what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2021-03-23

Microsoft Exchange ProxyLogon Remote Code Execution
Posted Mar 23, 2021
Authored by Orange Tsai, mekhalleh, Jang, lotusdll | Site metasploit.com

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 Versions less than 15.00.1497.012, Exchange 2016 CU18 less than 15.01.2106.013, Exchange 2016 CU19 less than 15.01.2176.009, Exchange 2019 CU7 less than 15.02.0721.013, and Exchange 2019 CU8 less than 15.02.0792.010. All components are vulnerable by default.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2021-26855, CVE-2021-27065
SHA-256 | 8d10a6f462db1c384d95aaac3ccd5096fe1f2900acfdd10d4d8f6104dd67ec68
Advantech iView Unauthenticated Remote Code Execution
Posted Mar 23, 2021
Authored by Spencer McIntyre, wvu | Site metasploit.com

This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITY\SYSTEM. This issue was demonstrated in the vulnerable version 5.7.02.5992 and fixed in version 5.7.03.6112.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2021-22652
SHA-256 | 871b6bdcb75f943757231fe70d369aecb3bf02147c4c50b85ea3a12f3efaabe4
Global Socket 1.4.27
Posted Mar 23, 2021
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: Renamed gs to gsocket. Updated README.md.
tags | tool, tcp
systems | unix
SHA-256 | 850d5195de840280e1638f121743617ad47852109636541bccd20d4cdd953d6b
Red Hat Security Advisory 2021-0974-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0974-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, and information leakage vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-28052, CVE-2020-35510, CVE-2020-7676, CVE-2020-8908, CVE-2021-20220, CVE-2021-20250
SHA-256 | a29ebb86ed3f629b8d17d5f63140e16c1e3254c288e5ab8c7b3344fd2d510611
Ubuntu Security Notice USN-4886-1
Posted Mar 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, cgi
systems | linux, ubuntu
advisories | CVE-2020-35502, CVE-2021-20211, CVE-2021-20212, CVE-2021-20213, CVE-2021-20214, CVE-2021-20215, CVE-2021-20216, CVE-2021-20272, CVE-2021-20273, CVE-2021-20275
SHA-256 | 9d736803ff838a4b38d74189632d9d5e1263b6ca858ffc30099c29bff930eeab
WordPress GiveWP 2.9.7 Cross Site Scripting
Posted Mar 23, 2021
Authored by Austin Bentley

WordPress GiveWP plugin version 2.9.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24213
SHA-256 | 2f1d265e79c7eaa64a20ae14cc63908660ddc40bed2cc83fa9e0a1883c7c9e61
Red Hat Security Advisory 2021-0969-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0969-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
SHA-256 | 62600197f5170a6bcbd846e5630e10c31633441ec2bd1013bf54fa225f98c1c7
Hotel And Lodge Management System 1.0 Cross Site Scripting
Posted Mar 23, 2021
Authored by Jitendra Kumar Tripathi

Hotel And Lodge Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6eadb736fd36089f4f95f49dad333b6e33529f15982d6c1afd5212f901360440
Red Hat Security Advisory 2021-0968-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0968-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
SHA-256 | 498bfdf6f243605b23c60f02262cfa9a132f6c3df17ff207aec310f9c0291fcc
Online Reviewer Management System 1.0 Shell Upload
Posted Mar 23, 2021
Authored by th3d1gger

Online Reviewer Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 931600f0c2198aabe92c4ee629430b584bb32279014bf70d401b77618509311c
Online Reviewer Management System 1.0 Cross Site Scripting
Posted Mar 23, 2021
Authored by th3d1gger

Online Reviewer Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8e21f9e49ba39ab2bb847e924f6dd81c3c47d9b891363136a77586c7674b04e3
Online Reviewer Management System 1.0 SQL Injection
Posted Mar 23, 2021
Authored by th3d1gger

Online Reviewer Management System version 1.0 remote SQL injection exploit that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | e315d26c555a2fabe9dc05d02ab9605cfa32a99a2c65c69366debc6f8bc11edd
Red Hat Security Advisory 2021-0967-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0967-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
SHA-256 | 82eac9cd0241e5d1473edcaec1e7888e56505e6ad2889877e849449b33481844
Elodea Event Collector 4.9.3 Unquoted Service Path
Posted Mar 23, 2021
Authored by SamAlucard

Elodea Event Collector version 4.9.3 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 7a4772b7da811c9e6c7afd5162836de884b5cfd2845482eedd36727ff28b18b1
ActivIdentity 8.2 Unquoted Service Path
Posted Mar 23, 2021
Authored by SamAlucard

ActivIdentity version 8.2 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 6a0a03f3dbbca0b8ab4b1f4ae3cbaf9c3150db38b37161503c84b6d72bdf1c70
ELAN Touchpad 15.2.13.1_X64_WHQL Unquoted Service Path
Posted Mar 23, 2021
Authored by SamAlucard

ELAN Touchpad version 15.2.13.1_X64_WHQL suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 7b0319e02b5e0358556fbaecba643826b73513602e26b12f190df743576cf9e2
Red Hat Security Advisory 2021-0966-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0966-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20179
SHA-256 | 04695542ff2db2454580674ed2e327d1db584021c386f9603096d770e07002c6
Hi-Rez Studios 5.1.6.3 Unquoted Service Path
Posted Mar 23, 2021
Authored by Ekrem Can Kok

Hi-Rez Studios version 5.1.6.3 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | de7c9809806942e28452d915a3d476ac59b3bc5a2c3b9401c1b037a98d6d2218
WordPress Mapplic 6.1 SSRF / Cross Site Scripting
Posted Mar 23, 2021
Authored by Eagle Eye

WordPress Mapplic plugin versions 6.1 and below suffer from a server-side request forgery vulnerability that can be leveraged to commit cross site scripting attacks.

tags | exploit, xss
SHA-256 | e02500fb23125cab72c5a01d30f9c68221e32e43db8056e7244e3f71cfbaf19f
WordPress Mapplic-Lite 1.0 SSRF / Cross Site Scripting
Posted Mar 23, 2021
Authored by Eagle Eye

WordPress Mapplic-Lite plugin version 1.0 suffers from a server-side request forgery vulnerability that can be leveraged to commit cross site scripting attacks.

tags | exploit, xss
SHA-256 | 63aebb29dd9f961f18b394829e4fd6cacf0cd3e1381f1fe116d97ac3801ff2c1
MyBB 1.8.25 SQL Injection
Posted Mar 23, 2021
Authored by SivertPL

MyBB version 1.8.25 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-27946
SHA-256 | 0119b2998f019b8c5412b0ca92b7781e14084a1c91c356608140589745767688
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close