what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-10-07

Textpattern CMS 4.6.2 Cross Site Scripting
Posted Oct 7, 2020
Authored by Alperen Ergel

Textpattern CMS version 4.6.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ada1a551b325dbaa70947f4134ebf176487a2919f9942186de887c6522e038bf
Packet Fence 10.2.0
Posted Oct 7, 2020
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Improved Layer-3 replication, more Golang, automated integration tests, and more.
tags | tool, remote
systems | unix
SHA-256 | 449d451ef819c53dadfc8e60be9287c2bd963086168e96fe28b71e7cb61034e8
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
Posted Oct 7, 2020
Authored by LiquidWorm | Site zeroscience.mk

A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a "nonce" value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.

tags | exploit, remote, web
advisories | CVE-2020-15688
SHA-256 | 1f21883898656dd0185b843ee6ff9849f7cb2f76e87bff609d9f9c340161a1d2
BACnet Test Server 1.01 Remote Denial Of Service
Posted Oct 7, 2020
Authored by LiquidWorm | Site zeroscience.mk

BACNet Test Server version 1.01 suffers from a denial of service vulnerability when sending a malformed BVLC Length UDP packet to port 47808 which causes the application to crash.

tags | exploit, denial of service, udp
SHA-256 | 6dd99bf6a5222f767f574ad92209d003071fea0e8e969f95e4fc695e619b078a
Typesetter CMS 5.1 Remote Code Execution
Posted Oct 7, 2020
Authored by Rodolfo Tavares | Site tempest.com.br

Typesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.

tags | advisory, php, code execution
advisories | CVE-2020-25790
SHA-256 | ee974c9d37c8aba758fd4db3a34e859ee9e9a7a9e7db287f6d35e858f330de34
FortiSIEM 5.2.8 EL Injection / Remote Code Execution
Posted Oct 7, 2020
Authored by redtimmysec | Site redtimmy.com

FortiSIEM versions 5.2.8 and below are vulnerable to an unauthorized remote command execution vulnerability via Expression Language injection. This advisory notes that the Richsploit exploit can be leveraged to still achieve code execution.

tags | advisory, remote, code execution
SHA-256 | 41a7244cc155ca357017d0f400fa1ea31bc629fca173cb7784ea84fc938847b4
Ubuntu Security Notice USN-4572-2
Posted Oct 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4572-2 - USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14355
SHA-256 | 9f7e790196892600a1c10c340560e454197a5ffd6f816a397993891c8678f31d
Ubuntu Security Notice USN-4573-1
Posted Oct 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-6053, CVE-2018-7225, CVE-2019-15681, CVE-2020-14397, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404
SHA-256 | d1c1dec0425b1351154dbc2e5d1e29f09c8665e1b8c90126af657be592658be8
Red Hat Security Advisory 2020-4206-01
Posted Oct 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4206-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.121. Issues addressed include out of bounds read and out of bounds write vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15964, CVE-2020-15965, CVE-2020-15966
SHA-256 | ee29d33c8d02edc40fada23b2b4ce234431964af68cae55bc513f502ae7c208c
Red Hat Security Advisory 2020-4201-01
Posted Oct 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4201-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-11756, CVE-2019-17006, CVE-2019-17023, CVE-2020-12402, CVE-2020-12825, CVE-2020-14352, CVE-2020-14365, CVE-2020-15586, CVE-2020-16845
SHA-256 | 3d8b1c7224e8a2deee960b7668ead051da2664d66a79b155eb862d4b51810393
Liman 0.7 Cross Site Request Forgery
Posted Oct 7, 2020
Authored by George Tsimpidas

Liman version 0.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | d09a288db897644ead39be43f87913ea6f8df7db6ef2d572a5812c65d6063845
Red Hat Security Advisory 2020-4184-01
Posted Oct 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4184-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-14355
SHA-256 | e07862a6b47c60365c49864eb170c283833004c5b1cb5d16352a964c78388645
EasyPMS 1.0.0 Authentication Bypass
Posted Oct 7, 2020
Authored by JOK3R

EasyPMS version 1.0.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | e13602cc76a575c290664316ec7bcc5f6bd3a4fb3f24d3a6f8fe7affe677d016
Karel IP Phone IP1211 Web Management Panel Directory Traversal
Posted Oct 7, 2020
Authored by Berat Isler

The Karel IP Phone IP1211 web management panel suffers from a directory traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | 01ce8f58c47369a648602b2c2e77762f247b3a31ce04190a1ddbaa9e1b4adfbe
Packet Reassembly And Overlapping IP Fragments
Posted Oct 7, 2020
Authored by Haboob Team

This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.

tags | paper
SHA-256 | e80ccbaa83ffad3bf1cde6de0396cae423f3afd12c0a5a44cb9a16f8090938f4
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close