exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2020-11-06

Ubuntu Security Notice USN-4621-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-1513, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812
MD5 | 7787dcf98d9b4adb884f3713beabae3a
Asterisk Project Security Advisory - AST-2020-002
Posted Nov 6, 2020
Authored by bford, Sebastian Damm, Ruslan Lazin | Site asterisk.org

Asterisk Project Security Advisory - If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.

tags | advisory
MD5 | 99361de2b2ae9918e6068db2b6f741f6
Asterisk 17.6.0 / 17.5.1 Denial Of Service
Posted Nov 6, 2020
Authored by Sandro Gauci | Site enablesecurity.com

Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.

tags | exploit, denial of service, tcp
MD5 | 9a5d9ec730691495e303171a44bcc12b
Ubuntu Security Notice USN-4620-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4620-1 - It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2017-11107
MD5 | 1328c14e055c0263156c30ab138a2dc9
Microsoft Windows 8.1 Cleanmgr Race Condition / Security Bypass
Posted Nov 6, 2020
Authored by Ofir Moskovitch

Microsoft Windows version 8.1 suffers from a Cleanmgr race condition that allows for a security feature bypass in the firewall.

tags | advisory
systems | windows
MD5 | 0d5a52a8e037b5b7abe31f8e431a5636
CMSUno 1.6.2 Remote Code Execution
Posted Nov 6, 2020
Authored by Fatih Celik

CMSUno version 1.6.2 authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | da05a3ff1e0ab5ad382c8e30fdb5f937
Asterisk Project Security Advisory - AST-2020-001
Posted Nov 6, 2020
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

tags | advisory
MD5 | 517d938072991f01f5558229c6259077
Ubuntu Security Notice USN-4599-3
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4599-3 - USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
MD5 | 25dce6875e3b7e54bf60434d0576c6d1
Sentrifugo 3.2 Remote Code Execution
Posted Nov 6, 2020
Authored by Fatih Celik

Sentrifugo version 3.2 assets authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | f8934d22ecd14e85587d2b831e226bb5
Sentrifugo 3.2 Remote Code Execution
Posted Nov 6, 2020
Authored by Fatih Celik

Sentrifugo version 3.2 announcements authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 23b861937f221629412f6ee09ae997d3
Ubuntu Security Notice USN-4619-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4619-1 - Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000632
MD5 | 248b0dd34669f388ff9cb3860db4b123
Red Hat Security Advisory 2020-4961-01
Posted Nov 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4961-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2019-17566, CVE-2020-10683, CVE-2020-10693, CVE-2020-10714, CVE-2020-1748, CVE-2020-1945, CVE-2020-1954, CVE-2020-2875, CVE-2020-2933, CVE-2020-2934
MD5 | 68f0e5928f9e668ab1fbfb9ffb511bff
git-lfs Remote Code Execution
Posted Nov 6, 2020
Authored by Dawid Golunski

Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2020-27955
MD5 | 207206e22d89b9b831273f5d12954acb
BlogEngine 3.3.8 Cross Site Scripting
Posted Nov 6, 2020
Authored by Andrey Stoykov

BlogEngine version 3.3.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8a729935391fc9a607bbf2f068d2a2e4
Red Hat Security Advisory 2020-4960-01
Posted Nov 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4960-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2019-17566, CVE-2020-10683, CVE-2020-10693, CVE-2020-10714, CVE-2020-1748, CVE-2020-1945, CVE-2020-1954, CVE-2020-2875, CVE-2020-2933, CVE-2020-2934
MD5 | a2b5a8d32a1b651da55bbb42b8f7ae36
SmartBlog 2.0.1 Blind SQL Injection
Posted Nov 6, 2020
Authored by C0wnuts

SmartBlog version 2.0.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a8136efdf513dac00bed13d8b3e40e1c
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close