what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files Date: 2021-03-12

Apache OFBiz XML-RPC Java Deserialization
Posted Mar 12, 2021
Authored by Alvaro Munoz, wvu | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.

tags | exploit, java
advisories | CVE-2020-9496
MD5 | ce10e20707a4fee8b630f43701401064
Microsoft Windows Kernel NtGdiGetDeviceCapsAll Race Condition / Use-After-Free
Posted Mar 12, 2021
Authored by Google Security Research, mjurczyk

Microsoft Windows kernel suffers from a use-after-free of the PDEVOBJ object via a race condition vulnerability in NtGdiGetDeviceCapsAll.

tags | exploit, kernel
systems | windows
advisories | CVE-2021-26863
MD5 | 31454c2dcf01b0dc4bbe498526c27f84
Ubuntu Security Notice USN-4754-3
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-26116, CVE-2020-27619, CVE-2020-8492
MD5 | 67d5415d4b4e952d651e9fc905a209c3
Red Hat Security Advisory 2021-0811-01
Posted Mar 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0811-01 - This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and man-in-the-middle vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-13946, CVE-2020-13956, CVE-2020-25649
MD5 | 4a3e2e63af8c74516c8ec10f448fbebf
Ubuntu Security Notice USN-4763-1
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4763-1 - It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922
MD5 | a9bb486c2183b003050adf13de2c0c65
ForkCMS PHP Object Injection
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

ForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-24036
MD5 | 93c0c401241bf2a388e76209eb207357
QCubed 3.1.1 Cross Site Scripting
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

QCubed versions 3.1.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-24912
MD5 | 73fd3916e76f66af8fae7b076246c80b
Monitoring Of Students Cyber Accounts System 1.0 SQL Injection
Posted Mar 12, 2021
Authored by Richard Jones

Monitoring of Students Cyber Accounts System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d175ee814d8f9da856b9820ffa3e7d53
Monitoring System (Dashboard) 1.0 SQL Injection
Posted Mar 12, 2021
Authored by Richard Jones

Monitoring System (Dashboard) version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8242a47d0c30c4593986343f1a0fa890
Monitoring System (Dashboard) 1.0 Shell Upload
Posted Mar 12, 2021
Authored by Richard Jones

Monitoring System (Dashboard) version 1.0 suffers from multiple remote code execution vulnerabilities that can be leveraged by malicious shells being uploaded.

tags | exploit, remote, shell, vulnerability, code execution
MD5 | 6fe62b2299146e49f1d6d5baac2d1d37
QCubed 3.1.1 SQL Injection
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

QCubed versions 3.1.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-24913
MD5 | 640b998f6ca739a394e1c0ce5cde9663
QCubed 3.1.1 PHP Object Injection
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

QCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-24914
MD5 | d8f336d29a03cf633ebe23cf5d9ed9a0
D-Link DIR-3060 1.11b04 Command Injection
Posted Mar 12, 2021
Authored by T Shiomitsu | Site iot-inspector.com

D-Link DIR-3060 versions 1.11b04 and below suffer from an authenticated command injection vulnerability.

tags | exploit
advisories | CVE-2021-28144
MD5 | 1338bfa25faf5605cd17292180b9bbb7
Vembu BDR 4.2.0.1 U1 Unquoted Service Path
Posted Mar 12, 2021
Authored by Mohammed Alshehri

Vembu BDR version 4.2.0.1 U1 suffers from multiple unquoted service path vulnerabilities.

tags | exploit, vulnerability
MD5 | 434e3e8e521a393922891e45d85c2df0
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    18 Files
  • 21
    Apr 21st
    30 Files
  • 22
    Apr 22nd
    18 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close