exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2021-04-01

ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
Posted Apr 1, 2021
Authored by LiquidWorm | Site zeroscience.mk

ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.

tags | exploit, web
MD5 | 4607935e1f6b2fc71ba56373899167b5
Ubuntu Security Notice USN-4900-1
Posted Apr 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4900-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3474, CVE-2021-3478
MD5 | 22c7345367e0c3c848f48020433aace9
Trojan-Downloader.Win32.Delf.nzg Insecure Permissions
Posted Apr 1, 2021
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Delf.nzg malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | 09e6aa20c92b7757559ef3daea189a74
Trojan-Downloader.Win32.Delf.ur Insecure Permissions
Posted Apr 1, 2021
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Delf.ur malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | e1da1de5da0338ac90ada65bf44cb4b9
Trojan-Downloader.Win32.Delf.oxz Insecure Permissions
Posted Apr 1, 2021
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Delf.oxz malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | 89e753f5a34059569862bdffb0f2eb02
Packet Storm New Exploits For March, 2021
Posted Apr 1, 2021
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 233 exploits added to Packet Storm in March, 2021.

tags | exploit
MD5 | 8d0201a158e1c4158421521240355554
F5 iControl Server-Side Request Forgery / Remote Command Execution
Posted Apr 1, 2021
Authored by wvu, Rich Warren | Site metasploit.com

This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.

tags | exploit, root
advisories | CVE-2021-22986
MD5 | babad085c5ec0276c04a4de6f8676674
SaltStack Salt API Unauthenticated Remote Command Execution
Posted Apr 1, 2021
Authored by Christophe de la Fuente, Alex Seymour | Site metasploit.com

This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on the master, including custom grain modules in the Extension Module directory. So, this module simply creates a Python script at this location and waits for it to be executed. The time interval is set to 60 seconds by default but can be changed in the master configuration file with the loop_interval option. Note that, if an administrator executes commands locally on the master, the maintenance process check will also be performed. It has been fixed in the following installation packages: 3002.5, 3001.6 and 3000.8. Also, a patch is available for the following versions: 3002.2, 3001.4, 3000.6, 2019.2.8, 2019.2.5, 2018.3.5, 2017.7.8, 2016.11.10, 2016.11.6, 2016.11.5, 2016.11.3, 2016.3.8, 2016.3.6, 2016.3.4, 2015.8.13 and 2015.8.10. This module has been tested successfully against versions 3001.4, 3002 and 3002.2 on Ubuntu 18.04.

tags | exploit, root, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-25281, CVE-2021-25282
MD5 | c836d9acbeb076642702599310fe13a4
Cheating Cheaters - Malware Delivered As Call Of Duty Cheats
Posted Apr 1, 2021
Authored by Activision | Site research.activision.com

The video gaming industry is a popular target for various threat actors. Players as well as studios and publishers themselves are at risk for both opportunistic and targeted cyber-attacks - tactics range from leveraging fake APKs of popular mobile games, to compromising accounts for resale. Even APT (Advanced Persistent Threat) actors have been known to target the video gaming industry.This report will examine a hacking tool being promoted for use against gamers by masquerading as a cheat for Call of Duty: Warzone. This particular tool is considered a dropper, a piece of malware that is used to install or deliver an additional payload, such as credential stealing malware, on a target system or device. A dropper is a means to an end, rather than the end itself - but still is a critical link in the chain. The dropper examined in this report, "Cod Dropper v0.1", can be customized to install other, more destructive, malware onto the targets' machines.

tags | paper
MD5 | 26427d25345e95e3464980b9dd0c0c78
Global Socket 1.4.28
Posted Apr 1, 2021
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: Minor documentation updates.
tags | tool, tcp
systems | unix
MD5 | 5b953152490d47bb307a174acaf2f6a8
Ubuntu Security Notice USN-4899-1
Posted Apr 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4899-1 - Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-1946
MD5 | dbd6e8e06d2d1fef4a9f91f0e3ace87e
ScadaBR 1.0 Shell Upload
Posted Apr 1, 2021
Authored by Fellipe Oliveira

ScadaBR version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 8626f1f23af69cc594f9e46083b387d9
School Registration And Fee System 1.0 Cross Site Scripting
Posted Apr 1, 2021
Authored by Richard Jones

School Registration and Fee System version 1.0 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 798bee95d57d77d1e00e72e66cb8c083
School Registration And Fee System 1.0 SQL Injection
Posted Apr 1, 2021
Authored by Richard Jones

School Registration and Fee System version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e7d2ffd603c7340148e78206e9763d13
phpPgAdmin 7.13.0 Command Execution
Posted Apr 1, 2021
Authored by Valerio Severini

phpPgAdmin version 7.13.0 suffers from an authenticated command execution vulnerability.

tags | exploit
MD5 | dcc74644d53515bbb5c0d4e51adb82b9
Company Crime Tracking Software 1.0 Cross Site Scripting
Posted Apr 1, 2021
Authored by Richard Jones

Company Crime Tracking Software version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 38b46c6d01aa66cf4ed8d3c2193f1e65
Latrix 0.6.0 SQL Injection
Posted Apr 1, 2021
Authored by cptsticky

Latrix version 0.6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ef1d8d78c6029e5c832c709d5bfe3c96
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close