exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2021-02-19

Faraday 3.14.1
Posted Feb 19, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added forgot password, update services by bulk_create, and FARADAY_DISABLE_LOGS variable to disable logs to filesystem. Various other additions and modifications.
tags | tool, rootkit
systems | unix
SHA-256 | 562e32370844ff08b49d43a83c6a3a84170947f52ba058432e3b81d9fdadc08c
Ubuntu Security Notice USN-4740-1
Posted Feb 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4740-1 - It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-11989
SHA-256 | b3b8bf514ec38521acd2be501b5bd64089f6ae87f9304453ee94171d077ac559
Red Hat Security Advisory 2021-0611-01
Posted Feb 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0611-01 - The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-27135
SHA-256 | 47745c5fc42d6a7d68a5d49b3d5f996c8d4a635eda377a44026d8a187d80e8a0
Asterisk Project Security Advisory - AST-2021-005
Posted Feb 19, 2021
Authored by Joshua Colp, Mauri de Souza Meneguzzo | Site asterisk.org

Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.

tags | advisory, remote
advisories | CVE-2021-26906
SHA-256 | a598689c226c0f0b2be7c0f2f5f641be7af78caf65f348109e0446002e06d18f
Firejail TOCTOU Race Condition
Posted Feb 19, 2021
Authored by Roman Fiedler | Site unparalleled.eu

This program demonstrates a time-of-check-time-of-use TOCTOU vulnerability in Firejail. Winning it causes Firejail to create an insecure overlayfs layout, that is then used to escalate privileges by making /etc/ld.so.preload user writable.

tags | exploit
SHA-256 | adefafe1c85cc2ef526eedeae1ad122c13edd91a2e7eeb35bc0f9aa07cfe03e9
Ubuntu Security Notice USN-4741-1
Posted Feb 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-15095
SHA-256 | 3f87f3755ce52d2f838568100aa5bcddd41562af238a4049341de0c8ae70d50c
Asterisk Project Security Advisory - AST-2021-004
Posted Feb 19, 2021
Authored by gjoseph, Edvin Vidmar | Site asterisk.org

Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.

tags | advisory, overflow
advisories | CVE-2021-26714
SHA-256 | 514c38f88457c5adefa470f62cfa4733ee26d4eda6458c3b24c7bb21f2ec9701
Asterisk Project Security Advisory - AST-2021-003
Posted Feb 19, 2021
Authored by Alexander Traud, gjoseph | Site asterisk.org

An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.

tags | advisory, remote
advisories | CVE-2021-26712
SHA-256 | c6b2cb980ac1c471ada712a10083d5e4a2f109aa8638a11055f9f18afbbc09ab
dataSIMS Avionics ARINC 664-1 4.5.3 Buffer Overflow
Posted Feb 19, 2021
Authored by Kagan Capar

dataSIMS Avionics ARINC 664-1 version 4.5.3 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | fb2146f71f5492c1997492e5227915f35165c11c8c93ca3251f06a0b3dbb8349
Asterisk Project Security Advisory - AST-2021-002
Posted Feb 19, 2021
Authored by Kevin Harwell, Gregory Massel | Site asterisk.org

When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.

tags | advisory, remote
advisories | CVE-2021-26717
SHA-256 | 2a9795115e2a46d96ffa9cb29f66fab90c91d64bdafcfd927d79e02c48f5c8b5
Asterisk Project Security Advisory - AST-2021-001
Posted Feb 19, 2021
Authored by gjoseph, Ivan Poddubny | Site asterisk.org

If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.

tags | advisory
advisories | CVE-2020-35776
SHA-256 | 2f45006a2c9afadddcf34831d258755849dc791b989f4dce2ef9bb09888bc8d9
Online Exam System With Timer 1.0 SQL Injection
Posted Feb 19, 2021
Authored by Suresh Kumar

Online Exam System With Timer version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 3fa34b5f3e08b7d12953e622aa8b45d2e4797b9ced277916db0e75294f3387db
Beauty Parlour Management System 1.0 Cross Site Scripting
Posted Feb 19, 2021
Authored by Thinkland Security Team

Beauty Parlour Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 34fe4781069f55ef636ebeb487e5c7873e252073bfb2323964a77fb81e0458ef
Beauty Parlour Management System 1.0 SQL Injection
Posted Feb 19, 2021
Authored by Thinkland Security Team

Beauty Parlour Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Prof. Kailas Patil in June of 2020.

tags | exploit, remote, sql injection
SHA-256 | 3af5ffb0c4ba62a9575b929a7d6c4ce9cdaa1cbd415b87c400525e94793a274a
Backdoor.Win32.Bionet.10 MVID-2021-0099 Anonymous Login
Posted Feb 19, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bionet.10 malware has an ftp service that allows for anonymous login.

tags | exploit
systems | windows
SHA-256 | 404aa1cc25a484f04ec04f3fcdd9b35295adf133838edc77ca4e63911e3d6bde
Comment System 1.0 Cross Site Scripting
Posted Feb 19, 2021
Authored by Pintu Solanki

Comment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 46878eefcae9571cb16bc25507a049e842376b95088b9e7b41522e7641082ae1
Backdoor.Win32.DarkKomet.apcc MVID-2021-0098 Insecure Permissions
Posted Feb 19, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkKomet.apcc malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | aecb3a0c272436b731621f6bcd2825f3baf0858666fecf06db2f2a9d8b681638
Backdoor.Win32.DarkKomet.bhfh MVID-2021-0097 Insecure Permissions
Posted Feb 19, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.DarkKomet.bhfh malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | 5093711b0c6d00b1510fcead1c8a97d6fde81a882fde3001e630e1feeccf901a
OpenText Content Server 20.3 Cross Site Scripting
Posted Feb 19, 2021
Authored by Kamil Brenski

OpenText Content Server version 20.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dbbfc659d2fde29e9fb6fb4d8b71106fd64cd09ff143fade3c3ea59fbd6c45d6
Neo LMS / Matrix LMS Cross Site Scripting
Posted Feb 19, 2021
Authored by Mauro M.

This is a whitepaper that details identifying cross site scripting vulnerabilities in both the Neo and Matrix LMS codebase.

tags | exploit, paper, vulnerability, xss
SHA-256 | 425783c0a58f4b3d8ceaa1ef51c78b248dc59a4e994ea242a952886897d53b3d
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close