exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-11-13

Apple Security Advisory 2020-11-13-5
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-5 - Safari 14.0 addresses code execution, cross site scripting, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-9947, CVE-2020-9948, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9983, CVE-2020-9987, CVE-2020-9993
MD5 | 4abb2ed024c0733f7aa17e86cafa43b1
Apple Security Advisory 2020-11-13-2
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-2 - Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2020-27930, CVE-2020-27932, CVE-2020-27950
MD5 | ff4dc5b813f0111a2edff3869a40bd44
Apple Security Advisory 2020-11-13-4
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-4 - tvOS 14.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-10013, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-15358, CVE-2020-9849, CVE-2020-9876, CVE-2020-9943, CVE-2020-9944, CVE-2020-9947, CVE-2020-9949, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9954, CVE-2020-9961, CVE-2020-9965, CVE-2020-9966, CVE-2020-9968, CVE-2020-9969, CVE-2020-9976, CVE-2020-9979, CVE-2020-9981, CVE-2020-9983, CVE-2020-9991
MD5 | e65d5de230a8b7448d59d553c86fe14c
Apple Security Advisory 2020-11-13-3
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-3 - Updates for iOS 14.0 and iPadOS 14.0 address buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, spoof, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2019-14899, CVE-2020-10013, CVE-2020-13434, CVE-2020-13435, CVE-2020-13520, CVE-2020-13630, CVE-2020-13631, CVE-2020-15358, CVE-2020-6147, CVE-2020-9773, CVE-2020-9849, CVE-2020-9876, CVE-2020-9941, CVE-2020-9943, CVE-2020-9944, CVE-2020-9946, CVE-2020-9947, CVE-2020-9949, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9954, CVE-2020-9958, CVE-2020-9959, CVE-2020-9961, CVE-2020-9963, CVE-2020-9964, CVE-2020-9965
MD5 | f15d74568f4f6adf383e272deddb869b
Advanced System Care Service 13 Unquoted Service Path
Posted Nov 13, 2020
Authored by Jair Amezcua

Advanced System Care Service version 13 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | d4bc265e5db84352221451e0ee1535df
TOR Virtual Network Tunneling Tool 0.4.4.6
Posted Nov 13, 2020
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020-005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 3635b2f7b6645910bf702ce8eaeffd0d
Botan C++ Crypto Algorithms Library 2.17.2
Posted Nov 13, 2020
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed a build problem on ppc64. Resolved an issue in the modular square root algorithm. Fixed a regression in MinGW builds introduced in 2.17.1.
tags | library
MD5 | a88333476d5c448643a3eda2f4dca8ee
Microsoft Windows WindowsCodecsRaw!CCanonRawImageRep::GetNamedWhiteBalances Out-Of-Bounds Read
Posted Nov 13, 2020
Authored by Ivan Fratric, Google Security Research

There is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.

tags | advisory
systems | windows
advisories | CVE-2020-17113
MD5 | 1ea2260b2783f8f68dc9be4f978b3561
Ubuntu Security Notice USN-4607-2
Posted Nov 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4607-2 - USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
MD5 | 3edc6eb21eea64bc95aec575369eb14b
ASUS TM-AC1900 Arbitrary Command Execution
Posted Nov 13, 2020
Authored by b1ack0wl | Site metasploit.com

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.

tags | exploit, web, cgi, code execution
advisories | CVE-2018-9285
MD5 | 7d93c218049c0722da7e83b78f2c4623
Bludit Panel Brute Forcer
Posted Nov 13, 2020
Authored by Eren Simsek | Site metasploit.com

This Metasploit module performs an authentication brute forcing attack against the panel in Bludit version 3.9.2.

tags | exploit, bypass
MD5 | 466a1ffa63c9bdf248aa584d522e3934
Citrix ADC NetScaler Local File Inclusion
Posted Nov 13, 2020
Authored by Donny Maasland, Ramella Sebastien | Site metasploit.com

This Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.

tags | exploit, local, file inclusion
advisories | CVE-2020-8193, CVE-2020-8195, CVE-2020-8196
MD5 | d988d9b9c395233084520c1b63a93177
HorizontCMS 1.0.0-beta Shell Upload
Posted Nov 13, 2020
Authored by Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.

tags | exploit, web, arbitrary, php, file upload
advisories | CVE-2020-27387
MD5 | b1586e133ec28d35e83ec172e95fe1d0
ReadyTalk Avian JVM FileOutputStream.write() Integer Overflow
Posted Nov 13, 2020
Authored by Pietro Oliva

ReadyTalk Avian JVM versions 1.2.0 before 27th October 2020 suffer from a FileOutputStream.write() integer overflow vulnerability.

tags | exploit, overflow
MD5 | 0eeb53af3d334c2876f02c02ffa0e8e8
Atheros Coex Service Application 8.0.0.255 Unquoted Service Path
Posted Nov 13, 2020
Authored by Isabel Lopez

Atheros Coex Service Application version 8.0.0.255 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 2590c6832bdc242ef7900b5ce5f45233
Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting
Posted Nov 13, 2020
Authored by Mufaddal Masalawala

Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where password reset emails can be continuously triggered against unsuspecting users.

tags | exploit
advisories | CVE-2020-27423
MD5 | 4d7802dafff935a1edc93565c0e2fabc
Anuko Time Tracker 1.19.23.5311 Password Reset
Posted Nov 13, 2020
Authored by Mufaddal Masalawala

Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where the password reset link can be replayed.

tags | exploit
advisories | CVE-2020-27422
MD5 | 84947e12161c695ab4a54a6e8652e229
SSL Pinning Bypass
Posted Nov 13, 2020
Authored by Ismail Onder Kaya

Whitepaper that discusses bypassing SSL pinning. Written in Turkish.

tags | paper
MD5 | 847a6587dc05bf63b431eb89e707b61b
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close