exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2021-03-26

SAP Solution Manager 7.2 Remote Command Execution
Posted Mar 26, 2021
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.

tags | exploit, java, remote, web, shell
advisories | CVE-2020-6207
SHA-256 | 0d5122d6fb0ba7f681b7229fc5c197780b51710c6395404115ad8686072b2b08
Ubuntu Security Notice USN-4893-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4893-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2021-23981, CVE-2021-23983, CVE-2021-23984, CVE-2021-23985, CVE-2021-23986, CVE-2021-23987
SHA-256 | 8a437523e73ce057daeba48d3be4cef9d369c27add95e3b06c0ce5653d6f38a1
Ubuntu Security Notice USN-4888-2
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4888-2 - USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-27840, CVE-2021-20277
SHA-256 | 1f9ebcf4a58058d14bd496752ae31e54fdd7fc5b208273328e23dc9dde43d308
Backdoor.Win32.Kwak.12 MVID-2021-0149 Authentication Bypass / Code Execution
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
SHA-256 | 857012a6558e67558b7c29a986146f09de19a504cb20f346a8dc6cc58b9a2ef3
TP-Link Cross Site Scripting
Posted Mar 26, 2021
Authored by Kaustubh G. Padwad, Smriti Gaba

Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and Archer-C3150.

tags | exploit, xss
advisories | CVE-2021-3275
SHA-256 | e35e1937104dc66eacb185dee5eb8adeeab2b99d9f05fd8364987d6dd5a729bd
Ubuntu Security Notice USN-3685-2
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.

tags | advisory, ruby
systems | linux, ubuntu
advisories | CVE-2017-0898, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14064, CVE-2017-17742, CVE-2018-1000074, CVE-2018-8777
SHA-256 | e7a582a1d121ff1533a65726ffe5c500c137492e966e1ec7c0aec8d1c81203b7
Backdoor.Win32.Kwak.12 MVID-2021-0147 Authentication Bypass
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from a bypass vulnerability.

tags | exploit, bypass
systems | windows
SHA-256 | 5d4afe8b15be706dade5269fcc5f3da9587a4f35e4f5cc1a8bffd0978776ca90
Regis Inventory And Monitoring System 1.0 Cross Site Scripting
Posted Mar 26, 2021
Authored by George Tsimpidas

Regis Inventory and Monitoring System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f19b16271534173a2daeb300ee8055cc2d30b878ce6d30f3b5dcc96f59deed76
Ubuntu Security Notice USN-4891-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4891-1 - It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3449
SHA-256 | 8714c7ff2c3053a074ef8cc312f87835a7b1c3f3372ea751347943c1c7fa9d33
GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 26, 2021
Authored by Abhishek Joshi

GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | f8515a697bd43d6bc1e7a544b80861b8f892d912ba39ee0ded35abda0c9c0518
Backdoor.Win32.Kwak.12 MVID-2021-0148 Authentication Bypass / Man-In-The-Middle
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | e4f9ab9c7f3533f0030d14d8b026a871e1f741f1a7561f977985c27144890066
Backdoor.Win32.Kwak.12 MVID-2021-0146 Denial Of Service
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
SHA-256 | f6064b7bc1bed41b2dea4b3739c7fc444408c57e11f23d5ff1b18043c79c86cc
Development Kamel KCFinder 1.7 Shell Upload
Posted Mar 26, 2021
Authored by Rayan Ali

Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 767d8feb55914271022aee9787fcc915fb010c7584b18d3e7fb163230628b601
Hacking JWT Tokens For Fun And Profit
Posted Mar 26, 2021
Authored by Neha Gupta

This whitepaper provides information about how you can hack JWT tokens for fun and profit.

tags | paper
SHA-256 | 7368748618b4cd6f33d0da05f3cabc301392721ae3b26c2284f7a0e648b15957
Moodle Atto Editor Cross Site Scripting
Posted Mar 26, 2021
Authored by Vincent666 ibn Winnie

The Moodle Atto Editor, which does not have versions, suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1883e936d036e427af9e9c1cce0ad5bc8a0eaa07ad8c7911c5725a720541f3ee
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close