exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2021-03-26

SAP Solution Manager 7.2 Remote Command Execution
Posted Mar 26, 2021
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.

tags | exploit, java, remote, web, shell
advisories | CVE-2020-6207
MD5 | 1c233a9f84fe24a1f701e2b602123168
Ubuntu Security Notice USN-4893-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4893-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2021-23981, CVE-2021-23983, CVE-2021-23984, CVE-2021-23985, CVE-2021-23986, CVE-2021-23987
MD5 | 361f6d2ac9ae9e3ba90818da079bb556
Ubuntu Security Notice USN-4888-2
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4888-2 - USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-27840, CVE-2021-20277
MD5 | a7edc38f2801676f33f9cbf0c9e31080
Backdoor.Win32.Kwak.12 Authentication Bypass / Code Execution
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
MD5 | f2ab2d12fa3f59fb53e62ee77516a4fe
TP-Link Cross Site Scripting
Posted Mar 26, 2021
Authored by Kaustubh G. Padwad, Smriti Gaba

Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and Archer-C3150.

tags | exploit, xss
advisories | CVE-2021-3275
MD5 | 1da398afccf3fc2ba6162181e5e7b91a
Ubuntu Security Notice USN-3685-2
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.

tags | advisory, ruby
systems | linux, ubuntu
advisories | CVE-2017-0898, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14064, CVE-2017-17742, CVE-2018-1000074, CVE-2018-8777
MD5 | f156e986c66dcd65f01f2e7c3812a8fe
Backdoor.Win32.Kwak.12 Authentication Bypass
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from a bypass vulnerability.

tags | exploit, bypass
systems | windows
MD5 | 36ef9ee5d988d1ac724f3c5efc27ad6a
Regis Inventory And Monitoring System 1.0 Cross Site Scripting
Posted Mar 26, 2021
Authored by George Tsimpidas

Regis Inventory and Monitoring System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 30e44f2274c24ec54e4e4aa7dda37d07
Ubuntu Security Notice USN-4891-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4891-1 - It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3449
MD5 | 65dc6a577fcb68c0413c66300d99e501
GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 26, 2021
Authored by Abhishek Joshi

GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 0274807889f69e5cd2d483307e8a0a7e
Backdoor.Win32.Kwak.12 Authentication Bypass / Man-In-The-Middle
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 91be9bd27e99d03cc1a518b4174d4eb9
Backdoor.Win32.Kwak.12 Denial Of Service
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
MD5 | c01721fd3f67f0c77ef3fc713be817fb
Development Kamel KCFinder 1.7 Shell Upload
Posted Mar 26, 2021
Authored by Rayan Ali

Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | bf6153a4c62e633652255251746f04d7
Hacking JWT Tokens For Fun And Profit
Posted Mar 26, 2021
Authored by Neha Gupta

This whitepaper provides information about how you can hack JWT tokens for fun and profit.

tags | paper
MD5 | c21b96d1eb8d61a98fde9ab99ca747cd
Moodle Atto Editor Cross Site Scripting
Posted Mar 26, 2021
Authored by Vincent666 ibn Winnie

The Moodle Atto Editor, which does not have versions, suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6a8d8204502843e48af5046445333c42
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close