exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 326 RSS Feed

Files Date: 2020-09-01 to 2020-09-30

Red Hat Security Advisory 2020-3780-01
Posted Sep 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3780-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14040
SHA-256 | e9058870707c8054ebf0ed4d4fe08b29682f1db80e6c11bddeeeed76a3ecb5a4
Ubuntu Security Notice USN-4522-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4522-1 - It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting attacks.

tags | advisory, remote, web, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2017-18635
SHA-256 | 5ae21e4984019a08972b1af6dcd3d7045a3453ee999b9508be4edcc8f21311a6
Ubuntu Security Notice USN-4521-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4521-1 - It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-13881
SHA-256 | ccb6a3b4c4b8fe16bc4c03f405b9650af662bfa30fd1846b1c8c2121ef142839
Mida eFramework 2.9.0 Backdoor Access
Posted Sep 21, 2020
Authored by elbae

Mida eFramework version 2.9.0 suffers from having a backdoor access vulnerability.

tags | exploit
advisories | CVE-2020-15921
SHA-256 | 86e2305e7a7f0d25c6dfbab6d4adb6739f2f26ffa8ef6c2b548172995425ddfb
BlackCat CMS 1.3.6 Cross Site Request Forgery
Posted Sep 21, 2020
Authored by Noth

BlackCat CMS version 1.3.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-25453
SHA-256 | b357b4740c79899cf76358887a76b53060714f53efb12a16879b0ef3a7d24388
Seat Reservation System 1.0 SQL Injection
Posted Sep 21, 2020
Authored by Augkim

Seat Reservation System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2befaf88792c81606e89b39a2185e4fea15c18b4589266da9acf985547878add
Online Shop Project 1.0 SQL Injection
Posted Sep 21, 2020
Authored by Augkim

Online Shop Project version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 852fa5b6ad3034ff4cf495c78db5430ddb3965cbd5d7c83d76b84021759ebb6a
VyOS restricted-shell Escape / Privilege Escalation
Posted Sep 21, 2020
Authored by Brendan Coles, Rich Mirch | Site metasploit.com

This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell system shell intended for use by low privilege users with operator privileges. This module exploits a vulnerability in the telnet command to break out of the restricted shell, then uses sudo to exploit a command injection vulnerability in /opt/vyatta/bin/sudo-users/vyatta-show-lldp.pl to execute commands with root privileges. This module has been tested successfully on VyOS 1.1.8 amd64 and VyOS 1.0.0 i386.

tags | exploit, arbitrary, shell, root, vulnerability
advisories | CVE-2018-18556
SHA-256 | b66d6e6dd1c51b3775727b717e6c2e5f0d992e14e7e7e85bf10477d801697f46
Ubuntu Security Notice USN-4520-1
Posted Sep 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4520-1 - It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-19920
SHA-256 | ab7d2b4e684b780d0359b05f76463bd983cde89a7a7466f98dfbf800fc604239
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Posted Sep 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

B-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php script thru the rec_poza POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in the /usr/users directory. Due to an undocumented and hidden maintenance account admin_m which has the highest privileges in the application, an attacker can use these hard-coded credentials to authenticate and use the vulnerable image upload functionality to execute code on the server.

tags | exploit, arbitrary, php, code execution
SHA-256 | 81325cc43145d675e9565f4495143d5688fea28975fe4bdf5d8382c06d0f3b36
ForensiTAppxService 2.2.0.4 Unquoted Service Path
Posted Sep 21, 2020
Authored by Burhanettin Ozgenc

ForensiTAppxService version 2.2.0.4 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 1a5f41445eaf06765a3f8b203b11dc30ee0c1de3a341210da9a8aa8e63d6770d
B-swiss 3 Digital Signage System 3.6.5 Cross Site Request Forgery
Posted Sep 20, 2020
Authored by LiquidWorm | Site zeroscience.mk

B-swiss 3 Digital Signage System version 3.6.5 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | b08f9a7d7a1852006468795d912a32eea1b0b5ea0568de1a46a0a7b631c9a404
B-swiss 3 Digital Signage System 3.6.5 Database Disclosure
Posted Sep 19, 2020
Authored by LiquidWorm | Site zeroscience.mk

B-swiss 3 Digital Signage System version 3.6.5 is vulnerable to an unauthenticated database download and information disclosure vulnerability. This can enable the attacker to disclose sensitive information resulting in authentication bypass, session hijacking and full system control.

