exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2020-12-10

GitLab File Read Remote Code Execution
Posted Dec 10, 2020
Authored by alanfoster, William Bowling | Site metasploit.com

This Metasploit module provides remote code execution against GitLab Community Edition (CE) and Enterprise Edition (EE). It combines an arbitrary file read to extract the Rails secret_key_base, and gains remote code execution with a deserialization vulnerability of a signed experimentation_subject_id cookie that GitLab uses internally for A/B testing. Note that the arbitrary file read exists in GitLab EE/CE 8.5 and later, and was fixed in 12.9.1, 12.8.8, and 12.7.8. However, the RCE only affects versions 12.4.0 and above when the vulnerable experimentation_subject_id cookie was introduced. Tested on GitLab 12.8.1 and 12.4.0.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2020-10977
SHA-256 | a2fd5f023f224556722696d725ba298281ba4faa6ff9fad55afc78efcb2c8cd0
Wireshark Analyzer 3.4.1
Posted Dec 10, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Multiple security bug fixes as well as new and updated features.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2020-26418, CVE-2020-26419, CVE-2020-26420, CVE-2020-26421
SHA-256 | f8165211f5b4a4f6708df73ef9be51df917927f2da78348b32d3a6eb5fc458a3
BigtreeCMS 4.4.11 Cross Site Scripting
Posted Dec 10, 2020
Authored by Daniel Bishtawi | Site netsparker.com

BigtreeCMS version 4.4.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-995566
SHA-256 | 3c45f0348a7157e65d5900916567e5655859008ee4715585d4a47c25a95b49d0
Ubuntu Security Notice USN-4668-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.

tags | advisory, denial of service, local, python
systems | linux, ubuntu
advisories | CVE-2020-27351
SHA-256 | a5f6014a35f892c6ffaedb77312c56a6a022a609abece4d6d3680f375d81c3d8
OpenCart 3.0.3.6 Cross Site Request Forgery
Posted Dec 10, 2020
Authored by Mahendra Purbia

OpenCart version 3.0.3.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 15a4af089ee6938e9f9018d0cd512261bc37456c71fa0bf444ddfb50c1ad376f
Ubuntu Security Notice USN-4665-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-2 - USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-8284, CVE-2020-8285
SHA-256 | ef449b8bd3d4514ef75c2cb2e3e8ee86d33aec9b67483b26029adecfe1777660
WordPress Popup Builder 3.69.6 Cross Site Scripting
Posted Dec 10, 2020
Authored by Ilca Lucian Florin

WordPress Popup Builder plugin versions 3.69.6 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ee27a617cdd08a28d0aa46029db9df5ff8f33df6251fb74266abaf8c5b081e81
Ubuntu Security Notice USN-4667-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4667-1 - Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-27350
SHA-256 | ed3e732086e11beeda7a344425ad7dc16a8309de9febde6bc43b34925f802eae
Barcodes Generator 1.0 Cross Site Scripting
Posted Dec 10, 2020
Authored by Nikhil Kumar

Barcodes Generator version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ad8bf5e77fce744e79e98d6d6401df0c9c922345fa6dbfbd73898ab10d8b80b6
Ubuntu Security Notice USN-4668-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were also addressed.

tags | advisory, vulnerability, python
systems | linux, ubuntu
SHA-256 | 33d12f331c2c401cf9a9afee6fe990d3e427170e788b8a6fd66e8dbda3e0c1a9
Openfire 4.6.0 Cross Site Scripting
Posted Dec 10, 2020
Authored by j5s

Openfire version 4.6.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, xss
SHA-256 | f9c7f42f5cd677f2e3c3280fd7992e2595856f2a86b2332e2d48c94b993b1751
Library Management System 2.0 SQL Injection
Posted Dec 10, 2020
Authored by Manish Solanki

Library Management System version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 1a980ac557ad205a4469f0b188c4572761b978641908964ad8bc577f75f56dea
PDF Complete 3.5.310.2002 Unquoted Service Path
Posted Dec 10, 2020
Authored by Zaira Alquicira

PDF Complete version 3.5.310.2002 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 02ca2708970fb0372697359863b921b8c47c3cb3385ddc1b9d95abcefbf25921
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close