exploit the possibilities
Showing 1 - 25 of 41 RSS Feed

Files Date: 2020-10-20

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Posted Oct 20, 2020
Authored by Spencer McIntyre, Oleksandr Mirosh, Markus Wulftange, Alvaro Munoz, Paul Taylor, Caleb Gross, straightblast | Site metasploit.com

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).

tags | exploit, asp
advisories | CVE-2017-11317, CVE-2019-18935
MD5 | 1681e42767479128abf9e29c90cc76ef
Red Hat Security Advisory 2020-4273-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4273-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection and traversal vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2020-26116
MD5 | 72d8c356c9cc0a19caa3b0627e759faf
Red Hat Security Advisory 2020-4265-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-2181, CVE-2020-2182, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
MD5 | fc5f3d735091b90521ba11e138019899
Ubuntu Security Notice USN-4593-1
Posted Oct 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4593-1 - Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15999
MD5 | e2d87527b97b4f6bcee00e01fde7e52a
Gentoo Linux Security Advisory 202010-06
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-6 - Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution. Versions less than 20.04.3-r2 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2020-24654
MD5 | 0bb741fdae06e4dfc77ed8440d31aa75
Gentoo Linux Security Advisory 202010-05
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-5 - Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attackers to execute arbitrary code. Versions less than 0.20.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-24889, CVE-2020-24890
MD5 | 76e91535a6c1e9a6c0ee52a16e658865
WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting
Posted Oct 20, 2020
Authored by n1x_

WordPress Colorbox Lightbox plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ef40174eaa8a07fa5a7be5da053c7ba3
Red Hat Security Advisory 2020-4276-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4276-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352
MD5 | 8f02e2974c6f914cdd056bd8c84237ca
LISTSERV Maestro 9.0-8 Remote Code Execution
Posted Oct 20, 2020
Authored by b0yd | Site securifera.com

An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

tags | advisory, remote, web, root, code execution
systems | linux, windows
advisories | CVE-2010-1870
MD5 | a3168454ee163a5555ee9cdd35609b72
Ubuntu Security Notice USN-4592-1
Posted Oct 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4592-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
MD5 | ea8ffa29056c97fd916af3807500cfd8
Red Hat Security Advisory 2020-4290-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4290-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14364, CVE-2020-1983
MD5 | 960dd358dbfac272d13833dcae92bb78
WordPress Rest Google Maps SQL Injection
Posted Oct 20, 2020
Authored by Jonatas Fil

WordPress Rest Google Maps plugin versions prior to 7.11.18 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2019-10692
MD5 | 099630f13baa8394edaff5afba8207ca
Gentoo Linux Security Advisory 202010-04
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-4 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition. Versions less than 2.9.10 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2019-20388, CVE-2020-7595
MD5 | c8ff946a0249d14be03810a74d523804
Linux / Unix su Privilege Escalation
Posted Oct 20, 2020
Authored by Gavin Youker | Site metasploit.com

This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a pseudo-terminal with python, python3, or script.

tags | exploit, python
MD5 | 9ca7ce56dad3e9758e96d3f376c0f96f
Red Hat Security Advisory 2020-4291-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4291-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14364
MD5 | 5b276d0f7b184fae79a9c8e8244ea5ea
Visitor Management System In PHP 1.0 SQL Injection
Posted Oct 20, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2020-25760
MD5 | 8033f7aca5a8c9fe62862c58e36e983e
User Registration And Login And User Management System 2.1 Cross Site Scripting
Posted Oct 20, 2020
Authored by yusufmalikul

User Registration and Login and User Management System with admin panel version 2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | f2d57da28dcedaf4b1bfdcb6fcc10c77
Red Hat Security Advisory 2020-4286-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4286-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-14331, CVE-2020-14385, CVE-2020-14386
MD5 | ca2183424ce189f07dabb3e9fde5d6f6
Gentoo Linux Security Advisory 202010-03
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-3 - An information disclosure vulnerability in libjpeg-turbo allow remote attackers to obtain sensitive information. Versions 2.0.4-r1 are affected.

tags | advisory, remote, info disclosure
systems | linux, gentoo
advisories | CVE-2020-13790
MD5 | c41e8764f72fbfba8fd43336c2c227d5
WordPress HS Brand Logo Slider 2.1 Shell Upload
Posted Oct 20, 2020
Authored by Net-Hunter

WordPress HS Brand Logo Slider plugin version 2.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 247365fd8094a2f47aef67d768cb364f
Red Hat Security Advisory 2020-4289-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4289-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-14331, CVE-2020-14385, CVE-2020-14386
MD5 | 51c6fb98b1d3707da3d7531842005a5d
Ubuntu Security Notice USN-4591-1
Posted Oct 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4591-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-12351, CVE-2020-12352
MD5 | 5d0eee3a0d51a48fdc43a1f3e9d24038
Ultimate Project Manager CRM PRO 2.05 SQL Injection
Posted Oct 20, 2020
Authored by nag0mez

Ultimate Project Manager CRM PRO versions 2.0.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0218911dc1316838cdde1cba109f6620
Apache Struts 2 Remote Code Execution
Posted Oct 20, 2020
Authored by Jonatas Fil

Apache Struts 2 DefaultActionMapper Prefixes OGNL remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2013-2251
MD5 | 4bacfb503bb7a49d5262f888693bb1b8
Red Hat Security Advisory 2020-4287-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4287-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-14385, CVE-2020-14386
MD5 | 0e9b2a44406e1502eb1daf6f63e7d8d9
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    10 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close