exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

Files Date: 2021-02-10

Micro Focus Operations Bridge Manager Remote Code Execution
Posted Feb 10, 2021
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However, this module was only tested on Operations Bridge Manager. Exploiting this vulnerability will result in remote code execution as the root user on Linux or the SYSTEM user on Windows. Authentication is required as the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. Any authenticated user can exploit this vulnerability, even the lowest privileged ones.

tags | exploit, java, remote, root, code execution
systems | linux, windows
advisories | CVE-2020-11853
MD5 | f6552551b0f335ef518698e89a9caa30
Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation
Posted Feb 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-24096
MD5 | 91697f9020080e5254805aa5e5e1cc57
Adobe Magento Commerce Cross Site Scripting
Posted Feb 10, 2021
Authored by Natsasit Jirathammanuwat | Site sec-consult.com

Adobe Magento Commerce versions prior to 2.4.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-21029
MD5 | b5f1e1469e651666f090e1c53f52ddf5
b2evolution CMS 6.11.6 Cross Site Scripting
Posted Feb 10, 2021
Authored by Nakul Ratti, Soham Bakore

b2evolution CMS version 6.11.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, xss
advisories | CVE-2020-22839, CVE-2020-22841
MD5 | 437ccd305310b5b0fe97453ba33e43fd
b2evolution CMS 6.11.6 Open Redirection
Posted Feb 10, 2021
Authored by Nakul Ratti, Soham Bakore

b2evolution CMS version 6.11.6 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2020-22840
MD5 | deeacf09d2a642f1cd3efdcaa569ed88
Ubuntu Security Notice USN-4713-2
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4713-2 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-28374
MD5 | bdc9412645c3c7bcad2191d791d8de6c
Ubuntu Security Notice USN-4727-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4727-1 - Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-26708
MD5 | a8c89d3cda17bd2462a03e3fd24d9971
Ubuntu Security Notice USN-4728-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4728-1 - Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-27352
MD5 | 086df1dbda8bd6351da6a2f9cd5a4644
Online Car Rental 1.0 Shell Upload
Posted Feb 10, 2021
Authored by Richard Jones

Online Car Rental version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 16e7dbecfa2fc7c91e9c10a0ab80b747
Backdoor.Win32.Aphexdoor.LiteSock Buffer Overflow
Posted Feb 10, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Aphexdoor.LiteSock malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
MD5 | 40ccca1a10693f61f03b7a0072056b84
Node.JS Remote Code Execution
Posted Feb 10, 2021
Authored by UndeadLarva

Node.JS node-serialize remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2017-5941
MD5 | 6de3e38610681551f2c44541f8bdf9c3
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close