exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2020-10-02

OpenSCAP Libraries 1.3.4
Posted Oct 2, 2020
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Added support for FreeBSD. Improved yamlfilecontent. Fixed a lot of warnings. Various other updates and improvements.
tags | protocol, library
systems | unix
SHA-256 | ee98f650f028819cfeda786d7e85dcadb74d827d4585f332ca03b217d4d82fb7
udisks / Linux Kernel romfs Leakage
Posted Oct 2, 2020
Authored by Jann Horn, Google Security Research

udisks and the Linux kernel have an issue where udisks permits users to mount romfs and romfs leaks uninitialized memory to userspace.

tags | exploit, kernel
systems | linux
SHA-256 | 35a3fb65f205fc4d18eb799a00a5f48e0f59e4554d59a19758e3936768b1b633
SevOne Network Management System 5.7.2.22 SQL Injection / Command Injection
Posted Oct 2, 2020
Authored by Calvin Phang | Site sec-consult.com

SevOne Network Management System version 5.7.2.22 suffers from command injection, CSV formula injection, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
SHA-256 | 24e87adbd89e7edce3cf95cf9e71c78997abb8447a837d4e46b32402d1147531
Platinum Mobile 1.0.4.850 Authorization Bypass
Posted Oct 2, 2020
Authored by M. Li | Site sec-consult.com

Platinum Mobile version 1.0.4.850 has a broken access control. The mobile application connects to the company-specific server, which does not properly restrict the access to confidential data. Thus, an authenticated attacker can disclose the company's payroll, personal information of other employees without having appropriate privileges to do so.

tags | exploit
SHA-256 | ef616be2199ef7ca952b57851fb6f735192ec9301a566f2f186d4adaf12d70a8
MailDepot 2032 SP2 (2.2.1242) Authorization Bypass
Posted Oct 2, 2020
Authored by Micha Borrmann | Site syss.de

MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.

tags | exploit, web
advisories | CVE-2019-19200
SHA-256 | 32ab4f6645b5760f2cd58298371554aeca5c3729abaf3ad7500e4ee9b6054b7e
FusionAuth-SAMLv2 0.2.3 Message Forging
Posted Oct 2, 2020
Authored by Felix Sieges

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.

tags | exploit, arbitrary
advisories | CVE-2020-12676
SHA-256 | c0bc810aed6db58661b8cd13a1ebf5d20fed6fdb9c77567debaa3ab0cf809833
Checkmk 1.6.0p16 Local Privilege Escalation
Posted Oct 2, 2020
Authored by Thierry Viaccoz

Checkmk version 1.6.0p16 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 41cd3d163f2b1dd4d07d8fd2298825fb4ce75d3e7d473bbc6a6eb549e3eec3aa
Ubuntu Security Notice USN-4563-1
Posted Oct 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4563-1 - It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-8936
SHA-256 | d87cf389866a7ac3a59e3adbf8699f85052c8684e103f3158dc16c3897080a52
Red Hat Security Advisory 2020-4162-01
Posted Oct 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4162-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-14364
SHA-256 | 59e3e15ebbb5e0e63993331beff22ce1d413e39d2794afbb1994f1c67a5104c2
Red Hat Security Advisory 2020-4163-01
Posted Oct 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4163-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678
SHA-256 | bd5f1ba103b5c7cbeb45e5c8af66bfc2ce3a92c33e0510d5c09a5d474d62f984
Photo Share Website 1.0 Cross Site Scripting
Posted Oct 2, 2020
Authored by Augkim

Photo Share Website version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | be14abcc47d015f97239bd39ea54992e32721357646e58a671c88befab970bc4
MedDream PACS Server 6.8.3.751 Remote Code Execution
Posted Oct 2, 2020
Authored by bzyo

MedDream PACS Server versions 6.8.3.751 suffers from an unauthenticated remote code execution vulnerability. This finding has been updated as it was originally believed to required authentication.

tags | exploit, remote, code execution
SHA-256 | 5adb3dbf769be512c98b33fa27e9a7ba541b7e7517472634f0d21eba9f5b4c01
Bing.com Hostname / IP Enumerator 1.0.4
Posted Oct 2, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: This is a minor release with no code changes.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | f83cb6b91b197a079e3bfbb484b1d652a62b381e1175cf46a6f305177af13bd1
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close