tags | exploit, info disclosure
SHA-256 | f619cd51778fec7d971df297c1a975640276fc5680e001dd6d5c871bc074d259
Apple Security Advisory 2020-09-16-5
Posted Sep 18, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-09-16-5 - Xcode 12.0 is now available and addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2020-9992
SHA-256 | 0f9f24437ee610dcd0ffba2b554069ca64830d85988a57f139b999368778dc87
Apple Security Advisory 2020-09-16-4
Posted Sep 18, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-09-16-4 - watchOS 7.0 is now available and addresses cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
systems | apple
advisories | CVE-2020-9946, CVE-2020-9952, CVE-2020-9968, CVE-2020-9976
SHA-256 | 7f2be0ff36ed50f74ec3888638f8ae775f5077dd53d9d1b8c3925c3c8b82ce89
Apple Security Advisory 2020-09-16-3
Posted Sep 18, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-09-16-3 - Safari 14.0 is now available and addresses code execution, cross site scripting, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2020-9948, CVE-2020-9951, CVE-2020-9952, CVE-2020-9983
SHA-256 | cae12a9373b83d218a96163e66f5f4bf1ba87f98cae36acd07e759d548a83cdb
Apple Security Advisory 2020-09-16-2
Posted Sep 18, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-09-16-2 - tvOS 14.0 is now available and addresses cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
systems | apple
advisories | CVE-2020-9952, CVE-2020-9968, CVE-2020-9976, CVE-2020-9979
SHA-256 | 2c0cfb49a8acf362220ab9093a092bd0c1b1a10fe5bb67752992cccd85dde3e2
Ubuntu Security Notice USN-4519-1
Posted Sep 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4519-1 - Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15710
SHA-256 | 75af37b6c9762703332730a796750331200cb5cb8f6f04b59195da4f428847a8
Apple Security Advisory 2020-09-16-1
Posted Sep 18, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-09-16-1 - iOS 14.0 and iPadOS 14.0 are now available and address code execution, cross site scripting, out of bounds read, and out of bounds write vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2020-9773, CVE-2020-9946, CVE-2020-9952, CVE-2020-9958, CVE-2020-9959, CVE-2020-9964, CVE-2020-9968, CVE-2020-9973, CVE-2020-9976, CVE-2020-9979, CVE-2020-9992
SHA-256 | 7fd9e27e217c184d9ba4d89012fdbb3e21ae0bc90b9b515446b2e0e9c773363a
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
Posted Sep 18, 2020
Authored by Pietro Oliva | Site metasploit.com

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root. NC210 devices cannot be exploited directly via /setsysname.cgi due to proper input validation. NC210 devices are still vulnerable since swBonjourStartHTTP did not perform any validation when reading the alias name from the configuration file. The configuration file can be written, and code execution can be achieved by combining this issue with CVE-2020-12110.

tags | exploit, arbitrary, shell, cgi, root, code execution
advisories | CVE-2020-12109
SHA-256 | 820ebca1a60727c3c7198c5f8d186f030d053aca8aaa88544be3fdcb57017f5e
Navy Federal Cross Site Scripting
Posted Sep 18, 2020
Authored by Arthrocyber

The Navy Federal site at navyfederal.org suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9139d239aff0e11b1a88e1a4303fccf0bce34f1d49073a50d2a694b0640107e6
Ubuntu Security Notice USN-4517-1
Posted Sep 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4517-1 - It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-18898
SHA-256 | 0d797e79375d73b5524e94ff3a4eb33024ac16847fb2288f1c02bddeeaebcdde
Mantis Bug Tracker 2.3.0 Remote Code Execution
Posted Sep 18, 2020
Authored by hyp3rlinx, Nikolas Geiselman, permanull

Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7615, CVE-2019-15715
SHA-256 | c5bd41082422ed338ccc46ee3ad8d43820a3a1cd833484f28da741205e12c069
SpamTitan 7.07 Remote Code Execution
Posted Sep 18, 2020
Authored by Felipe Molina

SpamTitan version 7.07 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-11699, CVE-2020-11700, CVE-2020-11803, CVE-2020-11804
SHA-256 | 4234f62e0c44c2e3dad423c5cc769129588ffafbed80a16f8610281916cc3da9
D-Link DGS-1210-28 Denial Of Service
Posted Sep 18, 2020
Authored by Saeed reza Zamanian

D-Link DGS-1210-28 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 1fcff2e0ab5633d0de2304376d33dafe34f1dc0823f5ddd9d8f8e6eff7f53ab6
Page 5 of 13
Back34567Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close