exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2022-12-09

ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect
Posted Dec 9, 2022
Authored by Anna Hartig, Niklas Schilling, Constantin Schwarz | Site sec-consult.com

ILIAS eLearning versions 7.15 and below suffer from authenticated command injection, persistent cross site scripting, local file inclusion, and open redirection vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2022-45915, CVE-2022-45916, CVE-2022-45917, CVE-2022-45918
SHA-256 | ee31da97db0bda4a3b42019ff3e199e34d24625e0b83fa1d18f2b97da9c2728c
Intel Data Center Manager 4.1 SQL Injection
Posted Dec 9, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected.

tags | exploit, web, sql injection
advisories | CVE-2022-21225
SHA-256 | a04c70c3c5d6b08862017de94ee487ead5f2b2595fd13961e1c80a947b2d275c
Red Hat Security Advisory 2022-8889-01
Posted Dec 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2020-35525, CVE-2020-35527, CVE-2020-36516, CVE-2020-36518, CVE-2020-36558, CVE-2021-30002, CVE-2021-3640, CVE-2022-0168, CVE-2022-0561, CVE-2022-0562, CVE-2022-0617, CVE-2022-0854, CVE-2022-0865
SHA-256 | e8c5fca15c718cc8dd491c4bcec10fa3e9d5113ff39850bf8adff3a3d0ba7b03
Intel Data Center Manager 5.1 Local Privilege Escalation
Posted Dec 9, 2022
Authored by Julien Ahrens | Site rcesecurity.com

The latest version (5.1) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate their privileges to root by abusing a weak sudo configuration for the "dcm" user.

tags | exploit, remote, web, local, root, code execution
SHA-256 | 566ceaa70e7ce9a3bd9825a0b7a97b644b608fe05fd23b30746e3017a5408ae6
Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks
Posted Dec 9, 2022
Authored by Steffen Robertz | Site sec-consult.com

Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents.

tags | exploit, arbitrary
advisories | CVE-2022-45914
SHA-256 | 8a27a8ec1a40c485612406d067e803d86d138460771fe55dd5f37c04f5c55870
snap-confine must_mkdir_and_open_with_perms() Race Condition
Posted Dec 9, 2022
Authored by Qualys Security Advisory

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

tags | exploit, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-44731, CVE-2022-3328, CVE-2022-41973, CVE-2022-41974
SHA-256 | ae9802d4db6010e09c5ca96ad72cd8f9bb70aff4d7af8a1ec00cebd3203d1f95
Planet eStream Code Execution / SQL Injection / XSS / Broken Control
Posted Dec 9, 2022
Authored by Philipp Espernberger, Timon Vogel, Hrvoje Filakovic | Site sec-consult.com

Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.

tags | exploit, shell, vulnerability, xss, sql injection, info disclosure
advisories | CVE-2022-45889, CVE-2022-45890, CVE-2022-45891, CVE-2022-45892, CVE-2022-45893, CVE-2022-45894, CVE-2022-45895, CVE-2022-45896
SHA-256 | 0dca96db49c3aae632e40d6b29c30d32088f3d7c6667b64b954a6a6345dcc625
Delta Electronics DVW-W02W2-E2 2.42 Command Injection
Posted Dec 9, 2022
Authored by T. Weber | Site cyberdanube.com

Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability.

tags | exploit
SHA-256 | 52f6f8745199afbfc55428bee6dbae1fbbe91da63778b61a0ac8bf89593b7906
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
Posted Dec 9, 2022
Authored by T. Weber | Site cyberdanube.com

Delta Electronics DX-2100-L1-CN version 1.5.0.10 suffers from command injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c011ce849673992de02ffa60ff745be7e4efb5d267d29dec7c008d33777fc8a8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close