exploit the possibilities
Showing 1 - 25 of 41 RSS Feed

Files Date: 2020-10-20

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Posted Oct 20, 2020
Authored by Spencer McIntyre, Oleksandr Mirosh, Markus Wulftange, Alvaro Munoz, Paul Taylor, Caleb Gross, straightblast | Site metasploit.com

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).

tags | exploit, asp
advisories | CVE-2017-11317, CVE-2019-18935
SHA-256 | 2f6a8f760339d2c83d483651740d009b85c87d1a8e03ca388c1ef83409e65051
Red Hat Security Advisory 2020-4273-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4273-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection and traversal vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2020-26116
SHA-256 | 4c4d0b3638088fe5fc99f689641e53e9323ea17ebf76604548ac062a7d811b7f
Red Hat Security Advisory 2020-4265-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-2181, CVE-2020-2182, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
SHA-256 | 15089511e793e72f5d3e23eee9deb9ff52e35d5d604957f183139b632c9a90a0
Ubuntu Security Notice USN-4593-1
Posted Oct 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4593-1 - Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15999
SHA-256 | febe229d6289829a933dc52199e594baab75d17e2d3c1a10f83ede00566d6988
Gentoo Linux Security Advisory 202010-06
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-6 - Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution. Versions less than 20.04.3-r2 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2020-24654
SHA-256 | 7ce6012167204b1164242785146d2c17eabd6ae521889185777f34b6f57ce3c1
Gentoo Linux Security Advisory 202010-05
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-5 - Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attackers to execute arbitrary code. Versions less than 0.20.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-24889, CVE-2020-24890
SHA-256 | 214d144b9dd8115ee6eb752f69d8941cd9532ecbaf61be90953c491a6a0f0faf
WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting
Posted Oct 20, 2020
Authored by n1x_

WordPress Colorbox Lightbox plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | be785d6b6150f2af838ebd034a1931d0e03a35375261840865cac44167da652c
Red Hat Security Advisory 2020-4276-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4276-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352
SHA-256 | 30e414e203f959072ef3c252bfa4108ae6fc999c4fb3b252e31ab879b7d1f16f
LISTSERV Maestro 9.0-8 Remote Code Execution
Posted Oct 20, 2020
Authored by b0yd | Site securifera.com

An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

tags | advisory, remote, web, root, code execution
systems | linux, windows
advisories | CVE-2010-1870
SHA-256 | 47ea69c299460db10d186131b9f1c65c7396d9a132d29b4816b4093286ef4a74
Ubuntu Security Notice USN-4592-1
Posted Oct 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4592-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
SHA-256 | d7515239e07d687808da7fbe91f834dad13e673659a86c1dad1b6e475e380895
Red Hat Security Advisory 2020-4290-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4290-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14364, CVE-2020-1983
SHA-256 | 634528d37f5b388b74c77a007a51db83c3747d3bf6d3beaada139cba85579cd1
WordPress Rest Google Maps SQL Injection
Posted Oct 20, 2020
Authored by Jonatas Fil

WordPress Rest Google Maps plugin versions prior to 7.11.18 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2019-10692
SHA-256 | e6025006b8ce2e3cfcabeec432d9bc57bb38877f128d98224407cf302db914db
Gentoo Linux Security Advisory 202010-04
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-4 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition. Versions less than 2.9.10 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2019-20388, CVE-2020-7595
SHA-256 | 3e1a1f46b77ba5156068d8caa6558fa0bb74bd6c8ba52736b22bcf734a309532
Linux / Unix su Privilege Escalation
Posted Oct 20, 2020
Authored by Gavin Youker | Site metasploit.com

This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a pseudo-terminal with python, python3, or script.

tags | exploit, python
SHA-256 | 0257dbb6f700dec5660947d7221bfaf952f0706f6a22fd4c4a1b74364487bb23
Red Hat Security Advisory 2020-4291-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4291-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14364
SHA-256 | cf04bb9bfcf2d01d5987c87dfe4ae38f29f563e8b82a5c1f97198d98363d3077
Visitor Management System In PHP 1.0 SQL Injection
Posted Oct 20, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2020-25760
SHA-256 | a3d7235a2e76acbc794c00b48c8a76f8062e50cc48e65ded0d4a9d7ecd78ac4d
User Registration And Login And User Management System 2.1 Cross Site Scripting
Posted Oct 20, 2020
Authored by yusufmalikul

User Registration and Login and User Management System with admin panel version 2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e75970d0f2bc5bf21ee97be51f13e110881de35f7c8802fe4a39e4e3708d9fde
Red Hat Security Advisory 2020-4286-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4286-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-14331, CVE-2020-14385, CVE-2020-14386
SHA-256 | 8f7a24548cfe79a3658e4f63f2abba8cf6d601dde1625f973112d0508a84f92d
Gentoo Linux Security Advisory 202010-03
Posted Oct 20, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202010-3 - An information disclosure vulnerability in libjpeg-turbo allow remote attackers to obtain sensitive information. Versions 2.0.4-r1 are affected.

tags | advisory, remote, info disclosure
systems | linux, gentoo
advisories | CVE-2020-13790
SHA-256 | 4d2aef4117a1618ec9a35758a1b38d038857906ff83626ed37334f18aaf88099
WordPress HS Brand Logo Slider 2.1 Shell Upload
Posted Oct 20, 2020
Authored by Net-Hunter

WordPress HS Brand Logo Slider plugin version 2.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | be9cc0e699b8de85afd3c6f744938c504dd3520789db58486b688dfce3a9c6f7
Red Hat Security Advisory 2020-4289-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4289-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-14331, CVE-2020-14385, CVE-2020-14386
SHA-256 | 697afd2cc16ce67184c185acf1888e6cb30327a9ea1e639d63b640c467e815d5
Ubuntu Security Notice USN-4591-1
Posted Oct 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4591-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-12351, CVE-2020-12352
SHA-256 | 9e92faf34368121f7c8cf203fd068a5a684f38477adf3dac22437502d9d19dad
Ultimate Project Manager CRM PRO 2.05 SQL Injection
Posted Oct 20, 2020
Authored by nag0mez

Ultimate Project Manager CRM PRO versions 2.0.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2285f33697185e1a0bdfb88fb34af2d8294c768cf175be4d6fa3b532b14a7811
Apache Struts 2 Remote Code Execution
Posted Oct 20, 2020
Authored by Jonatas Fil

Apache Struts 2 DefaultActionMapper Prefixes OGNL remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2013-2251
SHA-256 | 8fc62c46ad7c22f69ed91bac27cf5de646a12ab72512eb056f4af8ee4edfc6ba
Red Hat Security Advisory 2020-4287-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4287-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-12351, CVE-2020-12352, CVE-2020-14385, CVE-2020-14386
SHA-256 | 01bef5346f503d03b012cd69911e6673dd749f654d1dd791e5eb09b23c87a2b3
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close