exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-11-13

Apple Security Advisory 2020-11-13-5
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-5 - Safari 14.0 addresses code execution, cross site scripting, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-9947, CVE-2020-9948, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9983, CVE-2020-9987, CVE-2020-9993
SHA-256 | 811b88f1e5b3d14923a4580f754ecc56118d06fe6387db59e96f29a0e239ef45
Apple Security Advisory 2020-11-13-2
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-2 - Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2020-27930, CVE-2020-27932, CVE-2020-27950
SHA-256 | 7677a262b9c7d7d157973bdebf049b67ee3fd6e1026eef5ea2cbe44b1bb0b737
Apple Security Advisory 2020-11-13-4
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-4 - tvOS 14.0 addresses buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-10013, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-15358, CVE-2020-9849, CVE-2020-9876, CVE-2020-9943, CVE-2020-9944, CVE-2020-9947, CVE-2020-9949, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9954, CVE-2020-9961, CVE-2020-9965, CVE-2020-9966, CVE-2020-9968, CVE-2020-9969, CVE-2020-9976, CVE-2020-9979, CVE-2020-9981, CVE-2020-9983, CVE-2020-9991
SHA-256 | 666bacc553628fd20f69243b0b028286a17b1810726bb43edf4360c86392749c
Apple Security Advisory 2020-11-13-3
Posted Nov 13, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-11-13-3 - Updates for iOS 14.0 and iPadOS 14.0 address buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, spoof, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2019-14899, CVE-2020-10013, CVE-2020-13434, CVE-2020-13435, CVE-2020-13520, CVE-2020-13630, CVE-2020-13631, CVE-2020-15358, CVE-2020-6147, CVE-2020-9773, CVE-2020-9849, CVE-2020-9876, CVE-2020-9941, CVE-2020-9943, CVE-2020-9944, CVE-2020-9946, CVE-2020-9947, CVE-2020-9949, CVE-2020-9950, CVE-2020-9951, CVE-2020-9952, CVE-2020-9954, CVE-2020-9958, CVE-2020-9959, CVE-2020-9961, CVE-2020-9963, CVE-2020-9964, CVE-2020-9965
SHA-256 | c81b3c771086e19928398506df7470dbd4262700ea21eebb45cfac57931704f0
Advanced System Care Service 13 Unquoted Service Path
Posted Nov 13, 2020
Authored by Jair Amezcua

Advanced System Care Service version 13 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | d01f2678736b868a97232f9345513ae15d0aebc44beb257334c4056196477a24
TOR Virtual Network Tunneling Tool 0.4.4.6
Posted Nov 13, 2020
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020-005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 5f154c155803adf5c89e87cab53017b6908c5ebe50c65839e8cf4fbd2abe1fdc
Botan C++ Crypto Algorithms Library 2.17.2
Posted Nov 13, 2020
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed a build problem on ppc64. Resolved an issue in the modular square root algorithm. Fixed a regression in MinGW builds introduced in 2.17.1.
tags | library
SHA-256 | ebe27dfe2b55d7e02bf520e926606c48b76b22facb483256b13ab38e018e1e6c
Microsoft Windows WindowsCodecsRaw!CCanonRawImageRep::GetNamedWhiteBalances Out-Of-Bounds Read
Posted Nov 13, 2020
Authored by Ivan Fratric, Google Security Research

There is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.

tags | advisory
systems | windows
advisories | CVE-2020-17113
SHA-256 | 449ae24e2e05dd0778a7ef251c34dfe7a3baf77ef865a69c498ccb7a059d82e3
Ubuntu Security Notice USN-4607-2
Posted Nov 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4607-2 - USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
SHA-256 | a4ab5ec1473aaa2e937ca91b1369ed77b0d8855bcf12d9abe9aa9c3165a01e67
ASUS TM-AC1900 Arbitrary Command Execution
Posted Nov 13, 2020
Authored by b1ack0wl | Site metasploit.com

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.

tags | exploit, web, cgi, code execution
advisories | CVE-2018-9285
SHA-256 | ffe065bd21f5291ffd2dce01466f14f19a9e8833bf6d4dc92c47a3e0d3858343
Bludit Panel Brute Forcer
Posted Nov 13, 2020
Authored by Eren Simsek | Site metasploit.com

This Metasploit module performs an authentication brute forcing attack against the panel in Bludit version 3.9.2.

tags | exploit, bypass
SHA-256 | 928cdffa4a05fe84712529c35407c5d41b2df004f63f924f0f27c011e6938ebd
Citrix ADC NetScaler Local File Inclusion
Posted Nov 13, 2020
Authored by Donny Maasland, Ramella Sebastien | Site metasploit.com

This Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.

tags | exploit, local, file inclusion
advisories | CVE-2020-8193, CVE-2020-8195, CVE-2020-8196
SHA-256 | 70dc89253162a6b119c3d606f6c3f8993ac2cf75090d967905fead6d2ddd4d90
HorizontCMS 1.0.0-beta Shell Upload
Posted Nov 13, 2020
Authored by Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.

tags | exploit, web, arbitrary, php, file upload
advisories | CVE-2020-27387
SHA-256 | e997f50b11c87b368375253d60b4bf43687e4ac08d4e9534ce9af91d93c1cefe
ReadyTalk Avian JVM FileOutputStream.write() Integer Overflow
Posted Nov 13, 2020
Authored by Pietro Oliva

ReadyTalk Avian JVM versions 1.2.0 before 27th October 2020 suffer from a FileOutputStream.write() integer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 6900d0810f32c7a4085388df479ec9c677eafb362f0ace4123fc2d63eacfd040
Atheros Coex Service Application 8.0.0.255 Unquoted Service Path
Posted Nov 13, 2020
Authored by Isabel Lopez

Atheros Coex Service Application version 8.0.0.255 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 208e76bdd863609dfe47737eb343c278174506d8ecb000d55e364ef8c865e554
Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting
Posted Nov 13, 2020
Authored by Mufaddal Masalawala

Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where password reset emails can be continuously triggered against unsuspecting users.

tags | exploit
advisories | CVE-2020-27423
SHA-256 | 53a06dece5305c8f45af55dd108f90c79e6cdcff7555fcad73ca428828be3450
Anuko Time Tracker 1.19.23.5311 Password Reset
Posted Nov 13, 2020
Authored by Mufaddal Masalawala

Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where the password reset link can be replayed.

tags | exploit
advisories | CVE-2020-27422
SHA-256 | 4814d2e98509d3300a5052ea61c3a644befcfbce98883d446a80778f9f94b4c8
SSL Pinning Bypass
Posted Nov 13, 2020
Authored by Ismail Onder Kaya

Whitepaper that discusses bypassing SSL pinning. Written in Turkish.

tags | paper
SHA-256 | 8e4b24e390ce31c897804f6427429f08f9ebbc7266dada92a0e4ce6c62427667
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close