exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2021-02-10

Micro Focus Operations Bridge Manager Remote Code Execution
Posted Feb 10, 2021
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However, this module was only tested on Operations Bridge Manager. Exploiting this vulnerability will result in remote code execution as the root user on Linux or the SYSTEM user on Windows. Authentication is required as the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. Any authenticated user can exploit this vulnerability, even the lowest privileged ones.

tags | exploit, java, remote, root, code execution
systems | linux, windows
advisories | CVE-2020-11853
SHA-256 | 13d48a0eedb076ba8ac83405342b8b011a20b72ca2d2e40597629ef5d018cddd
Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation
Posted Feb 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-24096
SHA-256 | 6bfe0cdda02d4fbe057af9ecc41a80c96bb55fbaab78a5397b48afe2eb1905a5
Adobe Magento Commerce Cross Site Scripting
Posted Feb 10, 2021
Authored by Natsasit Jirathammanuwat | Site sec-consult.com

Adobe Magento Commerce versions prior to 2.4.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-21029
SHA-256 | 901c1af1587ebc9a26b154995ec271cad02931488eb9cef602e6b0bd29fa4817
b2evolution CMS 6.11.6 Cross Site Scripting
Posted Feb 10, 2021
Authored by Nakul Ratti, Soham Bakore

b2evolution CMS version 6.11.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, xss
advisories | CVE-2020-22839, CVE-2020-22841
SHA-256 | 9bc033021181cc828f78a45246fdbf842d7af5b01e9360d87e262f8067d9e475
b2evolution CMS 6.11.6 Open Redirection
Posted Feb 10, 2021
Authored by Nakul Ratti, Soham Bakore

b2evolution CMS version 6.11.6 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2020-22840
SHA-256 | c65ab83dc414ae0fd259db2445e3da796cf8cf06d6be4c9e872b07e92bd3283c
Ubuntu Security Notice USN-4713-2
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4713-2 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-28374
SHA-256 | 33006688440706d80f92159adf06335105a943bc106b735a9520e4fd9d365852
Ubuntu Security Notice USN-4727-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4727-1 - Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-26708
SHA-256 | a16e27e0082398c4fbe46c44037263e22c95d539682ec5f4d2b8f9445293b741
Ubuntu Security Notice USN-4728-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4728-1 - Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-27352
SHA-256 | f62b67ef889b9ee520de0fe63f88fb82946d64b109047879e30516ab1bbfe140
Online Car Rental 1.0 Shell Upload
Posted Feb 10, 2021
Authored by Richard Jones

Online Car Rental version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ef52bc0d2606bcba1852493116ccff6b1292008b1eeb3dc86915400ea5d0720e
Backdoor.Win32.Aphexdoor.LiteSock MVID-2021-0082 Buffer Overflow
Posted Feb 10, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Aphexdoor.LiteSock malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 8b6ccade23d3ec6d18ecf166c4a5516158a541bd323da2a669ba9d7a232ab203
Node.JS Remote Code Execution
Posted Feb 10, 2021
Authored by UndeadLarva

Node.JS node-serialize remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2017-5941
SHA-256 | df946f2b586c535246f32b7e8ed6cf0ea4a79826574402c6b513172ffb1f4a21
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close