exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2020-12-03

Ubuntu Security Notice USN-4661-1
Posted Dec 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4661-1 - It was discovered that Snapcraft includes the current directory when configuring LD_LIBRARY_PATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode snaps that have access to the library and when launched from the directory containing the library.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-27348
SHA-256 | 0034f27371a808bf0f89dd4c57e1871f51700add1241921630559d53d1baf8eb
Red Hat Security Advisory 2020-5342-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5342-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | acbd3e14db6d09834afce1f465061e1d2d38d186b4b4b021dd8e2eabe1bfbb14
Red Hat Security Advisory 2020-5341-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5341-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | 1f25f6133d8217c8b4ac927a7eab59218376028fe23c68c04f2ffa4e37fecaa8
Red Hat Security Advisory 2020-5340-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5340-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | 3712a4ee80a9d53ebbdedd13d2f4fc5a4f1962a34e416dca9868e135339bb982
Red Hat Security Advisory 2020-5344-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5344-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.

tags | advisory, java, remote, vulnerability, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2020-25638, CVE-2020-25644, CVE-2020-25649
SHA-256 | b9621d35f7b316a7c076ea7be96f7049b75a77d2af661325878fae30aa379148
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a remote file inclusion vulnerability by including arbitrary client-side dynamic scripts (JavaScript, VBScript, HTML) when adding content though the input URL material of type html. This allows hijacking of the current session of the user, execute cross-site scripting code, or changing the look of the page and content modification on current display.

tags | exploit, remote, arbitrary, javascript, xss, file inclusion
SHA-256 | f28b912bc2e9ec641f492478e48e1e97b8908f617e7d6c69a1aed77fda0c5b63
Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a client-side protection bypass due to an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 9fd82df835ccf64e79c6e4211a0e9a479e9339435abddd25b6c0f7fef0f64a43
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.

tags | exploit, info disclosure
SHA-256 | 1a2e9b29afb60a2ffa14c140afaaa2ec41087f27cb2ba436177afce88f72ebfb
Ubuntu Security Notice USN-4660-1
Posted Dec 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4660-1 - It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-28915, CVE-2020-4788
SHA-256 | 846750eeb23d3d60a26a9e5dd5ee57d3a56322b40ec7af818f318a1c862c2d90
Invision Community 4.5.4 Cross Site Scripting
Posted Dec 3, 2020
Authored by Hemant Patidar

Invision Community version 4.5.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | abb8978a9b24f03bacc514511aae1461f730355c46f38716e44491894e01239b
Red Hat Security Advisory 2020-5333-01
Posted Dec 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5333-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-28362, CVE-2020-28366, CVE-2020-28367
SHA-256 | 5a3e96de86e3407d9cfb52d80d31c132625c6836c0a445f7b1d7828789543bad
Digital Signage Systems - The Modern Hacker's Outreach
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Whitepaper called Digital Signage Systems - The Modern Hacker's Outreach. It discusses everything from public incidents to common attack vectors leveraged to manipulate content.

tags | paper
SHA-256 | 32d102c929783324fb48fee86075796dc171686f598a0e4415921f9d2f1f8f95
mojoPortal Forums 2.7.0.0 Cross Site Scripting
Posted Dec 3, 2020
Authored by Sagar Banwa

mojoPortal Forums version 2.7.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aa07e3cc8d25be9d8054892ac01d33314c4f3a2a6b7dee562d5333ae33aac716
Online Matrimonial Project 1.0 Remote Code Execution
Posted Dec 3, 2020
Authored by Valerio Alessandroni

Online Matrimonial Project version 1.0 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | acf99cca26ede57b301fc85244446649e9c002be3a4072fbb426a923164afa88
EgavilanMedia Address Book 1.0 SQL Injection
Posted Dec 3, 2020
Authored by Mayur Parmar

EgavilanMedia Address Book version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 096418ee4b079a22c345b03c539e183ed690d95a14fd072e54cbf8ad24c95057
Coaster CMS 5.8.18 Cross Site Scripting
Posted Dec 3, 2020
Authored by Hardik Solanki

Coaster CMS version 5.8.18 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ce3238081736d3ec6592f99957e38ebd98bbfcfb19eac7e5fb78f6515a08c33c
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close