what you don't know can hurt you
Showing 1 - 25 of 480 RSS Feed

Files Date: 2020-11-01 to 2020-11-30

Rejetto HttpFileServer 2.3.x Remote Command Execution
Posted Nov 29, 2020
Authored by Oscar Andreu

Rejetto HttpFileServer version 2.3.x remote command execution exploit.

tags | exploit, remote
advisories | CVE-2014-6287
MD5 | f0b7a7e54ec676fda373df29ba788f8d
YATinyWinFTP Denial Of Service
Posted Nov 29, 2020
Authored by strider

YATinyWinFTP denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | b1aaf842deeaebd05c9022dcc446f4bc
Apache NiFi API Remote Code Execution
Posted Nov 28, 2020
Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.

tags | exploit
MD5 | 7f93306aa6b4030f2a6b69fe4206bed0
nfstream 6.2.5
Posted Nov 28, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Patch for minimal truncated UDP raw pcap handling.
tags | tool, python
systems | unix
MD5 | 0d6f828e5d67ceee7e7066e81c9b9078
Ubuntu Security Notice USN-4646-2
Posted Nov 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4646-2 - USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | 0b505ce3fcb8bc020d54095819e940fa
Ubuntu Security Notice USN-4649-1
Posted Nov 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4649-1 - Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-27748
MD5 | 595ba1096ac8463cb7b849752a0852e7
Weaponize GhostWriting Injection - Code Injection Series Part 5
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Weaponize GhostWriting Injection. This is part 5 of a 5 part series of papers.

tags | paper
MD5 | 791ee7b58343b261e98e514c5986c656
Disable Dynamic Code Mitigation (ACG) - Code Injection Series Part 4
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Disable Dynamic Code Mitigation (ACG). This is part 4 of a 5 part series of papers.

tags | paper
MD5 | 0e3e2706f39d2d7d4d94ea738b8ad433
Exploit WNF Callback - Code Injection Series Part 3
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Exploit WNF Callback. This is part 3 of a 5 part series of papers.

tags | paper
MD5 | de2d2611ba5a65fae0e9b4d906265a18
Bypass Start Address Protection - Code Injection Series Part 2
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Bypass Start Address Protection. This is part 2 of a 5 part series of papers.

tags | paper
MD5 | 568ae61a93a997dbd2cec3b699088933
Process PE Injection Basics - Code Injection Series Part 1
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Process PE Injection Basics. This is part 1 of a 5 part series of papers.

tags | paper
MD5 | d6c3819eba87765c193f47df3826d9c2
Ubuntu Security Notice USN-4382-2
Posted Nov 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4382-2 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11042, CVE-2020-11058, CVE-2020-11525, CVE-2020-13398
MD5 | 6a358e6b9c45a8fd4d61e8756172aeec
Heroic Knowledge Base 3.0.1 Cross Site Scripting
Posted Nov 27, 2020
Authored by begininvoke

Heroic Knowledge Base plugin versions 3.0.1 and below suffer from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | df94306cb7de8bea529118f895637cc8
Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution
Posted Nov 27, 2020
Authored by Emre Suren

Ruckus IoT Controller (Ruckus vRIoT) versions 1.5.1.0.21 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | a76ca35e7a3f8b47cc3cd57b5a659c7c
Best Support System 3.0.4 Cross Site Scripting
Posted Nov 27, 2020
Authored by Ex.Mi

Best Support System version 3.0.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | f74037429da1057feb79401fb4469a96
ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation
Posted Nov 27, 2020
Authored by Hacker Fantastic

ZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.

tags | exploit, local
MD5 | 2ad453e5e030521747ac204455b0066d
WonderCMS 3.1.3 Cross Site Scripting
Posted Nov 27, 2020
Authored by SunCSR

WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.

tags | exploit, xss
MD5 | 0a86a07638c2bc4b20e96c08d1fd7f89
WordPress Accesspress Social Icons Theme 1.7.9 SQL Injection
Posted Nov 27, 2020
Authored by SunCSR

WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d3cb5885976c55c92fedea658fd20a13
Polymorph 2.0: Advanced Manipulation Of Network Traffic In Real Time
Posted Nov 27, 2020
Authored by Santiago Hernandez Ramos

Whitepaper called Polymorph 2.0: Advanced Manipulation of Network Traffic in Real Time.

tags | paper
MD5 | 5a189432ecf01470a750aa0d2fafb9ed
WordPress Wibar Theme 1.1.8 Cross Site Scripting
Posted Nov 27, 2020
Authored by Ilca Lucian Florin

WordPress Wibar theme version 1.1.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ea95dd17c0f2997fcd504f248aa1a6e2
WordPress Age Gate 2.13.4 Open Redirect
Posted Nov 27, 2020
Authored by Ilca Lucian Florin

WordPress Age Gate plugin versions 2.13.4 and below suffer fro an open redirection vulnerability.

tags | exploit
MD5 | a3548fa0a198ffdbc0c3ef0a20ea963b
Laravel Administrator 4 File Upload
Posted Nov 27, 2020
Authored by Xavi Beltran, Victor Campos

Laravel Administrator version 4 suffers from an unrestricted file upload vulnerability.

tags | exploit, file upload
advisories | CVE-2020-10963
MD5 | b32ad26683689ce39aae3cd95365fc83
Moodle 3.8 Arbitary File Upload
Posted Nov 27, 2020
Authored by Sirwan Veisi

Moodle version 3.8 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4bf530ba008f828cff2639ab14956f02
Artificial Intelligence For Cybersecurity
Posted Nov 27, 2020
Authored by Mohan Santokhi, Jay Santokhi

Whitepaper called Artificial Intelligence for Cybersecurity.

tags | paper
MD5 | 1ca4923f68b9194cacc745cef5a60552
SAP Lumira 1.31 Cross Site Scripting
Posted Nov 27, 2020
Authored by Ilca Lucian Florin

SAP Lumira version 1.31 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3b83ad62cec70a0ffa3475532ddc5943
Page 1 of 20
Back12345Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close