exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

Files Date: 2020-10-02

OpenSCAP Libraries 1.3.4
Posted Oct 2, 2020
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Added support for FreeBSD. Improved yamlfilecontent. Fixed a lot of warnings. Various other updates and improvements.
tags | protocol, library
systems | unix
MD5 | 7b4ae87ef6111365b0c9869e54654a1d
udisks / Linux Kernel romfs Leakage
Posted Oct 2, 2020
Authored by Jann Horn, Google Security Research

udisks and the Linux kernel have an issue where udisks permits users to mount romfs and romfs leaks uninitialized memory to userspace.

tags | exploit, kernel
systems | linux
MD5 | c048313af977e032061fd3c992081768
SevOne Network Management System SQL Injection / Command Injection
Posted Oct 2, 2020
Authored by Calvin Phang | Site sec-consult.com

SevOne Network Management System version suffers from command injection, CSV formula injection, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
MD5 | a1985e5482a5458f4280f73901a09840
Platinum Mobile Authorization Bypass
Posted Oct 2, 2020
Authored by M. Li | Site sec-consult.com

Platinum Mobile version has a broken access control. The mobile application connects to the company-specific server, which does not properly restrict the access to confidential data. Thus, an authenticated attacker can disclose the company's payroll, personal information of other employees without having appropriate privileges to do so.

tags | exploit
MD5 | b8f0b54d3055e0b254682f645f05741f
MailDepot 2032 SP2 (2.2.1242) Authorization Bypass
Posted Oct 2, 2020
Authored by Micha Borrmann

MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.

tags | exploit, web
advisories | CVE-2019-19200
MD5 | 2e1b3f83e91175cf5635f13218d5b89a
FusionAuth-SAMLv2 0.2.3 Message Forging
Posted Oct 2, 2020
Authored by Felix Sieges

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.

tags | exploit, arbitrary
advisories | CVE-2020-12676
MD5 | f8a52bf9494d332e9b0a5df53b18c1c8
Checkmk 1.6.0p16 Local Privilege Escalation
Posted Oct 2, 2020
Authored by Thierry Viaccoz

Checkmk version 1.6.0p16 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | e21d1df7920482548d547d5f1366637f
Ubuntu Security Notice USN-4563-1
Posted Oct 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4563-1 - It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-8936
MD5 | b9934375d7ec3f0ca1b14ac7a67351c1
Red Hat Security Advisory 2020-4162-01
Posted Oct 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4162-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-14364
MD5 | 040605a96d155d9c518e4cf87232ffd4
Red Hat Security Advisory 2020-4163-01
Posted Oct 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4163-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678
MD5 | a9807dcbaba78524fd141dd64d7553c7
Photo Share Website 1.0 Cross Site Scripting
Posted Oct 2, 2020
Authored by Augkim

Photo Share Website version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | c1cb2f0616c1bd8a94c9828aaf2d0721
MedDream PACS Server Remote Code Execution
Posted Oct 2, 2020
Authored by bzyo

MedDream PACS Server versions suffers from an unauthenticated remote code execution vulnerability. This finding has been updated as it was originally believed to required authentication.

tags | exploit, remote, code execution
MD5 | a4dd351ac4d4dd6cf46f7130589dd6a8
Bing.com Hostname / IP Enumerator 1.0.4
Posted Oct 2, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: This is a minor release with no code changes.
tags | tool, scanner, bash
systems | linux, unix
MD5 | b337bc57bc4bb3aed8d93453ecc18db2
Page 1 of 1

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By