WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.
26464e30171057117f6199bf5dc719167e0e400a747dd50d314e497007919af2Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
31aa99ca5e3ce55daedae019703f834dd037f608ff57ab67e44a8ed6ff422176This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion (CVE-2020-9850). The type confusion can be used as addrof and fakeobj primitives that then lead to arbitrary read/write of memory. These primitives allow us to write shellcode into a JIT region (RWX memory) containing the next stage of the exploit. The next stage uses CVE-2020-9856 to exploit a heap overflow in CVM Server, and extracts a macOS application containing our payload into /var/db/CVMS. The payload can then be opened with CVE-2020-9801, executing the payload as a user but without sandbox restrictions.
fbbde1e0b4f53036aee6e135d84e5add073f53c612d6996cee132e6170926d16Sony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer overflow when a user issues a POST request to connect to a malicious FTP server. Successful exploitation could allow execution of arbitrary code on the affected device or cause denial of service scenario.
db96bc2368565f4a5a936240e09f50eb7b4e018f0a55c54982e05ad20ca5727dThe Call For Papers for nullcon Goa 2021 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place in March of 2021.
fd8ac8913a25d034a9ee626f3d63dd2d10b16f08a43d5e61fad2bb2dce78853aBrightSign Digital Signage Diagnostic Web Server version 8.2.26 suffers from an unauthenticated server-side request forgery vulnerability.
c99f6f8262f551c603e9615cea0c11c0d5dd43b92387a2e4d455cf78899afa9cSpinetiX Fusion Digital Signage version 3.4.8 suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.
9766624f45bb68eb9e4df380ee06065e8e5eaf375cfafaf7089aa93de1d16117SpinetiX Fusion Digital Signage version 3.4.8 suffers from a database backup disclosure vulnerability.
39dbe31c5333d00cfa9388f957aa3ec2ec91f7fb517191fa5fc1fdcc3f2a1887vPrioritizer enables users to understand the contextualized risk (vPRisk) on an asset-vulnerability relationship level across the organization by considering factors like base CVSS, asset accessibility, criticality, exploit availability, business sensitivity, and more. It helps teams to make more informed decisions about vulnerability remediation for assets.
ddfc0525abca69a2f048691e4d7df7dd91bf660fa018dbf31d3b7c8a0f820bc4Red Hat Security Advisory 2020-4158-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
4edcd5bd7b69020b3a33ad2204dea11b12bc42b8d48cd9ce3e3055f7bbbd5316Red Hat Security Advisory 2020-4155-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
d30844667edc91e6ae47ce84a44b8a18e492f694d66b6305d0333b2af0bdc86fRed Hat Security Advisory 2020-4154-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.5 serves as a replacement for Red Hat AMQ Broker 7.4.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a server-side request forgery vulnerability.
cbca0a3c9b5e813348b84b844f398914033b666c5e2ba63103176f2f6110a779Ubuntu Security Notice 4562-1 - It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code.
62f0c26bbb23123bf9326efedc77a112b6e22035fceb3025dbcd8e5461912b92CMS Made Simple version 2.2.14 suffers from a persistent cross site scripting vulnerability.
5752983fb6f8ef3b1665360cb1a3d3b1151ff77e75d6c1e7b6e22ee07860149cGetSimple CMS version 3.3.16 suffers from a persistent cross site scripting vulnerability.
a82a29405821fa4f32cf24ae26e2a0cb08115649b0d9be46c47c4dc641959cc3SpinetiX Fusion Digital Signage version 3.4.8 suffers from a cross site request forgery vulnerability.
0ba5a39d94f4fa13faa673d5a64522f5f874236599123ce117851174ccbfe7c5Red Hat Security Advisory 2020-3842-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
56a30f99d0a7116668054648ca24d0b115dc937c74d74c4219d5d7d58fb5e3beMonoCMS Blog version 1.0 suffers from arbitrary file deletion, cross site request forgery, and information disclosure vulnerabilities.
94d8b82b640c31f62e5544ec3f22c4fb6cfbe03963f5dca9e93d0c74da17b5cfRed Hat Security Advisory 2020-4157-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
7f63fe7a5c5b4a3aab2a27cdc3130031667023b8c382531ab7c9a565e2c9af32SpinetiX Fusion Digital Signage versions 3.4.8 and below suffer from a username enumeration vulnerability.
1eba008e8b78b9a7ca0f327915b99ee5630847be56bb4129fd6b85e7572f7e52Red Hat Security Advisory 2020-4156-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
49aced0f6972c770d5d03ce69bf8242fb3c43f8ff8afd53852847b3cb3fd77dfWebsiteBaker version 2.12.2 suffers from an authenticated remote SQL injection vulnerability.
32f4c52728d964e17ad7764eb868e0141d2bcb928e0aacafa52d35e8fd7c5c04Ubuntu Security Notice 4561-1 - It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie.
28ef3de904174b649936d692414682a56cecf83d39f38f6439d86a19b7efdea9Typesetter CMS version 5.1 suffers from a persistent cross site scripting vulnerability.
d75c2d262e1de0fcc7c55a749e7b558c1de3e86a7fb5ee0f7d71ec95f40dadb2This archive contains all of the 97 exploits added to Packet Storm in September, 2020.
4ff91bd662df0a99640af224386b9628158a60690cb36827812fbec042bea43a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed