what you don't know can hurt you
Showing 1 - 25 of 38 RSS Feed

Files Date: 2020-12-17

Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
Posted Dec 17, 2020
Authored by wvu, Hacker Fantastic, Jeffrey Martin, Aaron Carreras, Jacob Thompson | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.

tags | exploit, overflow, x86
systems | solaris
advisories | CVE-2020-14871
MD5 | 10f67723ac23f05d8cba2e16ff2e467a
Zed Attack Proxy 2.10.0 Cross Platform Package
Posted Dec 17, 2020
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: Various updates.
tags | tool, web, vulnerability
MD5 | 1dc492f6eea4f99467f3fff5e1b0e0ee
Ubuntu Security Notice USN-4672-1
Posted Dec 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4672-1 - Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, CVE-2019-13232
MD5 | 2f7d857c85a538c18f56b7c0ae4eaac9
Library Management System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Valerio Alessandroni

Library Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2020-28073
MD5 | 3a6f77f1e026975dbb348acc6760885d
Red Hat Security Advisory 2020-5623-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5623-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-1971
MD5 | 8f896a4443f8db7455c6e82f3ea2800d
Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting
Posted Dec 17, 2020
Authored by Marco Nappi

Flexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-20138, CVE-2020-20139, CVE-2020-20140, CVE-2020-20141, CVE-2020-20142
MD5 | ec2e1c57134445ac1209c351b866228b
Nxlog Community Edition 2.10.2150 Denial Of Service
Posted Dec 17, 2020
Authored by Guillaume Petit

Nxlog Community Edition version 2.10.2150 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 4f78aea6f65ea29746b437bbcf710acf
Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
Posted Dec 17, 2020
Authored by Wolfgang Ettlinger | Site sec-consult.com

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command execution, cross site request forgery, cross site scripting, and server-side request forgery vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
advisories | CVE-2020-8461, CVE-2020-8462, CVE-2020-8463, CVE-2020-8464, CVE-2020-8465, CVE-2020-8466
MD5 | 0011367f30c2126b8da594f31400e629
Red Hat Security Advisory 2020-5625-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5625-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.0 serves as a replacement for Red Hat Single Sign-On 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-1727
MD5 | 59acdfc8532446a66e29bab85f5cf458
PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting
Posted Dec 17, 2020
Authored by Andrea Intilangelo

PHPJabbers Appointment Scheduler version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-35416
MD5 | fbb1cc707ef5c7242d0dfcfcab74b73e
Online Health Card System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Valerio Alessandroni

Online Health Care System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2020-28074
MD5 | 8449dc34abd63dadf764b09a23b18231
Red Hat Security Advisory 2020-5624-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113
MD5 | 1b85130d0bc80a90969aadf4021351bb
Employee Record System 1.0 Cross Site Scripting
Posted Dec 17, 2020
Authored by Saeed Bala Ahmed

Employee Record System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 49060a086fa4c02cdb3c46fe62fcbebe
Online Tours And Travels Management System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Saeed Bala Ahmed

Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c9e13c502962439d854f92760f3c3bfa
Red Hat Security Advisory 2020-5622-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5622-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113
MD5 | 19b44f04a0feddd5032df7a821546491
Red Hat Security Advisory 2020-5620-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5620-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an improper authorization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14349, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
MD5 | 51cb15b5be373abb60fd804f5ba4561e
Victor CMS 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Furkan Goksel

Victor CMS version 1.0 suffers from multiple authenticated remote SQL injection vulnerabilities. SQL injection was originally discovered in this version in May of 2020 by BKpatron.

tags | exploit, remote, vulnerability, sql injection
MD5 | 015a302f77e5cd14af1beb7599c418d1
Red Hat Security Advisory 2020-5619-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5619-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10130, CVE-2019-10208, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
MD5 | 410d0e3fd035110521cc0748349ae362
Alumni Management System 1.0 Cross Site Scripting
Posted Dec 17, 2020
Authored by Valerio Alessandroni

Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-28071
MD5 | 19672e38d2fa69e2dc19fb162163b5d8
Red Hat Security Advisory 2020-5618-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5618-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113
MD5 | 467f70259b95c4d42a8e13e31751a47f
Red Hat Security Advisory 2020-5611-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5611-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2015-8011, CVE-2020-8203
MD5 | 4a622bec9391ec55957b7c1f9af1f156
Content Management System 1.0 SQL Injection
Posted Dec 17, 2020
Authored by Zhayi

Content Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | b5024332f6f43bfd2407901451266c3a
Content Management System 1.0 Cross Site Scripting
Posted Dec 17, 2020
Authored by Zhayi

Content Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a4db0c0a9c152438130b63a71f479936
Red Hat Security Advisory 2020-5607-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5607-01 - The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fix: When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " " suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.

tags | advisory, kernel
systems | linux, redhat
MD5 | cfb74db3da4ac6bab83e48f5b36acb9c
Linksys RE6500 1.0.11.001 Remote Code Execution
Posted Dec 17, 2020
Authored by RE-Solver

Linksys RE6500 version 1.0.11.001 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 34d1f8f139b30444d22bb826f0dd4811
Page 1 of 2
Back12Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close