what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files Date: 2021-03-23

Microsoft Exchange ProxyLogon Remote Code Execution
Posted Mar 23, 2021
Authored by Orange Tsai, mekhalleh, Jang, lotusdll | Site metasploit.com

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 Versions less than 15.00.1497.012, Exchange 2016 CU18 less than 15.01.2106.013, Exchange 2016 CU19 less than 15.01.2176.009, Exchange 2019 CU7 less than 15.02.0721.013, and Exchange 2019 CU8 less than 15.02.0792.010. All components are vulnerable by default.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2021-26855, CVE-2021-27065
MD5 | d511d66b8660f85c046673fef91f3912
Advantech iView Unauthenticated Remote Code Execution
Posted Mar 23, 2021
Authored by Spencer McIntyre, wvu | Site metasploit.com

This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITY\SYSTEM. This issue was demonstrated in the vulnerable version 5.7.02.5992 and fixed in version 5.7.03.6112.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2021-22652
MD5 | fd032d94df7616e2fe434facdd644277
Global Socket 1.4.27
Posted Mar 23, 2021
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: Renamed gs to gsocket. Updated README.md.
tags | tool, tcp
systems | unix
MD5 | f11e82dfd479753236cb66ae678f4d85
Red Hat Security Advisory 2021-0974-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0974-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, and information leakage vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-28052, CVE-2020-35510, CVE-2020-7676, CVE-2020-8908, CVE-2021-20220, CVE-2021-20250
MD5 | c83639cf9e776c60527f889bf632c6f1
Ubuntu Security Notice USN-4886-1
Posted Mar 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, cgi
systems | linux, ubuntu
advisories | CVE-2020-35502, CVE-2021-20211, CVE-2021-20212, CVE-2021-20213, CVE-2021-20214, CVE-2021-20215, CVE-2021-20216, CVE-2021-20272, CVE-2021-20273, CVE-2021-20275
MD5 | 8a08b9bbf58d739ee350ef39d3a2cc6b
WordPress GiveWP 2.9.7 Cross Site Scripting
Posted Mar 23, 2021
Authored by Austin Bentley

WordPress GiveWP plugin version 2.9.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24213
MD5 | e1d2d3f9920ae4f2a8d888e6f91a3b5e
Red Hat Security Advisory 2021-0969-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0969-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
MD5 | cb88401dd70cb5cab29fe948225623f9
Hotel And Lodge Management System 1.0 Cross Site Scripting
Posted Mar 23, 2021
Authored by Jitendra Kumar Tripathi

Hotel And Lodge Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 12607984bffdb3f965f7fdd61ed0ae52
Red Hat Security Advisory 2021-0968-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0968-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
MD5 | ad4b8e74d8a3289c207c01af613569ef
Online Reviewer Management System 1.0 Shell Upload
Posted Mar 23, 2021
Authored by th3d1gger

Online Reviewer Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 9d3b419524c9b1d3f62ecd6becf032ba
Online Reviewer Management System 1.0 Cross Site Scripting
Posted Mar 23, 2021
Authored by th3d1gger

Online Reviewer Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | b5faede246bfd511e613d4cff145c3fd
Online Reviewer Management System 1.0 SQL Injection
Posted Mar 23, 2021
Authored by th3d1gger

Online Reviewer Management System version 1.0 remote SQL injection exploit that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 4d991079bac378d19772c72a1fd43234
Red Hat Security Advisory 2021-0967-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0967-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
MD5 | db350f29bce83c607abee258d4cf80d0
Elodea Event Collector 4.9.3 Unquoted Service Path
Posted Mar 23, 2021
Authored by SamAlucard

Elodea Event Collector version 4.9.3 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 1a25babc50b5982ff1897fd7a85ce341
ActivIdentity 8.2 Unquoted Service Path
Posted Mar 23, 2021
Authored by SamAlucard

ActivIdentity version 8.2 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | be881a342b05db97805bd7ed970cc9f8
ELAN Touchpad 15.2.13.1_X64_WHQL Unquoted Service Path
Posted Mar 23, 2021
Authored by SamAlucard

ELAN Touchpad version 15.2.13.1_X64_WHQL suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | b1190def32e41002204b0b182bd559ed
Red Hat Security Advisory 2021-0966-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0966-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20179
MD5 | 5f5fa4f17f59b3e435f0f718c442f9e2
Hi-Rez Studios 5.1.6.3 Unquoted Service Path
Posted Mar 23, 2021
Authored by Ekrem Can Kok

Hi-Rez Studios version 5.1.6.3 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 6dbeb07c0524691ba9d410f4a20ded67
WordPress Mapplic 6.1 SSRF / Cross Site Scripting
Posted Mar 23, 2021
Authored by Eagle Eye

WordPress Mapplic plugin versions 6.1 and below suffer from a server-side request forgery vulnerability that can be leveraged to commit cross site scripting attacks.

tags | exploit, xss
MD5 | ac14ee13b09af933b71a33cae68c32ef
WordPress Mapplic-Lite 1.0 SSRF / Cross Site Scripting
Posted Mar 23, 2021
Authored by Eagle Eye

WordPress Mapplic-Lite plugin version 1.0 suffers from a server-side request forgery vulnerability that can be leveraged to commit cross site scripting attacks.

tags | exploit, xss
MD5 | 8713ec5c90e3494732055a63d7db0c05
MyBB 1.8.25 SQL Injection
Posted Mar 23, 2021
Authored by SivertPL

MyBB version 1.8.25 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-27946
MD5 | 64843f24661612f597d4f6905a8a98f9
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close