ubuntu
advisories | CVE-2018-15127, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20749, CVE-2018-7225, CVE-2019-15681
MD5 | 9922e4b06254766557616cfff60d0f5a
Ubuntu Security Notice USN-4548-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4548-1 - It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8252
MD5 | 832078b9dd177bb1e72d7406a5622c23
Ubuntu Security Notice USN-4549-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4549-1 - It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-19948
MD5 | 2b0f47f2e4fb8160b47c063317689024
MSI Ambient Link Driver 1.0.0.8 Privilege Escalation
Posted Sep 28, 2020
Authored by Matteo Malvica

MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2020-17382
MD5 | 8fea93f7ad33762f0a50b57fbff7e5a4
Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call
Posted Sep 28, 2020
Authored by Imre Rad, bwatters-r7 | Site metasploit.com

This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours.

tags | exploit
advisories | CVE-2020-1313
MD5 | 58a0c7691e25387d090e181d07ae360d
MaraCMS 7.5 Remote Code Execution
Posted Sep 28, 2020
Authored by Erik Wynter, Michele Cisternino | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).

tags | exploit, web, arbitrary, shell, root, php, file upload
systems | linux, windows
advisories | CVE-2020-25042
MD5 | f3fcdcf0924156e882b29740d16480f8
OpenSSH 8.4p1
Posted Sep 28, 2020
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Future deprecations scoped and multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | 8f897870404c088e4aa7d1c1c58b526b
WordPress WP Courses 2.0.29 Information Disclosure / Authorization Bypass
Posted Sep 28, 2020
Authored by redtimmysec | Site redtimmy.com

WordPress WP Courses plugin versions 2.0.29 and below suffer from an issue that allows an unauthenticated attacker the ability to ex-filtrate all the content of courses through the WordPress REST API.

tags | advisory, info disclosure
MD5 | 44b651d956b8e89fb868cb5ebd9d676c
Ubuntu Security Notice USN-3968-3
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3968-3 - USN-3968-1 fixed several vulnerabilities in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7032
MD5 | 6044cf85ada96b50d32b99b140fb790d
Ubuntu Security Notice USN-4546-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4546-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, spoof the site displayed in the download dialog, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, xss
systems | linux, ubuntu
advisories | CVE-2020-15673, CVE-2020-15677
MD5 | f02d01635a1ac2eedfe980130e35d00a
Ubuntu Security Notice USN-4545-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4545-1 - It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service. It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause libquicktime to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-9122, CVE-2017-9125, CVE-2017-9126, CVE-2017-9127
MD5 | 82a9122d668579c365d56e1def5f7ce8
Ubuntu Security Notice USN-4541-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4541-1 - Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the df_generate_ascii_array_entry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitrary code execution. Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the PS_options function when the Gnuplot postscript terminal is used as a backend. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service attack or arbitrary code execution. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2018-19490, CVE-2018-19491, CVE-2018-19492
MD5 | a2d584e45b3bcb0222cfcf7ec75368ab
Sifter 10_r2
Posted Sep 28, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Revision 2 of version 10. Includes separated categories and various additions.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 6bee73d58cd39101159e5cda8f2f4469
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close