what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2020-12-17

Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
Posted Dec 17, 2020
Authored by wvu, Hacker Fantastic, Jeffrey Martin, Aaron Carreras, Jacob Thompson | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.

tags | exploit, overflow, x86
systems | solaris
advisories | CVE-2020-14871
SHA-256 | 255a53ba4764640c38d52b8d61674d66f25d7a11c08ebc0d8b26cc5cdb1d4ace
Zed Attack Proxy 2.10.0 Cross Platform Package
Posted Dec 17, 2020
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: Various updates.
tags | tool, web, vulnerability
SHA-256 | e17ec487b5bcb76bdf381605596feb077b4100ab38b087c6f1422c6f46bc242e
Ubuntu Security Notice USN-4672-1
Posted Dec 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4672-1 - Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, CVE-2019-13232
SHA-256 | a8a4d39eefa2e3b6acfd481a7ac1feef2ae8b8d70e10501df13be1e31d635e61
Library Management System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Valerio Alessandroni

Library Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2020-28073
SHA-256 | d7ff94cb2599800fc55221f73773e40c3d163b7d02b6cbae712597111cc16af6
Red Hat Security Advisory 2020-5623-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5623-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
SHA-256 | 20fe325a75817dc078bbf02d4ebf363e6877cc81d75d350011ca8707fb14621e
Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting
Posted Dec 17, 2020
Authored by Marco Nappi

Flexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-20138, CVE-2020-20139, CVE-2020-20140, CVE-2020-20141, CVE-2020-20142
SHA-256 | 04c859b1aa0ff2ebf67a2432da09120d4b5948555291b55a2cd9d75664c327f7
Nxlog Community Edition 2.10.2150 Denial Of Service
Posted Dec 17, 2020
Authored by Guillaume Petit

Nxlog Community Edition version 2.10.2150 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 0eb999a84b952c80f915543ca4ba78c6be29d0c9ed0da9b97b41edc99792f18f
Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
Posted Dec 17, 2020
Authored by Wolfgang Ettlinger | Site sec-consult.com

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command execution, cross site request forgery, cross site scripting, and server-side request forgery vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
advisories | CVE-2020-8461, CVE-2020-8462, CVE-2020-8463, CVE-2020-8464, CVE-2020-8465, CVE-2020-8466
SHA-256 | 54396ecfd1b66aed9f010f421531333fb6ee5cf355c17da0019935bb3b4af762
Red Hat Security Advisory 2020-5625-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5625-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.0 serves as a replacement for Red Hat Single Sign-On 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-1727
SHA-256 | 70131bf4f83180650ef27b01984389041b97fdd31170c21e91c27de8a903b7cd
PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting
Posted Dec 17, 2020
Authored by Andrea Intilangelo

PHPJabbers Appointment Scheduler version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-35416
SHA-256 | 3f3a382ddbe5315a04dd191f3e4bfed9e6780f72a7ee0ec61bc3039d40259c90
Online Health Card System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Valerio Alessandroni

Online Health Care System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2020-28074
SHA-256 | 6385be433ac2bac69d24dcebeeea53219e16cb129a5f17431d97500368544b0d
Red Hat Security Advisory 2020-5624-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113
SHA-256 | d73da8cf8633196724190d037d4a637357e4de5ee22c53686602843ab37dc815
Employee Record System 1.0 Cross Site Scripting
Posted Dec 17, 2020
Authored by Saeed Bala Ahmed

Employee Record System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | da07a2df900995505f29f449d1b5d812c5de81f524986ef642831c591946d9f4
Online Tours And Travels Management System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Saeed Bala Ahmed

Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b2b0f7de039f1a8e3b9d46d7a49dcf05080284c2c23d1e3029fc7f08319b72e3
Red Hat Security Advisory 2020-5622-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5622-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113
SHA-256 | 3299b101c23ed4bdd8c74390c6aba9ffe059b2263c73916da04da21a12f82872
Red Hat Security Advisory 2020-5620-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5620-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an improper authorization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14349, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
SHA-256 | f937ce328298951a6865cc37e46d7b9becd3aac39745a2ad01d58ea343d5d19e
Victor CMS 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Furkan Goksel

Victor CMS version 1.0 suffers from multiple authenticated remote SQL injection vulnerabilities. SQL injection was originally discovered in this version in May of 2020 by BKpatron.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | f48bb0c997f689cac22e26e5304b9bbed6dc8a4db72d5ceb141619a511ea1b3a
Red Hat Security Advisory 2020-5619-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5619-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10130, CVE-2019-10208, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
SHA-256 | 407d4f3563df87f09a41769971ffefd0517847258ae8f27bbcbad2bea937ab63
Alumni Management System 1.0 Cross Site Scripting
Posted Dec 17, 2020
Authored by Valerio Alessandroni

Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-28071
SHA-256 | fd2e5fb6a7e13e52e74f22c818d7fc27235bef8e92fc5eb59244cac165226f67
Red Hat Security Advisory 2020-5618-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5618-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113
SHA-256 | cb7596a1511b1dcddcb41ae11f83810a42ffe8d9d5cb65daab66fd2776e78a04
Red Hat Security Advisory 2020-5611-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5611-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2015-8011, CVE-2020-8203
SHA-256 | 192d7dd45cb26bad9486336a5dcc4f19fd6da1a38be38c67c8765e1bd2b5c2df
Content Management System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Zhayi

Content Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 33b220bab201711f1225c009ad41156de09be23907aeb0c6a2a0324ab4807c59
Content Management System 1.0 Cross Site Scripting
Posted Dec 17, 2020
Authored by Zhayi

Content Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5bb87f9342b208033b233612b140cbbc359763717d71bca4168328e590873851
Red Hat Security Advisory 2020-5607-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5607-01 - The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fix: When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " " suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 848584ed781b2f3e4c365df883a4c0051e5d8e774a24d2e9d6909b454e0dac68
Linksys RE6500 1.0.11.001 Remote Code Execution
Posted Dec 17, 2020
Authored by RE-Solver

Linksys RE6500 version 1.0.11.001 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 9efc9ac468518ee2905498668bcc7c0449034c86f3cda495c0476099603232f6
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close