exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-10-05 to 2020-10-06

GAEN Protocol Metadata Deanonymization / Risk-Score Inflation
Posted Oct 5, 2020
Authored by Stefan Marsiske

The TX Power value in the metadata in the beacon of the GAEN protocol used by the corona/contact tracing app allows for attackers to influence risk-score calculations in their favor and the same metadata can also be used to deanonymize diagnosed users based on the type of phone they are using.

tags | advisory, protocol
advisories | CVE-2020-24722
SHA-256 | 327419dece0900ea7e5541c080133f27f84f526d86f6c2191e14654349a7f444
Restaurant Reservation System 1.0 SQL Injection
Posted Oct 5, 2020
Authored by b1nary

Restaurant Reservation System version 1.0 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ea0b9fc5533a77937a00adf2c0ffb42ca93e57fdcc9f32c8e81ff679b7eeaab4
Red Hat Security Advisory 2020-4176-01
Posted Oct 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4176-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-14364
SHA-256 | bb8b36a7c39b7350325c2b8a95593bd25725c17becfa76559fb6cf1c21f12cc4
Ubuntu Security Notice USN-4571-1
Posted Oct 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4571-1 - It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-18978
SHA-256 | a0a0658399d5e63d849ed5966f66fabd79ae781d9b68bb0c3de1e3f760f7fb7f
Ubuntu Security Notice USN-4570-1
Posted Oct 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4570-1 - It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-26137
SHA-256 | bc34327ecae46eb773cf8d568fc89319012049888c446b6040f05627fc396462
Ubuntu Security Notice USN-4568-1
Posted Oct 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4568-1 - It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-8927
SHA-256 | f9097e44079849e43da37d40cacdf85e0ee55963187a691508646279fae394a1
SpamTitan 7.07 Remote Code Execution
Posted Oct 5, 2020
Authored by Felipe Molina

SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php.

tags | exploit, remote, php, code execution
advisories | CVE-2020-11698
SHA-256 | 46511399bed0e9da7c7e842465a1d68fcec18943d583bc702307a069fc3d4fa3
RocketLinx Series Authentication Bypass / CSRF / Command Injection
Posted Oct 5, 2020
Authored by T. Weber | Site sec-consult.com

RocketLinx Series suffers from unauthenticated device administration, backdoor account, cross site request forgery, command injection, and unauthenticated tftp action vulnerabilities. Multiple versions are affected.

tags | advisory, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504
SHA-256 | 8442cf2977502cf345c9cdeea5392c4f9553884f014a51ece6c87fa179154e17
Ubuntu Security Notice USN-4569-1
Posted Oct 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands.

tags | advisory, remote, arbitrary, cgi
systems | linux, ubuntu
advisories | CVE-2020-24379, CVE-2020-24916
SHA-256 | 8427560bcb397eab5a79c38d2dd2ed9f39fe10fa9dd337ea9c02b328aeac99b1
Red Hat Security Advisory 2020-4174-01
Posted Oct 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4174-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-2614, CVE-2019-2627, CVE-2019-2628, CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2938, CVE-2019-2974, CVE-2020-13249, CVE-2020-2574, CVE-2020-2752, CVE-2020-2760, CVE-2020-2780, CVE-2020-2812, CVE-2020-2814, CVE-2020-2922
SHA-256 | ece2f685a93347ca11789257aa9f028c304745d9d554145f31d7c8d3c81c0f28
Red Hat Security Advisory 2020-4173-01
Posted Oct 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4173-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24750
SHA-256 | 8b8e071b436569c662b5e7affa725ef63be59fbcf87ea8c078aab51857b186f5
GRR 3.4.2.3
Posted Oct 5, 2020
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Reference documentation and an OpenAPI spec is now available for the GRR API. Timeline collection flow now also collects the file creation timestamp on all platforms. Various other updates and improvements.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | b0ccda97087aaa7971b0c68d4ae786c7ce80b8febe3d1fe7afb902d96f6560da
SQLMAP - Automatic SQL Injection Tool 1.4.10
Posted Oct 5, 2020
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | bdc38d1adc5fa95f28e74aa994707916239a8cc033e3cb6ce2fe9c68c167e3ff
Red Hat Security Advisory 2020-4172-01
Posted Oct 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4172-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-10713, CVE-2020-14364
SHA-256 | a29c0d6d2c6b0d02645acb4907ddead0576c0147d5e8f6943debebb31c9278b4
Red Hat Security Advisory 2020-4167-01
Posted Oct 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4167-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a memory leak vulnerability.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2019-20382, CVE-2020-14364
SHA-256 | 5510d06dfab09d9c352ee681cc67eb6b0acf5a015566e42dd1ad0ac9d37e06a2
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close