exploit the possibilities
Showing 1 - 25 of 355 RSS Feed

Files Date: 2020-10-01 to 2020-10-31

Wireshark Analyzer 3.4.0
Posted Oct 30, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: The Protobuf fields defined as google.protobuf.Timestamp type of Protobuf standard library can now be dissected as Wireshark fields of absolute time type. The Windows installers now ship with Npcap 1.00. The Windows installers now ship with Qt 5.15.1. Various other updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 5c656cd9d6b01dd2ad93ed665ca532e6
Microsoft Windows Kernel cng.sys Buffer Overflow
Posted Oct 30, 2020
Authored by Mateusz Jurczyk, Google Security Research, hawkes

The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).

tags | exploit, kernel
systems | windows
advisories | CVE-2020-17087
MD5 | 6e04f989132d4f0fcd1f22d984a8aedf
Simple College Website 1.0 Code Execution / SQL Injection
Posted Oct 30, 2020
Authored by yunaranyancat

Simple College Website version 1.0 suffers from code execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
MD5 | b79435331f73ab8e247db7039783c59f
Wondershare Dr.Fone 3.0.0 Unquoted Service Path
Posted Oct 30, 2020
Authored by Andrea Intilangelo

Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability.

tags | exploit
systems | windows
advisories | CVE-2020-27992
MD5 | 59664c74370fef3b655378cae4cd05dd
Citadel WebCit Session Hijacking
Posted Oct 30, 2020
Authored by Simone Quatrini

Citadel WebCit versions prior to 926 suffer from a session hijacking vulnerability.

tags | exploit
MD5 | 5a6f2a710cd10023c19a954e256671f1
Agent Tesla Botnet Cross Site Scripting
Posted Oct 30, 2020
Authored by n4pst3r

Agent Tesla Botnet suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 85eb173306619dbaa4177ef7fb6ab731
DedeCMS 5.8 Cross Site Scripting
Posted Oct 30, 2020
Authored by Noth

DedeCMS version 5.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-27533
MD5 | 59e156fcd1d78f4eb054ff4651f4a437
CSE Bookstore 1.0 Cross Site Scripting
Posted Oct 30, 2020
Authored by Vyshnav NK

CSE Bookstore version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | fc194f59cfd40ef683de002a6e33b13d
Ubuntu Security Notice USN-4610-1
Posted Oct 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4610-1 - It was discovered that fastd did not properly handle receive buffers under certain circumstances. A remote attacker could possibly use this issue to cause a memory leak, resulting in a denial of service.

tags | advisory, remote, denial of service, memory leak
systems | linux, ubuntu
advisories | CVE-2020-27638
MD5 | d044b963d293ca0b710d800c0f0cb6b1
Oracle WebLogic Server Remote Code Execution
Posted Oct 29, 2020
Authored by Nguyen Jang

Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-14882
MD5 | 24fa9b1def3992595545767d8d82efa2
Microsoft Edge Information Disclosure / Remote Code Execution
Posted Oct 29, 2020
Authored by Ofir Moskovitch

Microsoft Edge suffers from information disclosure and remote code execution vulnerabilities. Affected builds include 85.0.564.83, 85.0.564.86, 85.0.564.70, 86.0.622.38, 86.0.622.43, 86.0.622.48, 86.0.622.51, and 86.0.622.56.

tags | advisory, remote, vulnerability, code execution, info disclosure
MD5 | d1283aca7d57dba59274a53c8d4be7c8
Red Hat Security Advisory 2020-4401-01
Posted Oct 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4401-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include an XML injection vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | c6734a15901d8b6f939fef6f1ad12e04
Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery
Posted Oct 29, 2020
Authored by Mohammed Farhan

Genexis Platinum-4410 version P4410-V2-1.28 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 146fa3e7e680262eec3c8a7849e57ef6
Lot Reservation Management System 1.0 Cross Site Scripting
Posted Oct 29, 2020
Authored by Ankita Pal

Lot Reservation Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d59da764d15867b2c8e347b9d1c591e3
Lot Reservation Management System 1.0 SQL Injection
Posted Oct 29, 2020
Authored by Ankita Pal

Lot Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 3840f5563afd9a3a71808da95da9f196
Icewarp WebMail 11.4.5.0 Cross Site Scripting
Posted Oct 29, 2020
Authored by Harun Karakis

Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-27982
MD5 | 90afc47a914b4ec45f2b380bd65e99dd
Ubuntu Security Notice USN-4609-1
Posted Oct 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4609-1 - Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2018-1000528, CVE-2019-11187, CVE-2019-14466
MD5 | 4e2b8c585afc2ea3d948b113104fffd5
Mailman 2.1.23 Cross Site Scripting
Posted Oct 29, 2020
Authored by Valerio Alessandroni

Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-5950
MD5 | 9f7ee8dc2bea9eb36d07925c4afea9ee
Point Of Sales 1.0 Cross Site Scripting
Posted Oct 29, 2020
Authored by Ankita Pal

Point of Sales version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 07a9e356990714e68a1337f5da907983
Red Hat Security Advisory 2020-4402-01
Posted Oct 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4402-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include an XML injection vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-25649
MD5 | 96d6633cd6cef7c456fbbb9879267dc9
Online Examination System 1.0 Cross Site Scripting
Posted Oct 29, 2020
Authored by Nikhil Kumar

Online Examination System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4f20c0c9e6ff28d87241c91fba29f4e1
Red Hat Security Advisory 2020-4390-01
Posted Oct 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4390-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability, sql injection, python
systems | linux, redhat
advisories | CVE-2019-12781, CVE-2019-14232, CVE-2019-14233, CVE-2019-14234, CVE-2019-14235
MD5 | 5e29b134d33cbe475b05d7701f782272
Red Hat Security Advisory 2020-4391-01
Posted Oct 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4391-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2020-10755
MD5 | d7d644f1e0cca176509c26368eef462f
Ubuntu Security Notice USN-4552-3
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-16729
MD5 | 632ca4e5ebf9fb3048aa8ec5c35d3c54
FreeType Load_SBit_Png Heap Buffer Overflow
Posted Oct 28, 2020
Authored by Google Security Research, Glazvunov

FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.

tags | exploit, overflow
advisories | CVE-2020-15999
MD5 | 486d3f9f9d645b3bc7af767d7f2dd9cd
Page 1 of 15
Back12345Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close