exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2020-12-24

Apache Struts 2 Forced Multi OGNL Evaluation
Posted Dec 24, 2020
Authored by Matthias Kaiser, Spencer McIntyre, Alvaro Munoz, ka1n4t | Site metasploit.com

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.

tags | exploit, remote, code execution
advisories | CVE-2019-0230, CVE-2020-17530
MD5 | a00ae15a323f6cf0ba8c86991a9f2707
Lynis Auditing Tool 3.0.2
Posted Dec 24, 2020
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS. Support for Solaris svcs added. Many other additions and changes.
tags | tool, scanner
systems | unix
MD5 | 1b01474e4efaa68a7ad929a93a98fd35
Faraday 3.14.0
Posted Dec 24, 2020
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added RESTless filter to multiples views, improving search. Added import vulnerability templates command to faraday-manage. Added a create_date field to comments. Various other additions and fixes.
tags | tool, rootkit
systems | unix
MD5 | 3061690f2afe841ba29e533a26372b79
Arteco Web Client DVR/NVR Session Hijacking
Posted Dec 24, 2020
Authored by LiquidWorm | Site zeroscience.mk

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.

tags | exploit, remote, web
MD5 | cb6db35d7f26517c312bbf4e1a19976e
Gentoo Linux Security Advisory 202012-24
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-24 - Multiple vulnerabilities have been found in Samba, the worst of which could result in a Denial of Service condition. Versions less than 4.12.9 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2020-1472
MD5 | 5bb991544b7b094ea08997f5d5fa0908
Gentoo Linux Security Advisory 202012-23
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-23 - A vulnerability has been discovered in Apache Tomcat that allows for the disclosure of sensitive information. Versions less than 8.5.60:8.5 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2020-17527
MD5 | 4b45bfe2024aae3d31806bf1ae19f590
Gentoo Linux Security Advisory 202012-22
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-22 - A buffer overflow in HAProxy might allow an attacker to execute arbitrary code. Versions less than 2.1.4 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2020-11100
MD5 | cc63f4b1c5abcfdc237602d305cf4cd2
Gentoo Linux Security Advisory 202012-21
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-21 - A vulnerability in NSS might allow remote attackers to cause a Denial of Service condition. Versions less than 3.58 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2020-25648
MD5 | 099b9521757862123b4938671037ce9d
Gentoo Linux Security Advisory 202012-20
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-20 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 84.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113
MD5 | e3745dbe6ac37ed3f38ad62cc7dea0ca
Gentoo Linux Security Advisory 202012-19
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-19 - A vulnerability in PowerDNS Recursor could lead to a Denial of Service condition. Versions less than 4.3.5 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2020-25829
MD5 | bca7f54ceba881be5a65594892a18f34
WordPress Adning Advertising 1.5.5 Shell Upload
Posted Dec 24, 2020
Authored by spacehen

Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 4533cad4ba378e377d042ba106f71deb
Gentoo Linux Security Advisory 202012-18
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-18 - An information disclosure vulnerability in PowerDNS allow remote attackers to obtain sensitive information. Versions less than 4.3.1 are affected.

tags | advisory, remote, info disclosure
systems | linux, gentoo
advisories | CVE-2020-17482
MD5 | c3f0b4988dbd837f82232d976e921338
Gentoo Linux Security Advisory 202012-17
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-17 - A local Denial of Service vulnerability was discovered in D-Bus. Versions less than 1.12.20 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
MD5 | 982320c1adcfa69f4b83182f45d384ad
Gentoo Linux Security Advisory 202012-16
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.

tags | advisory, denial of service, php, vulnerability
systems | linux, gentoo
advisories | CVE-2020-7069, CVE-2020-7070
MD5 | 96e08b0d750daa800cc55885a3ab17ec
Gentoo Linux Security Advisory 202012-15
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-15 - A vulnerability in GDK-PixBuf library could lead to a Denial of Service condition. Versions less than 2.42.2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2020-29385
MD5 | 8e089061e133e6e3300e772709e849af
Gentoo Linux Security Advisory 202012-14
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-14 - Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. Versions less than 7.74.0 are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
MD5 | e0d48e75aa862e7052b77e85c1692402
WordPress WP-PostRatings 1.86 Cross Site Scripting
Posted Dec 24, 2020
Authored by Park Won Seok

WordPress WP-PostRatings plugin version 1.86 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | da706e6a6f0108a0aefa653d262e3af3
Gentoo Linux Security Advisory 202012-13
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-13 - A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1i are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2020-1971
MD5 | 26d76ba7a769c66af12fdca5310409f2
Gentoo Linux Security Advisory 202012-12
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-12 - A vulnerability has been found in libass that could allow a remote attacker to execute arbitrary code. Versions less than 0.15.0 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2020-26682
MD5 | 904b63de4127e03bb0e73aad17aebb80
Gentoo Linux Security Advisory 202012-11
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-11 - A Denial of Service vulnerability was discovered in c-ares. Versions less than 1.17.1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2020-8277
MD5 | 81b9e9b936dbe4fcbfe842b08a2ffcf5
Gentoo Linux Security Advisory 202012-10
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-10 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.30.3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9952, CVE-2020-9983
MD5 | 662a964e36dab5dfd93cefbe897e3ef1
GitLab 11.4.7 Remote Code Execution
Posted Dec 24, 2020
Authored by Sam Redmond

GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.

tags | exploit, remote, code execution
advisories | CVE-2018-19571, CVE-2018-19585
MD5 | 1a523ed1223d47bac34dc42a48d74d42
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close