exploit the possibilities
Showing 1 - 25 of 34 RSS Feed

Files Date: 2021-06-15

SAP Solution Manager 7.20 Missing Authorization
Posted Jun 15, 2021
Authored by Nahuel D. Sanchez, Pablo Artuso, Yvan Genuer | Site onapsis.com

Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.

tags | advisory, remote
advisories | CVE-2020-6207
MD5 | 62aaf9c152dbff873c27f124cdf380f7
Red Hat Security Advisory 2021-2439-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2439-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, java, csrf
systems | linux, redhat
MD5 | 9bb6f3addf2b86cebf3f43a6f505cd70
SAP Netweaver JAVA 7.50 Missing Authorization
Posted Jun 15, 2021
Authored by Ignacio D. Favro | Site onapsis.com

A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication in order to connect to the respective TCP ports and perform different privileged actions. SAP Netweaver JAVA versions 7.10 through 7.50 are affected.

tags | exploit, java, tcp
advisories | CVE-2020-26829
MD5 | 97b11d237ebc411e047673bc4c3aa91e
Red Hat Security Advisory 2021-2417-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2417-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-33516
MD5 | f3ed50049840e670a29c28c9db60f9a2
SAP XMII Remote Code Execution
Posted Jun 15, 2021
Authored by Nicolas Raus | Site onapsis.com

By abusing a code injection vulnerability in SAP MII, an authenticated user with SAP XMII developer privileges could execute code (including OS commands) on the server. Versions affected include XMII 15.1 lower than SP006 PL 000062, XMII 15.2 lower than SP003 PL 000038, XMII 15.3 lower than SP001 PL 000022, and XMII 15.4 lower than SP001 PL 000007.

tags | advisory
advisories | CVE-2021-21480
MD5 | 6c0712ccd625abe8e6daa45d5c354321
Hashcat Advanced Password Recovery 6.2.2 Source Code
Posted Jun 15, 2021
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: 18 hash modes added, 2 features added, and 4 bugs fixed.
tags | tool, cracker
systems | unix
MD5 | 9bc7e4a24127cddb7ad3346ec62b9135
Hashcat Advanced Password Recovery 6.2.2 Binary Release
Posted Jun 15, 2021
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: 18 hash modes added, 2 features added, and 4 bugs fixed.
tags | tool, cracker
MD5 | 3969007683ba68896c506a11ba7687bb
SAP Solution Manager 7.2 Missing Authorization
Posted Jun 15, 2021
Authored by Pablo Artuso, Gonzalo Roisman | Site onapsis.com

Any authenticated user of the SAP Solution Manager version 7.2 is able to craft, upload, and execute EEM scripts on the SMDAgents affecting its integrity, confidentiality and availability.

tags | advisory
advisories | CVE-2020-26830
MD5 | e0fe15ed4b993981dac20120bb468c05
SAP Solution Manager 7.2 File Disclosure / Denial Of Service
Posted Jun 15, 2021
Authored by Pablo Artuso, Gonzalo Roisman | Site onapsis.com

The End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager version 7.2, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive OS files and affect the availability of the EEM robots connected to the SolMan.

tags | advisory
advisories | CVE-2020-26837
MD5 | 6b12752deb3c15031f424164f4bb3b9f
SAP Wily Introscope Enterprise Default Hard-Coded Credentials
Posted Jun 15, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from having default hard-coded credentials.

tags | advisory
advisories | CVE-2020-6369
MD5 | d13861d3e7212000e317b5eb1f5fb56a
Client Management System 1.1 SQL Injection
Posted Jun 15, 2021
Authored by BHAVESH KAUL

Client Management System version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b2a0f5124d38d078542b920ab171f2b8
Client Management System 1.1 Cross Site Scripting
Posted Jun 15, 2021
Authored by BHAVESH KAUL

Client Management System version 1.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2f83c7f0a1aba3af2fad9aae911255b4
Red Hat Security Advisory 2021-2420-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2420-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-25217
MD5 | 80fc02746735c3bebe00db19e40e6fdc
IPFire 2.25 Remote Code Execution
Posted Jun 15, 2021
Authored by Grant Willcox, Mucahit Saratar | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.

tags | exploit, web, arbitrary, cgi, root
advisories | CVE-2021-33393
MD5 | 69d36ee1b60ffec6d31a6ebc94e2dc1e
HashiCorp Nomad Remote Command Execution
Posted Jun 15, 2021
Authored by Wyatt Dahlenburg | Site metasploit.com

This Metasploit module lets you create a batch job on HashiCorp's Nomad service to spawn a shell. The default option is to use the raw_exec driver, which runs with high privileges. Development servers and clients explicitly enabling the raw_exec plugin can spawn these type of jobs. Regular exec jobs can be created in a similar fashion at a lower privilege level.

tags | exploit, shell
MD5 | 43fcfd455dd3900ac07eb5c17b346b5d
SAP Wily Introscope Enterprise OS Command Injection
Posted Jun 15, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.

tags | advisory
advisories | CVE-2020-6364
MD5 | 4b0d282794d5c7c88267eac6caf02689
Ubuntu Security Notice USN-4988-1
Posted Jun 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4988-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-14528, CVE-2020-25674, CVE-2020-27751, CVE-2020-27756, CVE-2020-27760, CVE-2020-27764, CVE-2020-27768, CVE-2020-27772, CVE-2020-27776
MD5 | 248e6bfc6469e4199e9f48da82bb137e
Red Hat Security Advisory 2021-2419-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2419-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-25217
MD5 | 33054296c8f78f8ff7e882eccb72e37b
Brother BRPrint Auditor 3.0.7 Unquoted Service Path
Posted Jun 15, 2021
Authored by Brian Rodriguez

Brother BRPrint Auditor version 3.0.7 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 14d6f4a4a0b0fae5b688eb9d70b453fa
Red Hat Security Advisory 2021-2286-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2286-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. Issues addressed include a remote shell upload vulnerability.

tags | advisory, remote, shell
systems | linux, redhat
advisories | CVE-2021-27219, CVE-2021-3121, CVE-2021-3501, CVE-2021-3543
MD5 | 3108f712077cfbeb44524f6cf709fed5
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
MD5 | f480e11bbb87f0689d864f58c065154d
Red Hat Security Advisory 2021-2422-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2422-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-33516
MD5 | 166181e83df6f05ebc086ba41ed0bacb
SAP Hybris eCommerce Information Disclosure
Posted Jun 15, 2021
Authored by Gaston Traberg | Site onapsis.com

SAP Hybris eCommerce versions 1808, 1811, 1905, and 2005 suffer from a vulnerability that allows for exposure of sensitive information.

tags | advisory
advisories | CVE-2020-26809
MD5 | e3489823749ff2b18cfa6a5fe1236043
Red Hat Security Advisory 2021-2416-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2416-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-25217
MD5 | a04ccc2e870f084ea8f2b06b306eea49
Red Hat Security Advisory 2021-2414-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2414-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-25217
MD5 | 8101e1bc6e426345f3b9239caa0409a9
Page 1 of 2
Back12Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close