exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2020-10-01

WhatWeb Scanner 0.5.3
Posted Oct 1, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Minor release with miscellaneous changes, seven new plugins, and two plugin updates.
tags | tool, web, scanner, javascript
systems | unix
SHA-256 | 26464e30171057117f6199bf5dc719167e0e400a747dd50d314e497007919af2
Falco 0.26.1
Posted Oct 1, 2020
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: New CLI flag added and a couple of rule changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 31aa99ca5e3ce55daedae019703f834dd037f608ff57ab67e44a8ed6ff422176
Safari Type Confusion / Sandbox Escape
Posted Oct 1, 2020
Authored by timwr, Insu Yun, Taesoo Kim, Jungwon Lim, Yonghwi Jin | Site metasploit.com

This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion (CVE-2020-9850). The type confusion can be used as addrof and fakeobj primitives that then lead to arbitrary read/write of memory. These primitives allow us to write shellcode into a JIT region (RWX memory) containing the next stage of the exploit. The next stage uses CVE-2020-9856 to exploit a heap overflow in CVM Server, and extracts a macOS application containing our payload into /var/db/CVMS. The payload can then be opened with CVE-2020-9801, executing the payload as a user but without sandbox restrictions.

tags | exploit, overflow, arbitrary, shellcode
advisories | CVE-2020-9801, CVE-2020-9850, CVE-2020-9856
SHA-256 | fbbde1e0b4f53036aee6e135d84e5add073f53c612d6996cee132e6170926d16
Sony IPELA Network Camera Remote Stack Buffer Overflow
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer overflow when a user issues a POST request to connect to a malicious FTP server. Successful exploitation could allow execution of arbitrary code on the affected device or cause denial of service scenario.

tags | exploit, remote, denial of service, overflow, arbitrary, cgi
SHA-256 | db96bc2368565f4a5a936240e09f50eb7b4e018f0a55c54982e05ad20ca5727d
nullcon Goa 2021 Call For Papers
Posted Oct 1, 2020
Site nullcon.net

The Call For Papers for nullcon Goa 2021 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place in March of 2021.

tags | paper, conference
SHA-256 | fd8ac8913a25d034a9ee626f3d63dd2d10b16f08a43d5e61fad2bb2dce78853a
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Server-Side Request Forgery
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

BrightSign Digital Signage Diagnostic Web Server version 8.2.26 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit, web
SHA-256 | c99f6f8262f551c603e9615cea0c11c0d5dd43b92387a2e4d455cf78899afa9c
SpinetiX Fusion Digital Signage 3.4.8 Path Traversal
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

SpinetiX Fusion Digital Signage version 3.4.8 suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.

tags | exploit, arbitrary, php
SHA-256 | 9766624f45bb68eb9e4df380ee06065e8e5eaf375cfafaf7089aa93de1d16117
SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

SpinetiX Fusion Digital Signage version 3.4.8 suffers from a database backup disclosure vulnerability.

tags | exploit
SHA-256 | 39dbe31c5333d00cfa9388f957aa3ec2ec91f7fb517191fa5fc1fdcc3f2a1887
vPrioritizer 1.0
Posted Oct 1, 2020
Authored by Pramod Rana | Site github.com

vPrioritizer enables users to understand the contextualized risk (vPRisk) on an asset-vulnerability relationship level across the organization by considering factors like base CVSS, asset accessibility, criticality, exploit availability, business sensitivity, and more. It helps teams to make more informed decisions about vulnerability remediation for assets.

