exploit the possibilities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2020-12-18

CA Service Catalog Denial Of Service
Posted Dec 18, 2020
Authored by Kevin Kotas, Andrew Hess, Felipe Restrepo | Site www3.ca.com

CA Technologies, a Broadcom Company, is alerting customers to a risk with CA Service Catalog. A vulnerability can potentially exist in a specific configuration that can allow a remote attacker to cause a denial of service condition. CA published a solution and instructions to resolve the vulnerability. The vulnerability occurs due a default configuration setting that, if not modified during installation by customers, can allow a remote attacker to access and update configuration information that can result in a denial of service condition.

tags | advisory, remote, denial of service
advisories | CVE-2020-29478
MD5 | 917fe6916d03c06d8ba1ce0a45d1837c
Programi Bilanc Build 007 Release 014 31.01.2020 SQL Injection
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 suffers from multiple remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2020-11717
MD5 | 0f84f21e3beafbe18dfb7c4f53021779
Programi Bilanc Build 007 Release 014 31.01.2020 Insecure Downloads
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 downloads software updates via unencrypted channels and allows attackers to manipulate this process.

tags | advisory
advisories | CVE-2020-11718
MD5 | 617bb4817a1e28d9c574bcafe1dc6989
Programi Bilanc Build 007 Release 014 31.01.2020 Hardcoded Credentials
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 supplies an .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.

tags | advisory, remote
advisories | CVE-2020-8995
MD5 | 391599f66b9489a0327befd62c653dd2
Programi Bilanc Build 007 Release 014 31.01.2020 Static Key
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 leaves a static key in source code that any attacker can leverage to decrypt data.

tags | advisory
advisories | CVE-2020-11719
MD5 | a98bc915131fce470d7cfd4887b16d83
Red Hat Security Advisory 2020-5605-01
Posted Dec 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5605-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include denial of service and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability
systems | linux, redhat
advisories | CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2018-20843, CVE-2019-11068, CVE-2019-13050
MD5 | d80cc94dc288f32240fa0de3e6e2b216
Rocket.Chat Cross Site Scripting
Posted Dec 18, 2020
Authored by Moe Szyslak

It has been noticed that Rocket.Chat has quietly fixed a persistent cross site scripting vulnerability but as of 12/18/2020 no release contains these fixes.

tags | advisory, xss
MD5 | 6f5aa53ac928ed8c21480afcef10642f
WordPress Duplicator 1.3.26 Directory Traversal / File Read
Posted Dec 18, 2020
Authored by Hoa Nguyen, Ramuel Gall | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.

tags | exploit, web, arbitrary, file inclusion
advisories | CVE-2020-11738
MD5 | 25786101984968ff048b1ccf1294f760
Xeroneit Library Management System 3.1 Cross Site Scripting
Posted Dec 18, 2020
Authored by Kislay Kumar

Xeroneit Library Management System version 3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ed1b4990996315d198c031ff5c5a6157
Programi Bilanc Build 007 Release 014 31.01.2020 Weak Default Password
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 uses a weak default password.

tags | advisory
advisories | CVE-2020-11720
MD5 | 58fc04489ea61effe668394ab75d4480
Pulse Secure VPN Remote Code Execution
Posted Dec 18, 2020
Authored by h00die, Spencer McIntyre, Richard Warren, David Cash | Site metasploit.com

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2020-8260
MD5 | 59e340f2d15da503b7cef81774ba584f
WordPress Yet Another Stars Rating PHP Object Injection
Posted Dec 18, 2020
Authored by gx1, Paul Dannewitz | Site metasploit.com

This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.

tags | exploit, php
MD5 | 8575b651a2e17e6d64eb04ca924071af
Alumni Management System 1.0 Cross Site Scripting
Posted Dec 18, 2020
Authored by Aakash Madaan

Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of cross scripting vulnerability in this version is attributed to Valerio Alessandroni in December of 2020.

tags | exploit, xss
MD5 | f94fec9bc74239534e3cc75c1185d76b
Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting
Posted Dec 18, 2020
Authored by gx1

Jenkins versions 2.251 and below and LTS 2.235.3 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-2231
MD5 | e9f7e55c5a8547b35192c77527c8a41d
Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques
Posted Dec 18, 2020
Authored by SunCSR

Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.

tags | paper
MD5 | 5547d9c5988fdab38bfb79b10e2532b8
SyncBreeze 10.0.28 Denial Of Service
Posted Dec 18, 2020
Authored by Ahmed Elkhressy

SyncBreeze version 10.0.28 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 8eb6219405f975e47c8f9d7f3d088923
Alumni Management System 1.0 SQL Injection
Posted Dec 18, 2020
Authored by Aakash Madaan

Alumni Management System version 1.0 suffers from a remote SQL injection vulnerability. SQL injection was originally discovered in this version in October of 2020 by Ankita Pal.

tags | exploit, remote, sql injection
MD5 | 3530b1783c3bd5c9e6bca1bb8841ab0c
Smart Hospital 3.1 Cross Site Scripting
Posted Dec 18, 2020
Authored by Kislay Kumar

Smart Hospital version 3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 21e82b9688271e179b397bb55e506f28
Point Of Sale System 1.0 SQL Injection
Posted Dec 18, 2020
Authored by Saeed Bala Ahmed

Point of Sale System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | d682762fe03881e6ec2e33664cc76809
Alumni Management System 1.0 Shell Upload
Posted Dec 18, 2020
Authored by Aakash Madaan

Alumni Management System version 1.0 suffers from a remote shell upload vulnerability. Original discovery for this vulnerability in this version is attributed to Valerio Alessandroni.

tags | exploit, remote, shell
MD5 | 33f05570a0fcaa7f59c66529b0f38940
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close