exploit the possibilities
Showing 26 - 50 of 480 RSS Feed

Files Date: 2020-11-01 to 2020-11-30

ElkarBackup 1.3.3 Cross Site Scripting
Posted Nov 27, 2020
Authored by Vyshnav NK

ElkarBackup version 1.3.3 suffers from persistent cross site scripting vulnerabilities. This notes a variant attack vector for the original vulnerability discovered in this version in August of 2020 by Enes Ozeser.

tags | exploit, vulnerability, xss
MD5 | f37ab9e621badd927ec90136c1c6cc1a
Fujitsu Eternus Storage DX200 S4 Broken Authentication
Posted Nov 26, 2020
Authored by Seccops

Fujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.

tags | exploit, root
advisories | CVE-2020-29127
MD5 | 5ae6b1f300710953b64144f45eb1ec87
Ubuntu Security Notice USN-4645-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4645-1 - It was discovered that Mutt incorrectly handled certain connections. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-28896
MD5 | cd283da3bb2392abd24e2909c62ed5d2
Ubuntu Security Notice USN-4647-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4647-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2020-15683, CVE-2020-26951, CVE-2020-26959, CVE-2020-26968
MD5 | 662abdc998a96f824b8b60a609daef62
libupnp 1.6.18 Denial Of Service
Posted Nov 26, 2020
Authored by Patrik Lantz

libupnp version 1.6.18 stack-based buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
advisories | CVE-2012-5958
MD5 | eec0f79236ada16154ef65b5142e8111
BigBlueButton 2.2.29 E-mail Validation Bypass
Posted Nov 26, 2020
Authored by Ismail Saygili

BigBlueButton versions 2.2.29 and below suffer from an e-mail validation bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-29043
MD5 | e5cbcb0cd6ca27bcdf0920717ef88a9c
Ubuntu Security Notice USN-4648-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4648-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-13753, CVE-2020-9983
MD5 | 6fe24a2351dd3e1ef847961c9f674d37
Ubuntu Security Notice USN-4646-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4646-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-21009, CVE-2020-27778
MD5 | 7cf4344708476bc2707af653630128ce
Capturing MSSQL Credentials From An Executable
Posted Nov 26, 2020
Authored by Ismail Onder Kaya

Whitepaper called Capturing MSSQL Credentials from an Executable.

tags | paper, sql injection
MD5 | 9a80044c9c87fbf0c732fe61cadc99ab
Razer Chroma SDK Server 3.16.02 Race Condition
Posted Nov 26, 2020
Authored by Loke Hui Yi

Razer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution.

tags | exploit, remote
advisories | CVE-2020-16602
MD5 | 41512f58b08ee3566977672f08d7738a
Pure-FTPd 1.0.48 Remote Denial Of Service
Posted Nov 26, 2020
Authored by xynmaps

Pure-FTPd version 1.0.48 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 4faedb0ebc45caaf698a7e127f51e1be
Foxit Reader 9.0.1.1049 Arbitrary Code Execution
Posted Nov 26, 2020
Authored by CrossWire

Foxit Reader version 9.0.1.1049 suffers from an arbitrary code execution vulnerability. This is a variant exploit of the original finding from 2018.

tags | exploit, arbitrary, code execution
advisories | CVE-2018-9958
MD5 | b950b07ca3d87158ef656845beeaadbc
BigBlueButton 2.2.29 Brute Force
Posted Nov 25, 2020
Authored by Ismail Saygili

BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.

tags | exploit, cracker
advisories | CVE-2020-29042
MD5 | 847d6dd1af2ce5bc8478dd79f1c6b724
House Rental 1.0 SQL Injection
Posted Nov 25, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.

tags | exploit, remote, sql injection
MD5 | c74de0bcdcb478a0ebbca36dac706cc0
OpenMediaVault rpc.php Authenticated PHP Code Injection
Posted Nov 25, 2020
Authored by Anastasios Stasinopoulos | Site metasploit.com

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-26124
MD5 | 5db0392e6b4ca81a678c8e7564a34918
Kong Gateway Admin API Remote Code Execution
Posted Nov 25, 2020
Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.

tags | exploit
MD5 | 864501ece471d75b51c2e231c10cf5c4
WordPress Simple File List Unauthenticated Remote Code Execution
Posted Nov 25, 2020
Authored by h00die, coiffeur | Site metasploit.com

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

tags | exploit, remote, arbitrary, php
MD5 | 53dc99d870452eb23bdf7882ccb0c3e3
Ubuntu Security Notice USN-4644-1
Posted Nov 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4644-1 - It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20349
MD5 | a0fa8d720ad6105276d63d5678047877
SyncBreeze 10.0.28 Remote Buffer Overflow
Posted Nov 25, 2020
Authored by Abdessalam King

SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
MD5 | bc1a7022ff9c1b9889c27f49798311ef
osCommerce 2.3.4.1 Cross Site Scripting
Posted Nov 25, 2020
Authored by Emre Aslan

osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5011ca36bbca4fd8a29f2e3d10df4f2e
Wondershare Driver Install Service Help 10.7.1.321 Unquoted Service Path
Posted Nov 25, 2020
Authored by Luis Sandoval

Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | b7543a1f2ace5e73d3e27543923b036a
Ubuntu Security Notice USN-4643-1
Posted Nov 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4643-1 - It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service or possibly execute arbitrary code. It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11365, CVE-2019-11366
MD5 | bcc71db7af3bff7d8c36dc1d56b825fe
GNU Privacy Guard 2.2.25
Posted Nov 24, 2020
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Updates to the Polish translation and to gpgconf.
tags | tool, encryption
MD5 | 07779688b7d7805696a740c52ac744e4
nfstream 6.2.4
Posted Nov 24, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Minor fixes and an nDPI maintenance update.
tags | tool, python
systems | unix
MD5 | 5dfe1632f9f5c7831e6f3aacc8f0817f
ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password
Posted Nov 24, 2020
Authored by T. Weber, S. Robertz | Site sec-consult.com

ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b293a0edbfa49250febb13cbf573bd9b
Page 2 of 20
Back12345Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close