exploit the possibilities
Showing 1 - 24 of 24 RSS Feed

Files Date: 2021-10-04

Ubuntu Security Notice USN-5102-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5102-1 - It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-17983, CVE-2019-3902
MD5 | 95c2af071812f1816e02b53b258236ad
Ubuntu Security Notice USN-5101-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5101-1 - It was discovered that MongoDB incorrectly handled certain wire protocol messages. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2019-20925
MD5 | 0bb6374a4229e094bad50c8bf704b4de
Ubuntu Security Notice USN-5100-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5100-1 - It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host filesystem, possibly leading to privilege escalation.

tags | advisory, remote, root
systems | linux, ubuntu
advisories | CVE-2021-41103
MD5 | bc2839346203abd22e30f4ef10721232
Ubuntu Security Notice USN-5099-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5099-1 - It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-12761
MD5 | c0c9acf37835b163ceba83390d84fff0
Company's Recruitment Management System SQL Injection
Posted Oct 4, 2021
Authored by nu11secur1ty

Company's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 5dad0ab07935fd852a5f37380715c9c9
Local Offices Contact Directory Site SQL Injection
Posted Oct 4, 2021
Authored by nu11secur1ty

Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.

tags | exploit, remote, local, php, sql injection
MD5 | b6786101aa6c4cb696251f2b75da6e63
College Management System 1.0 Insecure Direct Object Reference
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System 1.0 suffers from an insecure direct object reference that allows a user to add an administrator without any authentication.

tags | exploit
MD5 | 4b73bc20560b30957f9bb998b45e91f6
Ubuntu Security Notice USN-4973-2
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4973-2 - USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: #1928057. This update fixes the problem. It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions. Various other issues were also addressed.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2021-29921
MD5 | 67f887f3360fc14e1a1b82575e61a138
College Management System 1.0 Cross Site Scripting
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | fbedbfd2771cf6a28832ff287eefc9b4
Bing.com Hostname / IP Enumerator 1.0.5
Posted Oct 4, 2021
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Minor release. Changed User-Agent to wget/1.20. Fixed an error where it finds no results.
tags | tool, scanner, bash
systems | linux, unix
MD5 | 4aae2d2c823523c3d9ec371c22cceab8
TestSSL 3.0.6
Posted Oct 4, 2021
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Codespell introduction and implementation for GHA CI. Documentation update to reflect renaming standard ciphers to cipher categories. Now ignores usage of ~/.digrc where possible. Various other updates and fixes.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | b94e3bdfef5386a727c14ec7d3c8ae63
College Management System 1.0 SQL Injection
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 84866bb31f560e1ed138462bda9a7b1b
PyRDP RDP Man-In-The-Middle Tool
Posted Oct 4, 2021
Authored by Francis Labelle, Emilio Gonzalez, Alexandre Beaulieu, Olivier Bilodeau | Site github.com

PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.

tags | tool, remote, protocol, python
systems | unix
MD5 | 06c0d9021f660b1493c9e09fb8e332da
Seth RDP Man-In-The-Middle Tool
Posted Oct 4, 2021
Authored by Dr. Adrian Vollmer | Site github.com

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.

tags | tool, python, bash
systems | unix
MD5 | b70dd20e2e3bfbd5b431d511b7e8ab7f
MedSec Network Utility Tool
Posted Oct 4, 2021
Authored by medpaf | Site github.com

MedSec is a network utility tool developed to perform some network, security administrator, and pentesting tasks. Basic functionality includes port scans, host discovery, banner grabbing, dns checks, subdomain enumeration, and more.

tags | tool, scanner
systems | unix
MD5 | 3a29c41a6848c559d3505fbcb79aea62
Gatekeeper Bypass Proof Of Concept
Posted Oct 4, 2021
Authored by Rasmus Sten | Site labs.f-secure.com

This script will create a zip file exploiting CVE-2021-1810 by creating a directory hierarchy deep enough for Archive Utility to fail setting quarantine attributes on certain files while also making some path names long enough to prevent Safari automating unzipping from unpacking the archive. Finally, the script will create a symbolic link at the top level, making the zip file appear like a normal app bundle zip file.

tags | exploit, bypass
advisories | CVE-2021-1810
MD5 | 993ed96204ab42821d3eacd7f4266ff7
Lifestyle Store 1.0 Cross Site Scripting
Posted Oct 4, 2021
Authored by Abdulrahman

Lifestyle Store version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dfed369099a0e89c52b268c6025cdd08
Young Entrepreneur E-Negosyo System 1.0 Cross Site Scripting
Posted Oct 4, 2021
Authored by Jordan Glover

Young Entrepreneur E-Negosyo System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5d641190d228ecb59ea63cdd91c22d3f
Young Entrepreneur E-Negosyo System 1.0 SQL Injection
Posted Oct 4, 2021
Authored by Jordan Glover

Young Entrepreneur E-Negosyo System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 2760849f509e93f7ee98ccc1565239ee
Vehicle Service Managment System 1.0 Shell Upload
Posted Oct 4, 2021
Authored by Richard Jones

Vehicle Service Management System version 1.0 unauthenticated remote shell upload exploit that uses authentication bypass with SQL injection.

tags | exploit, remote, shell, sql injection
MD5 | 243eaba5d6291c10ea45e14a67617fbf
Vehicle Service Management System 1.0 SQL Injection
Posted Oct 4, 2021
Authored by Richard Jones

Vehicle Service Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities one of which allows for authentication bypass.

tags | exploit, remote, vulnerability, sql injection
MD5 | d3cafda8b344117eabc44ad3416220ca
Open Game Panel Remote Code Execution
Posted Oct 4, 2021
Authored by prey

Open Game Panel suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 4a44064f3593b04c3c02e8b2d071ef52
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
Posted Oct 4, 2021
Authored by Oscar Gutierrez

Pet Shop Management System version 1.0 suffers from privilege escalation and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 210c02bde43decbb2a8119311298118b
College Management System 1.0 Arbitrary File Upload
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ae23bba60e3ab6a866b38a74d2226d16
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close