exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2021-07-20

KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

tags | exploit, arbitrary, php
MD5 | 4bc3f448faf6a5df2c5354ab9084063b
KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

tags | exploit, web, arbitrary, php, sql injection
MD5 | 3498bc654a493cbf9b46522829eb067c
KevinLAB BEMS 1.0 Undocumented Backdoor Account
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.

tags | exploit
MD5 | a9e653ecb20d44dc4da9b97ffbe54252
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
Posted Jul 20, 2021
Authored by Pierre Kim

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities.

tags | exploit, vulnerability
MD5 | 304cbb560ea8ae6e55b7eb8a3824b652
OX Documents 7.10.5 Improper Authorization
Posted Jul 20, 2021
Authored by Martin Heiland

OX Documents version 7.10.5 suffers from multiple improper authorization vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-28093, CVE-2021-28094, CVE-2021-28095
MD5 | 10c429162cc33a9887ff910961477633
Red Hat Security Advisory 2021-2734-01
Posted Jul 20, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2734-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-33034, CVE-2021-33909
MD5 | e0f2d4913c50f50ba3ff1757d668114f
Gentoo Linux Security Advisory 202107-48
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-48 - Multiple vulnerabilities have been found in systemd, the worst of which could result in a Denial of Service condition. Versions less than 248.5 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-13529, CVE-2021-33910
MD5 | 78100bc3f3d27517f1649fec19f91abe
Ubuntu Security Notice USN-5013-2
Posted Jul 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5013-2 - USN-5013-1 fixed several vulnerabilities in systemd. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-13529, CVE-2021-33910
MD5 | 2292db61aa7aa7a29cce8f3e68387db3
Ubuntu Security Notice USN-5013-1
Posted Jul 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5013-1 - It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-13529, CVE-2021-33910
MD5 | 7874a80a96e6739b9bcfc28b5e49c853
Concrete5 8.5.5 Phar Deserialization
Posted Jul 20, 2021
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.

tags | advisory, arbitrary, php
advisories | CVE-2021-36766
MD5 | a1fb25a9ba4326669a0ede911fe27d02
Ubuntu Security Notice USN-5012-1
Posted Jul 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5012-1 - It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could change permissions on files on the host filesystem and possibly escalate privileges.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-32760
MD5 | a90db0b396dec2e9bda631a3f6a4c6a4
Gentoo Linux Security Advisory 202107-47
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-47 - A format string vulnerability has been found in libpano13, potentially resulting in arbitrary code execution. Versions less than 2.9.20 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2021-20307
MD5 | 0cb327adee6f00871f46c9bacb3beeae
Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation
Posted Jul 20, 2021
Authored by James Forshaw, Google Security Research

The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.

tags | exploit, tcp
MD5 | 37069deaf47980f1a4c39f62bc13ce25
Gentoo Linux Security Advisory 202107-46
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-46 - A format string vulnerability was found in mpv, potentially resulting in arbitrary code execution. Versions less than 0.33.1 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2021-30145
MD5 | 5bd96a67f03db222e7b3780e37099c81
Webmin 1.973 Cross Site Request Forgery
Posted Jul 20, 2021
Authored by Mesh3l_911, Z0ldyck

Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.

tags | exploit, shell, csrf
advisories | CVE-2021-31761
MD5 | 64d50ff2e6b23cb13a822ba9d9b79c96
Kernel Live Patch Security Notice LSN-0078-1
Posted Jul 20, 2021
Authored by Benjamin M. Romer

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol
systems | linux
advisories | CVE-2021-3609
MD5 | 253344ca4d57ea28bccc4904f8ebf52d
Gentoo Linux Security Advisory 202107-45
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-45 - A vulnerability has been found in PyCharm Community and Professional, potentially resulting in arbitrary code execution. Versions less than 2021.1.2 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2021-30005
MD5 | 7c30adf88dab8ac60ef5a5fcf6c98025
Gentoo Linux Security Advisory 202107-44
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-44 - Multiple vulnerabilities have been found in libslirp, the worst of which could result in a Denial of Service condition. Versions less than 4.6.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595
MD5 | 128a3409bbc583e87fbd6b93c2fb02cd
WordPress KN Fix Your Title 1.0.1 Cross Site Scripting
Posted Jul 20, 2021
Authored by Aakash Choudhary

WordPress KN Fix Your Title plugin version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 563d1383d6850947d9ba0854d82026d7
Gentoo Linux Security Advisory 202107-43
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-43 - Multiple vulnerabilities have been found in RPM, the worst of which could result in remote code execution. Versions less than 4.16.1.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-20266, CVE-2021-20271, CVE-2021-3421
MD5 | c9c49ec4bae48a4b232b958fe64f4372
Gentoo Linux Security Advisory 202107-42
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-42 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in a Denial of Service condition. Versions less than 2.10-r1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15260, CVE-2021-21375
MD5 | 176f57d7be1aad5721ba9bb8d30a0d3d
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close