what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files Date: 2020-12-10

GitLab File Read Remote Code Execution
Posted Dec 10, 2020
Authored by alanfoster, William Bowling | Site metasploit.com

This Metasploit module provides remote code execution against GitLab Community Edition (CE) and Enterprise Edition (EE). It combines an arbitrary file read to extract the Rails secret_key_base, and gains remote code execution with a deserialization vulnerability of a signed experimentation_subject_id cookie that GitLab uses internally for A/B testing. Note that the arbitrary file read exists in GitLab EE/CE 8.5 and later, and was fixed in 12.9.1, 12.8.8, and 12.7.8. However, the RCE only affects versions 12.4.0 and above when the vulnerable experimentation_subject_id cookie was introduced. Tested on GitLab 12.8.1 and 12.4.0.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2020-10977
MD5 | 9603149ee63599adcc99cffa47a96d86
Wireshark Analyzer 3.4.1
Posted Dec 10, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Multiple security bug fixes as well as new and updated features.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2020-26418, CVE-2020-26419, CVE-2020-26420, CVE-2020-26421
MD5 | 62304df45b3c6b7825a09cbb1793906e
BigtreeCMS 4.4.11 Cross Site Scripting
Posted Dec 10, 2020
Authored by Daniel Bishtawi | Site netsparker.com

BigtreeCMS version 4.4.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-995566
MD5 | a25374df3c51113abce2d3c047310db6
Ubuntu Security Notice USN-4668-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.

tags | advisory, denial of service, local, python
systems | linux, ubuntu
advisories | CVE-2020-27351
MD5 | fec19eedb4411cf29ad285f5cd1196a2
OpenCart 3.0.3.6 Cross Site Request Forgery
Posted Dec 10, 2020
Authored by Mahendra Purbia

OpenCart version 3.0.3.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 653b511525bcf3f512b9490ff9ce885f
Ubuntu Security Notice USN-4665-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-2 - USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-8284, CVE-2020-8285
MD5 | 70ae3c3e1b163767c7314ec475487ed0
WordPress Popup Builder 3.69.6 Cross Site Scripting
Posted Dec 10, 2020
Authored by Ilca Lucian Florin

WordPress Popup Builder plugin versions 3.69.6 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9f9a142141b13f9bf771d57b8b4d5076
Ubuntu Security Notice USN-4667-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4667-1 - Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-27350
MD5 | 95550b790b5b5e77f980c30a5fa95220
Barcodes Generator 1.0 Cross Site Scripting
Posted Dec 10, 2020
Authored by Nikhil Kumar

Barcodes Generator version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 90d659183b8f5cb2cf634a89d0db514e
Ubuntu Security Notice USN-4668-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were also addressed.

tags | advisory, vulnerability, python
systems | linux, ubuntu
MD5 | c139cb84adaae88c523ef36f4c1810e0
Openfire 4.6.0 Cross Site Scripting
Posted Dec 10, 2020
Authored by j5s

Openfire version 4.6.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, xss
MD5 | 991ed97cae505fc4678f063c47165b53
Library Management System 2.0 SQL Injection
Posted Dec 10, 2020
Authored by Manish Solanki

Library Management System version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 7c95b024d5abba87d8e3a0c030d4a852
PDF Complete 3.5.310.2002 Unquoted Service Path
Posted Dec 10, 2020
Authored by Zaira Alquicira

PDF Complete version 3.5.310.2002 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | a80f64695473200fb2a57ab66a15c760
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close