what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2021-03-26

SAP Solution Manager 7.2 Remote Command Execution
Posted Mar 26, 2021
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.

tags | exploit, java, remote, web, shell
advisories | CVE-2020-6207
MD5 | 1c233a9f84fe24a1f701e2b602123168
Ubuntu Security Notice USN-4893-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4893-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2021-23981, CVE-2021-23983, CVE-2021-23984, CVE-2021-23985, CVE-2021-23986, CVE-2021-23987
MD5 | 361f6d2ac9ae9e3ba90818da079bb556
Ubuntu Security Notice USN-4888-2
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4888-2 - USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-27840, CVE-2021-20277
MD5 | a7edc38f2801676f33f9cbf0c9e31080
Backdoor.Win32.Kwak.12 Authentication Bypass / Code Execution
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
systems | windows
MD5 | f2ab2d12fa3f59fb53e62ee77516a4fe
TP-Link Cross Site Scripting
Posted Mar 26, 2021
Authored by Kaustubh G. Padwad, Smriti Gaba

Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and Archer-C3150.

tags | exploit, xss
advisories | CVE-2021-3275
MD5 | 1da398afccf3fc2ba6162181e5e7b91a
Ubuntu Security Notice USN-3685-2
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.

tags | advisory, ruby
systems | linux, ubuntu
advisories | CVE-2017-0898, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14064, CVE-2017-17742, CVE-2018-1000074, CVE-2018-8777
MD5 | f156e986c66dcd65f01f2e7c3812a8fe
Backdoor.Win32.Kwak.12 Authentication Bypass
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from a bypass vulnerability.

tags | exploit, bypass
systems | windows
MD5 | 36ef9ee5d988d1ac724f3c5efc27ad6a
Regis Inventory And Monitoring System 1.0 Cross Site Scripting
Posted Mar 26, 2021
Authored by George Tsimpidas

Regis Inventory and Monitoring System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 30e44f2274c24ec54e4e4aa7dda37d07
Ubuntu Security Notice USN-4891-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4891-1 - It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3449
MD5 | 65dc6a577fcb68c0413c66300d99e501
GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 26, 2021
Authored by Abhishek Joshi

GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 0274807889f69e5cd2d483307e8a0a7e
Backdoor.Win32.Kwak.12 Authentication Bypass / Man-In-The-Middle
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 91be9bd27e99d03cc1a518b4174d4eb9
Backdoor.Win32.Kwak.12 Denial Of Service
Posted Mar 26, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Kwak.12 malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
MD5 | c01721fd3f67f0c77ef3fc713be817fb
Development Kamel KCFinder 1.7 Shell Upload
Posted Mar 26, 2021
Authored by Rayan Ali

Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | bf6153a4c62e633652255251746f04d7
Hacking JWT Tokens For Fun And Profit
Posted Mar 26, 2021
Authored by Neha Gupta

This whitepaper provides information about how you can hack JWT tokens for fun and profit.

tags | paper
MD5 | c21b96d1eb8d61a98fde9ab99ca747cd
Moodle Atto Editor Cross Site Scripting
Posted Mar 26, 2021
Authored by Vincent666 ibn Winnie

The Moodle Atto Editor, which does not have versions, suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6a8d8204502843e48af5046445333c42
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close