tags | tool
systems | unix
SHA-256 | ddfc0525abca69a2f048691e4d7df7dd91bf660fa018dbf31d3b7c8a0f820bc4
Red Hat Security Advisory 2020-4158-01
Posted Oct 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4158-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678
SHA-256 | 4edcd5bd7b69020b3a33ad2204dea11b12bc42b8d48cd9ce3e3055f7bbbd5316
Red Hat Security Advisory 2020-4155-01
Posted Oct 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4155-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678
SHA-256 | d30844667edc91e6ae47ce84a44b8a18e492f694d66b6305d0333b2af0bdc86f
Red Hat Security Advisory 2020-4154-01
Posted Oct 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4154-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.5 serves as a replacement for Red Hat AMQ Broker 7.4.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-5183, CVE-2019-9827
SHA-256 | cbca0a3c9b5e813348b84b844f398914033b666c5e2ba63103176f2f6110a779
Ubuntu Security Notice USN-4562-1
Posted Oct 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4562-1 - It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14001
SHA-256 | 62f0c26bbb23123bf9326efedc77a112b6e22035fceb3025dbcd8e5461912b92
CMS Made Simple 2.2.14 Cross Site Scripting
Posted Oct 1, 2020
Authored by Roel van Beurden

CMS Made Simple version 2.2.14 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-24860
SHA-256 | 5752983fb6f8ef3b1665360cb1a3d3b1151ff77e75d6c1e7b6e22ee07860149c
GetSimple CMS 3.3.16 Cross Site Scripting
Posted Oct 1, 2020
Authored by Roel van Beurden

GetSimple CMS version 3.3.16 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a82a29405821fa4f32cf24ae26e2a0cb08115649b0d9be46c47c4dc641959cc3
SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

SpinetiX Fusion Digital Signage version 3.4.8 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0ba5a39d94f4fa13faa673d5a64522f5f874236599123ce117851174ccbfe7c5
Red Hat Security Advisory 2020-3842-01
Posted Oct 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3842-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-2183
SHA-256 | 56a30f99d0a7116668054648ca24d0b115dc937c74d74c4219d5d7d58fb5e3be
MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials
Posted Oct 1, 2020
Authored by Shahrukh Iqbal Mirza

MonoCMS Blog version 1.0 suffers from arbitrary file deletion, cross site request forgery, and information disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion, info disclosure, csrf
advisories | CVE-2020-25986, CVE-2020-25987
SHA-256 | 94d8b82b640c31f62e5544ec3f22c4fb6cfbe03963f5dca9e93d0c74da17b5cf
Red Hat Security Advisory 2020-4157-01
Posted Oct 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4157-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678
SHA-256 | 7f63fe7a5c5b4a3aab2a27cdc3130031667023b8c382531ab7c9a565e2c9af32
SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

SpinetiX Fusion Digital Signage versions 3.4.8 and below suffer from a username enumeration vulnerability.

tags | exploit
SHA-256 | 1eba008e8b78b9a7ca0f327915b99ee5630847be56bb4129fd6b85e7572f7e52
Red Hat Security Advisory 2020-4156-01
Posted Oct 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4156-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678
SHA-256 | 49aced0f6972c770d5d03ce69bf8242fb3c43f8ff8afd53852847b3cb3fd77df
WebsiteBaker 2.12.2 SQL Injection
Posted Oct 1, 2020
Authored by Roel van Beurden

WebsiteBaker version 2.12.2 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 32f4c52728d964e17ad7764eb868e0141d2bcb928e0aacafa52d35e8fd7c5c04
Ubuntu Security Notice USN-4561-1
Posted Oct 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4561-1 - It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-8161, CVE-2020-8184
SHA-256 | 28ef3de904174b649936d692414682a56cecf83d39f38f6439d86a19b7efdea9
Typesetter CMS 5.1 Cross Site Scripting
Posted Oct 1, 2020
Authored by Alperen Ergel

Typesetter CMS version 5.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d75c2d262e1de0fcc7c55a749e7b558c1de3e86a7fb5ee0f7d71ec95f40dadb2
Packet Storm New Exploits For September, 2020
Posted Oct 1, 2020
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 97 exploits added to Packet Storm in September, 2020.

tags | exploit
SHA-256 | 4ff91bd662df0a99640af224386b9628158a60690cb36827812fbec042bea43a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close