exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2021-04-01

ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
Posted Apr 1, 2021
Authored by LiquidWorm | Site zeroscience.mk

ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.

tags | exploit, web
SHA-256 | a038fd2df7c57dae5f716438ec33915df6608e83893e656beca767de6a065c08
Ubuntu Security Notice USN-4900-1
Posted Apr 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4900-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3474, CVE-2021-3478
SHA-256 | cb6ee91f72333e5d014404f45f6c763856b7a783c3b96aa0373ebb30ee699293
Trojan-Downloader.Win32.Delf.nzg MVID-2021-0157 Insecure Permissions
Posted Apr 1, 2021
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Delf.nzg malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | 2a8b1b8837037a1c70527617c4be07e6ad4c4720b9616711c1109167cce63f23
Trojan-Downloader.Win32.Delf.ur MVID-2021-0155 Insecure Permissions
Posted Apr 1, 2021
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Delf.ur malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | b94f7cc39080a42c5236b3848daf72b607d4671603c6de0fb32ecf17d8e11868
Trojan-Downloader.Win32.Delf.oxz MVID-2021-0156 Insecure Permissions
Posted Apr 1, 2021
Authored by malvuln | Site malvuln.com

Trojan-Downloader.Win32.Delf.oxz malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
SHA-256 | 03290d0c4a81b8975335725e2c9c665d120445d8da0d6f67999ef05ba088347c
Packet Storm New Exploits For March, 2021
Posted Apr 1, 2021
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 233 exploits added to Packet Storm in March, 2021.

tags | exploit
SHA-256 | 422b36d3f353e5d326732b3a5dadabe3b17d488389620879030568181638bfdb
F5 iControl Server-Side Request Forgery / Remote Command Execution
Posted Apr 1, 2021
Authored by wvu, Rich Warren | Site metasploit.com

This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.

tags | exploit, root
advisories | CVE-2021-22986
SHA-256 | af88cb0e39f85d5705c7b101b5d8123cacf7ab8455f5fc35d14ea16b6fc75d0d
SaltStack Salt API Unauthenticated Remote Command Execution
Posted Apr 1, 2021
Authored by Christophe de la Fuente, Alex Seymour | Site metasploit.com

This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on the master, including custom grain modules in the Extension Module directory. So, this module simply creates a Python script at this location and waits for it to be executed. The time interval is set to 60 seconds by default but can be changed in the master configuration file with the loop_interval option. Note that, if an administrator executes commands locally on the master, the maintenance process check will also be performed. It has been fixed in the following installation packages: 3002.5, 3001.6 and 3000.8. Also, a patch is available for the following versions: 3002.2, 3001.4, 3000.6, 2019.2.8, 2019.2.5, 2018.3.5, 2017.7.8, 2016.11.10, 2016.11.6, 2016.11.5, 2016.11.3, 2016.3.8, 2016.3.6, 2016.3.4, 2015.8.13 and 2015.8.10. This module has been tested successfully against versions 3001.4, 3002 and 3002.2 on Ubuntu 18.04.

tags | exploit, root, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-25281, CVE-2021-25282
SHA-256 | 49c40579de007295532abf11c8ebcc3115636ea6aeaf3fbe9be600207cb7d985
Cheating Cheaters - Malware Delivered As Call Of Duty Cheats
Posted Apr 1, 2021
Authored by Activision | Site research.activision.com

The video gaming industry is a popular target for various threat actors. Players as well as studios and publishers themselves are at risk for both opportunistic and targeted cyber-attacks - tactics range from leveraging fake APKs of popular mobile games, to compromising accounts for resale. Even APT (Advanced Persistent Threat) actors have been known to target the video gaming industry.This report will examine a hacking tool being promoted for use against gamers by masquerading as a cheat for Call of Duty: Warzone. This particular tool is considered a dropper, a piece of malware that is used to install or deliver an additional payload, such as credential stealing malware, on a target system or device. A dropper is a means to an end, rather than the end itself - but still is a critical link in the chain. The dropper examined in this report, "Cod Dropper v0.1", can be customized to install other, more destructive, malware onto the targets' machines.

tags | paper
SHA-256 | 5e38513aae0103e12649461665c14fa46a5772acb881d5395611526d1a436917
Global Socket 1.4.28
Posted Apr 1, 2021
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: Minor documentation updates.
tags | tool, tcp
systems | unix
SHA-256 | ef8eb970940d435e07001fccf2ac210f539a9bb09ea1ef146c5f6ff4cc15a402
Ubuntu Security Notice USN-4899-1
Posted Apr 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4899-1 - Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-1946
SHA-256 | 7e82d922210b3b643c58222e005715d40bd63acdbbeef0bec232db24d5409484
ScadaBR 1.0 Shell Upload
Posted Apr 1, 2021
Authored by Fellipe Oliveira

ScadaBR version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
SHA-256 | 5a92eb4823ed57475fc7effdb2bab98ce6c8f49ffe4b3e5aedd0a9a183c94428
School Registration And Fee System 1.0 Cross Site Scripting
Posted Apr 1, 2021
Authored by Richard Jones

School Registration and Fee System version 1.0 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 17f5ecc7aa500229c5b8b52d2e72bcaf0b510a153d57ccb291cc3379c6e2b87c
School Registration And Fee System 1.0 SQL Injection
Posted Apr 1, 2021
Authored by Richard Jones

School Registration and Fee System version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f2f6f0574bd7dfe9c35ba7604809a04c3aa2cbdd17f92ab15e490d18c5086b9e
phpPgAdmin 7.13.0 Command Execution
Posted Apr 1, 2021
Authored by Valerio Severini

phpPgAdmin version 7.13.0 suffers from an authenticated command execution vulnerability.

tags | exploit
SHA-256 | 7e78f9012afe8414513c0b1d8cda135dd917f81860ee7962efb2f5a64e3b0be3
Company Crime Tracking Software 1.0 Cross Site Scripting
Posted Apr 1, 2021
Authored by Richard Jones

Company Crime Tracking Software version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 83d5849a6ad90d404d2dd04020f48bbb611920f793c4da72502f84dc1e483db7
Latrix 0.6.0 SQL Injection
Posted Apr 1, 2021
Authored by cptsticky

Latrix version 0.6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 78887bd4cc87052539321b4d6d74e78c9989591442e0a224eabc388c8df1bea1
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close