exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2021-11-17

SQLMAP - Automatic SQL Injection Tool 1.5.11
Posted Nov 17, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 53a126404f92d407fdb8048255fb05f9
Red Hat Security Advisory 2021-4032-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4032-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23369, CVE-2021-23383, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-28153
MD5 | 0afccb07d0753c3bcf41066f814de533
SuiteCRM 7.11.18 Remote Code Execution
Posted Nov 17, 2021
Authored by M. Cory Billington | Site metasploit.com

This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.

tags | exploit, web, php
advisories | CVE-2020-28328, CVE-2021-42840
MD5 | 983e8eda865337883e3936caa39bb9de
Ubuntu Security Notice USN-5148-1
Posted Nov 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5148-1 - It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-3504
MD5 | 8d4892e9321f20c7c03c3cdcceefcf11
WordPress Smart Product Review 1.0.4 Shell Upload
Posted Nov 17, 2021
Authored by Keyvan Hardani

WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 161936cf087f98580dab17309058c9b7
Red Hat Security Advisory 2021-4626-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4626-01 - The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-28469, CVE-2020-7733
MD5 | 225ade220d0883b614bb31807113aa6a
LiquidFiles 3.5.13 Privilege Escalation
Posted Nov 17, 2021
Authored by Eliana Cannella, Valerio Casalino, Riccardo Spampinato

LiquidFiles version 3.5.13 suffers from a privilege escalation vulnerability. The LiquidFiles API allows a User Admin to access keys for System Administrators.

tags | exploit
advisories | CVE-2021-43397
MD5 | f73f6550d9858671b25ba3a25799afdd
Red Hat Security Advisory 2021-4703-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4703-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt.ovirt package manages all oVirt Ansible modules. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3620
MD5 | d17dea11fc91e94287bb40aa81972320
Ubuntu Security Notice USN-5149-1
Posted Nov 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5149-1 - Kevin Backhouse discovered that AccountsService incorrectly handled memory when performing certain language setting operations. A local attacker could use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-3939
MD5 | 8fee9fd558fd792f3a99f3e911cb09b2
GitLab 13.10.2 Remote Code Execution
Posted Nov 17, 2021
Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2021-22204, CVE-2021-22205
MD5 | a203e85e39e4798bc3ada54cb3cc7271
Red Hat Security Advisory 2021-4628-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4628-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-0512, CVE-2021-22946, CVE-2021-22947, CVE-2021-23369, CVE-2021-23383, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3656, CVE-2021-3733
MD5 | 5c0c857ac2edb1d70109b429de61ae99
Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 17, 2021
Authored by Rahad Chowdhury

Quick.CMS version 6.7 suffers from a cross site scripting vulnerability that can allow for cross site request forgery attacks.

tags | exploit, xss, csrf
MD5 | 935c82e5735c531924eaba362cb28499
Red Hat Security Advisory 2021-4702-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion
systems | linux, redhat
advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494
MD5 | 15d37f280e159b35ed6469b1f97ed672
Bludit 3.13.1 Cross Site Scripting
Posted Nov 17, 2021
Authored by Vasu

Bludit version 3.13.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-35323
MD5 | 4d0ca46cfd28793816da307e829df8fc
DNS Cache Poisoning Attack: Resurrections With Side Channels
Posted Nov 17, 2021
Authored by Keyu Man, Zhiyun Qian, Xin'an Zhou

In this paper, the authors conduct an analysis of the previously over-looked attack surface related to DNS, and are able to uncover even stronger side channels that have existed for over a decade in Linux kernels. The side channels affect not only Linux but also a wide range of DNS software running on top of it, including BIND, Unbound and dns-masq. They also discovered that about 38% of open resolvers (by frontend IPs) and 14% (by backend IPs) are vulnerable including the popular DNS services such as OpenDNS and Quad9.

tags | paper, kernel
systems | linux
MD5 | 0b2f564378864cbd4aea7ad6ebf9bcd0
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close