exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2021-07-20

KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

tags | exploit, arbitrary, php
SHA-256 | e7fe1145875f4fee303754d7337102102f889c5f0d146987b8e928e2a6212f22
KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

tags | exploit, web, arbitrary, php, sql injection
SHA-256 | 7a5075697680808e5b44c8cbcf23d84270742048cad9980a168091187abdbea1
KevinLAB BEMS 1.0 Undocumented Backdoor Account
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.

tags | exploit
SHA-256 | e4b4cd6f51b8e33aae4b3ac4567d5823ab352a308e656ca6dc37edc4c64a9881
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
Posted Jul 20, 2021
Authored by Pierre Kim

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities.

tags | exploit, vulnerability
SHA-256 | b55157214aaa2b6ae562d7cfa0de32cfd562800d2a6cb523e250837eb6218be3
OX Documents 7.10.5 Improper Authorization
Posted Jul 20, 2021
Authored by Martin Heiland

OX Documents version 7.10.5 suffers from multiple improper authorization vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2021-28093, CVE-2021-28094, CVE-2021-28095
SHA-256 | fdc415c0e1479fc1bbd7c9da23f2c1893080132040e14750beb56328b7efaa61
Red Hat Security Advisory 2021-2734-01
Posted Jul 20, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2734-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-33034, CVE-2021-33909
SHA-256 | 99f079adc186c2d82d3b579e84be343741eb238b4be2a07e3522085c19e36304
Gentoo Linux Security Advisory 202107-48
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-48 - Multiple vulnerabilities have been found in systemd, the worst of which could result in a Denial of Service condition. Versions less than 248.5 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-13529, CVE-2021-33910
SHA-256 | 25e1bbbcade540161205016cfceaba05de79ff1f950598f4886465d9e893b747
Ubuntu Security Notice USN-5013-2
Posted Jul 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5013-2 - USN-5013-1 fixed several vulnerabilities in systemd. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-13529, CVE-2021-33910
SHA-256 | 287e4074d79de02cd3d766899e09bac7f5427350422d727fb07ad78d7377f631
Ubuntu Security Notice USN-5013-1
Posted Jul 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5013-1 - It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-13529, CVE-2021-33910
SHA-256 | fe61eaf938741caa2ac40aecda03248812fea81b222956ff21110da95e7b7368
Concrete5 8.5.5 Phar Deserialization
Posted Jul 20, 2021
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.

tags | advisory, arbitrary, php
advisories | CVE-2021-36766
SHA-256 | 4737c6d7d22010e52296503aaa366abc55f04d975b7b1fd092c8c80e1a164e8a
Ubuntu Security Notice USN-5012-1
Posted Jul 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5012-1 - It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could change permissions on files on the host filesystem and possibly escalate privileges.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-32760
SHA-256 | b22aac378066db3bff966a442b28fd637c43f1b71476469d8cea5cbdd5432b3c
Gentoo Linux Security Advisory 202107-47
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-47 - A format string vulnerability has been found in libpano13, potentially resulting in arbitrary code execution. Versions less than 2.9.20 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2021-20307
SHA-256 | 06bef18ebf5ad1c6f1ae779313f4549df45176ee989ea7ad17492e6e87d5e8ac
Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation
Posted Jul 20, 2021
Authored by James Forshaw, Google Security Research

The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.

tags | exploit, tcp
SHA-256 | 817d39612fc53f7a2ee93673d737d89c13b73c3517209d386b6ada61eca137bb
Gentoo Linux Security Advisory 202107-46
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-46 - A format string vulnerability was found in mpv, potentially resulting in arbitrary code execution. Versions less than 0.33.1 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2021-30145
SHA-256 | 046ed4eb87056b3c68c1fa64b6da4a52c03cae00179d410f479985d55d510be4
Webmin 1.973 Cross Site Request Forgery
Posted Jul 20, 2021
Authored by Mesh3l_911, Z0ldyck

Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.

tags | exploit, shell, csrf
advisories | CVE-2021-31761
SHA-256 | 8a316a9307c0d4b3b8fa1f3bb02ab7e2a5d250b7b981658538c23e171ca98d24
Kernel Live Patch Security Notice LSN-0078-1
Posted Jul 20, 2021
Authored by Benjamin M. Romer

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code.

tags | advisory, arbitrary, kernel, local, vulnerability, protocol
systems | linux
advisories | CVE-2021-3609
SHA-256 | e5626ea542e0e7cf4d21b7704ad137ab9dac2e0503a662b96c9d976e9d97f88c
Gentoo Linux Security Advisory 202107-45
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-45 - A vulnerability has been found in PyCharm Community and Professional, potentially resulting in arbitrary code execution. Versions less than 2021.1.2 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2021-30005
SHA-256 | 88c6d31bd92babdddf99e81e82e91e08fbe5120af5d75edca9ad88875d4329d1
Gentoo Linux Security Advisory 202107-44
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-44 - Multiple vulnerabilities have been found in libslirp, the worst of which could result in a Denial of Service condition. Versions less than 4.6.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595
SHA-256 | dee28e78c3c84064553d065f12f818eca29b2e7320918e9a0274937706eee3e5
WordPress KN Fix Your Title 1.0.1 Cross Site Scripting
Posted Jul 20, 2021
Authored by Aakash Choudhary

WordPress KN Fix Your Title plugin version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1f86e07161a1b150ce0e117a709ac6656bdc255650433515fad5cdafd5b45b8a
Gentoo Linux Security Advisory 202107-43
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-43 - Multiple vulnerabilities have been found in RPM, the worst of which could result in remote code execution. Versions less than 4.16.1.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-20266, CVE-2021-20271, CVE-2021-3421
SHA-256 | 7ae0d8ff819674775141cdc5a9dc8221cbf095b4a7fcff5829370c7582ab7ebf
Gentoo Linux Security Advisory 202107-42
Posted Jul 20, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-42 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in a Denial of Service condition. Versions less than 2.10-r1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15260, CVE-2021-21375
SHA-256 | 5a417322cca4ebbffb59d822241e9901118075f14621d5a481358d07bc077ec3
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close