what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2020-12-18

CA Service Catalog Denial Of Service
Posted Dec 18, 2020
Authored by Kevin Kotas, Andrew Hess, Felipe Restrepo | Site www3.ca.com

CA Technologies, a Broadcom Company, is alerting customers to a risk with CA Service Catalog. A vulnerability can potentially exist in a specific configuration that can allow a remote attacker to cause a denial of service condition. CA published a solution and instructions to resolve the vulnerability. The vulnerability occurs due a default configuration setting that, if not modified during installation by customers, can allow a remote attacker to access and update configuration information that can result in a denial of service condition.

tags | advisory, remote, denial of service
advisories | CVE-2020-29478
SHA-256 | 8327e804ccae5d87838d2e89f164ca1437cf95abb6f2a0e33d3cc4ba4f6b9de8
Programi Bilanc Build 007 Release 014 31.01.2020 SQL Injection
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 suffers from multiple remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2020-11717
SHA-256 | 3742b4fc1769d765e3017cbd022f8350db3e8fbbdc4c6e73a5dd6e4c926b8800
Programi Bilanc Build 007 Release 014 31.01.2020 Insecure Downloads
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 downloads software updates via unencrypted channels and allows attackers to manipulate this process.

tags | advisory
advisories | CVE-2020-11718
SHA-256 | 20e70f5d793ad8d7fc7cf69c582c5f3bd34c19769991ed6e503f1bf1bcaac528
Programi Bilanc Build 007 Release 014 31.01.2020 Hardcoded Credentials
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 supplies an .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.

tags | advisory, remote
advisories | CVE-2020-8995
SHA-256 | b94a75c0d78c78edb028cd3ce7145a791b5608d7e4a90fa7ffb3ba8fc5720898
Programi Bilanc Build 007 Release 014 31.01.2020 Static Key
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 leaves a static key in source code that any attacker can leverage to decrypt data.

tags | advisory
advisories | CVE-2020-11719
SHA-256 | e8143a10f9abe21e5d7712b11ead70ee3b98e732d5ee78ed8d06fcc8ff14de5f
Red Hat Security Advisory 2020-5605-01
Posted Dec 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5605-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include denial of service and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability
systems | linux, redhat
advisories | CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2018-20843, CVE-2019-11068, CVE-2019-13050
SHA-256 | a4d45a490006475335da3f734619ce684eca91cec2e0d189041bd2f4e965d72e
Rocket.Chat Cross Site Scripting
Posted Dec 18, 2020
Authored by Moe Szyslak

It has been noticed that Rocket.Chat has quietly fixed a persistent cross site scripting vulnerability but as of 12/18/2020 no release contains these fixes.

tags | advisory, xss
SHA-256 | 8c199a1077b7412e93c844e5a21669bc17d54b1e683c9354eb1d77fb10d0d5bc
WordPress Duplicator 1.3.26 Directory Traversal / File Read
Posted Dec 18, 2020
Authored by Hoa Nguyen, Ramuel Gall | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.

tags | exploit, web, arbitrary, file inclusion
advisories | CVE-2020-11738
SHA-256 | 4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8
Xeroneit Library Management System 3.1 Cross Site Scripting
Posted Dec 18, 2020
Authored by Kislay Kumar

Xeroneit Library Management System version 3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c60f7a4e506f825a6f09f658c91782fde8b130a496b6b99622a8535c469d74fb
Programi Bilanc Build 007 Release 014 31.01.2020 Weak Default Password
Posted Dec 18, 2020
Authored by Georg Ph E Heise

Programi Bilanc build 007 release 014 31.01.2020 uses a weak default password.

tags | advisory
advisories | CVE-2020-11720
SHA-256 | 0684cc018d81493067512a493fc582e9f17cf8e183fca6389439f5dbe1141d93
Pulse Secure VPN Remote Code Execution
Posted Dec 18, 2020
Authored by h00die, Spencer McIntyre, Richard Warren, David Cash | Site metasploit.com

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2020-8260
SHA-256 | 8de39b3d864b347239de1ec3dc821eb3dbbd1f8d117938aab08b12b371a9dbc1
WordPress Yet Another Stars Rating PHP Object Injection
Posted Dec 18, 2020
Authored by gx1, Paul Dannewitz | Site metasploit.com

This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.

tags | exploit, php
SHA-256 | a1a09a3983590ec069365baa90b96a395451c12d03067449dba59d8e803a84f5
Alumni Management System 1.0 Cross Site Scripting
Posted Dec 18, 2020
Authored by Aakash Madaan

Alumni Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of cross scripting vulnerability in this version is attributed to Valerio Alessandroni in December of 2020.

tags | exploit, xss
SHA-256 | b3060da69ce3d9e00c4bebaf92f52d820bca331d9573752ec92acee90b8073d5
Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting
Posted Dec 18, 2020
Authored by gx1

Jenkins versions 2.251 and below and LTS 2.235.3 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-2231
SHA-256 | fe78de531ac764992ae8de65e10f60a4d5a3ae82a3af279a85c1daa0d31531ec
Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques
Posted Dec 18, 2020
Authored by SunCSR

Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.

tags | paper
SHA-256 | c79b819f3916ff0be16a8f92b4bb6d4ac20350c987de62c68c23246986271990
SyncBreeze 10.0.28 Denial Of Service
Posted Dec 18, 2020
Authored by Ahmed Elkhressy

SyncBreeze version 10.0.28 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | f151bd178487f072f490a4542671b404a25f16ecf8835918375cc4c510f3321f
Alumni Management System 1.0 SQL Injection
Posted Dec 18, 2020
Authored by Aakash Madaan

Alumni Management System version 1.0 suffers from a remote SQL injection vulnerability. SQL injection was originally discovered in this version in October of 2020 by Ankita Pal.

tags | exploit, remote, sql injection
SHA-256 | 37f1f1a90c529026dd04e0f8e67252e21264daf011c40b7caaaddfef0d40e86d
Smart Hospital 3.1 Cross Site Scripting
Posted Dec 18, 2020
Authored by Kislay Kumar

Smart Hospital version 3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 33e61dc1e251eb2dda5ac37af402023816eff130ace64ff17086dbe6a37efd6c
Point Of Sale System 1.0 SQL Injection
Posted Dec 18, 2020
Authored by Saeed Bala Ahmed

Point of Sale System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 596041ae8cbbc85b9ca314b28ed7b2500dcc7ec7e8554b5e0528440f9a3adb54
Alumni Management System 1.0 Shell Upload
Posted Dec 18, 2020
Authored by Aakash Madaan

Alumni Management System version 1.0 suffers from a remote shell upload vulnerability. Original discovery for this vulnerability in this version is attributed to Valerio Alessandroni.

tags | exploit, remote, shell
SHA-256 | fe8c0654fdd450f4d789a5f2c7959427558174d0b3110ca1a4c2e6e999fd7985
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close