what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2021-10-04

Ubuntu Security Notice USN-5102-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5102-1 - It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-17983, CVE-2019-3902
SHA-256 | e71e1679f651bde177030852ead42d8e287182832c4dd5bc0623c2f76bc24094
Ubuntu Security Notice USN-5101-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5101-1 - It was discovered that MongoDB incorrectly handled certain wire protocol messages. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2019-20925
SHA-256 | 1f3c6d8bffec7becafbfcf085928c3e42927814e1335c71a09abf5cbcf6c60df
Ubuntu Security Notice USN-5100-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5100-1 - It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host filesystem, possibly leading to privilege escalation.

tags | advisory, remote, root
systems | linux, ubuntu
advisories | CVE-2021-41103
SHA-256 | bec06fbddf01a97b4741a148057556d1a2d45613606170b7bb3b8123d3bd2801
Ubuntu Security Notice USN-5099-1
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5099-1 - It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-12761
SHA-256 | f3829ab6cd6c5115a174960dcff66f7925121dc3ef45f381ce35f50ddc6b220c
Company's Recruitment Management System SQL Injection
Posted Oct 4, 2021
Authored by nu11secur1ty

Company's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 0103d8ad580c793d797961e56db9354ffd8cf0de23dbad71c6f37ffe599adbdb
Local Offices Contact Directory Site SQL Injection
Posted Oct 4, 2021
Authored by nu11secur1ty

Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.

tags | exploit, remote, local, php, sql injection
SHA-256 | 856efe11ddf1e2251f41e21889418c81e80390b979a0a41f709f289863ab150f
College Management System 1.0 Insecure Direct Object Reference
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System 1.0 suffers from an insecure direct object reference that allows a user to add an administrator without any authentication.

tags | exploit
SHA-256 | c280ad8bf5b5856f85c7029e01c1480a77731c45abd4f7f4a4d74b8378349c08
Ubuntu Security Notice USN-4973-2
Posted Oct 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4973-2 - USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: #1928057. This update fixes the problem. It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions. Various other issues were also addressed.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2021-29921
SHA-256 | c196735c92f4db65e944d2ae4d93193aa693a7dcfe98671e5a7a8573a75157f3
College Management System 1.0 Cross Site Scripting
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | da15ad8a141bd0f394de0285cec82f229fd4d7c8d7a42554de75c078a6395dbe
Bing.com Hostname / IP Enumerator 1.0.5
Posted Oct 4, 2021
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Minor release. Changed User-Agent to wget/1.20. Fixed an error where it finds no results.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 0a198af8d7876d7adb9c0517025bd6443d13399a188615a078cf3e45e120f19e
TestSSL 3.0.6
Posted Oct 4, 2021
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Codespell introduction and implementation for GHA CI. Documentation update to reflect renaming standard ciphers to cipher categories. Now ignores usage of ~/.digrc where possible. Various other updates and fixes.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 05768444d6cf3dc5812f8fb88695d17a82668089deddd6aaf969041ba4c10b10
College Management System 1.0 SQL Injection
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6ecb70ef2a809ebc7897afdde2d67ae1b81bda174212d7a23ffd6e67dc2520be
PyRDP RDP Man-In-The-Middle Tool
Posted Oct 4, 2021
Authored by Francis Labelle, Emilio Gonzalez, Alexandre Beaulieu, Olivier Bilodeau | Site github.com

PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.

tags | tool, remote, protocol, python
systems | unix
SHA-256 | 5f01162a450a7fc506165118344947967c264bcef977e012bb2cff3b330b0436
Seth RDP Man-In-The-Middle Tool
Posted Oct 4, 2021
Authored by Dr. Adrian Vollmer | Site github.com

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.

tags | tool, python, bash
systems | unix
SHA-256 | c7390c0ef2061eb2f26a7cc5a7ad91394e34550d095a3ea3099eb5b7fd50be60
MedSec Network Utility Tool
Posted Oct 4, 2021
Authored by medpaf | Site github.com

MedSec is a network utility tool developed to perform some network, security administrator, and pentesting tasks. Basic functionality includes port scans, host discovery, banner grabbing, dns checks, subdomain enumeration, and more.

tags | tool, scanner
systems | unix
SHA-256 | da3e4ac6caa379175e26ece82ffa34906d015bf85c441e6d363bb3c6707faa98
Gatekeeper Bypass Proof Of Concept
Posted Oct 4, 2021
Authored by Rasmus Sten | Site labs.f-secure.com

This script will create a zip file exploiting CVE-2021-1810 by creating a directory hierarchy deep enough for Archive Utility to fail setting quarantine attributes on certain files while also making some path names long enough to prevent Safari automating unzipping from unpacking the archive. Finally, the script will create a symbolic link at the top level, making the zip file appear like a normal app bundle zip file.

tags | exploit, bypass
advisories | CVE-2021-1810
SHA-256 | 27f01873128025928ef40392c54869c04de239ae765903eac4c672f993c9065b
Lifestyle Store 1.0 Cross Site Scripting
Posted Oct 4, 2021
Authored by Abdulrahman

Lifestyle Store version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d419c5b0dc29f160afaae4675ed884a9a9fecdf88362c3de09bf1499603cf8e8
Young Entrepreneur E-Negosyo System 1.0 Cross Site Scripting
Posted Oct 4, 2021
Authored by Jordan Glover

Young Entrepreneur E-Negosyo System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d2d272d3a7b19c3a2803d9faf08671279fd15b028c26e81b0583119f5248696c
Young Entrepreneur E-Negosyo System 1.0 SQL Injection
Posted Oct 4, 2021
Authored by Jordan Glover

Young Entrepreneur E-Negosyo System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | e597e7d2789e0aa771bb79c6c524df2746ef3e9c11afc76e4627642d6044bfe9
Vehicle Service Managment System 1.0 Shell Upload
Posted Oct 4, 2021
Authored by Richard Jones

Vehicle Service Management System version 1.0 unauthenticated remote shell upload exploit that uses authentication bypass with SQL injection.

tags | exploit, remote, shell, sql injection
SHA-256 | 6c102a236cb9e21f5427c1ae2c9ecec8289f62748f674b9bd2f0e484459314c2
Vehicle Service Management System 1.0 SQL Injection
Posted Oct 4, 2021
Authored by Richard Jones

Vehicle Service Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities one of which allows for authentication bypass.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | bda6787acf0033d7dd6861a3aaf0c52668f3986daf80429fc5e0054fccb7ef22
Open Game Panel Remote Code Execution
Posted Oct 4, 2021
Authored by prey

Open Game Panel suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | d1b96cf77f4c3fb50c6c8ae13d64687601f5c342d5969c20faca45617dd9ea3a
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
Posted Oct 4, 2021
Authored by Oscar Gutierrez

Pet Shop Management System version 1.0 suffers from privilege escalation and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
SHA-256 | abef648d07fa476965ff52c8f9b813211d1cedf8b5428340a5a9fddc13a24202
College Management System 1.0 Arbitrary File Upload
Posted Oct 4, 2021
Authored by Abdulrahman

College Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 86c8805556c5e66a65a17ebcb0557527109d4682af2a0bb382e6b163bb6ceb14
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close