what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-12-11 to 2020-12-12

OpenAsset Digital Asset Management SQL Injection
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-28860
SHA-256 | 895921eb0a53976c8b5da677f784a32391efcbd1cc80d796ef72378efa54580a
OpenAsset Digital Asset Management Cross Site Request Forgery
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-28858
SHA-256 | 078180c0088a10bb5564b3436104fdcc80f9d53548b5cf7063cb5edac1d63305
OpenAsset Digital Asset Management Insecure Direct Object Reference
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit
advisories | CVE-2020-28861
SHA-256 | a0acbb09078931bf9f089e891b334d18ce2ebf45b68c44d5c001bc986f5e04b9
Advanced Component System (ACS) 1.0 Path Traversal
Posted Dec 11, 2020
Authored by Francisco Javier Santiago Vazquez

Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 643713537d4e5a942c72e49449790b5a7445873f36295831510b9a872e94a886
OpenAsset Digital Asset Management Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, vulnerability, xss
advisories | CVE-2020-28857, CVE-2020-28859
SHA-256 | f23463f784d061541c79ecdec79a17114bfcaa396f5627dde1e0c79a90a2ae45
Onilne Bus Booking System Project 1.0 Cross Site Scripting
Posted Dec 11, 2020
Authored by Krishna Yadav

Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | a9d3e14b3988aec61f8fb2be72fc500e476e74698104b20990c77dd79fbe57e3
OpenAsset Digital Asset Management IP Access Control Bypass
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, spoof, bypass
advisories | CVE-2020-28856
SHA-256 | ad00d431157ae8f7dd34f7235a000e058a087a21a50442a4aad8f2801e7fdb27
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-29303, CVE-2020-29304
SHA-256 | 6aa12eb5e2a30f4c4d114b32f8b866bc1a6a86a0191f2dd3043d5c986c598b92
Aerospike Database UDF Lua Code Execution
Posted Dec 11, 2020
Authored by Brendan Coles, b4ny4n | Site metasploit.com

Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.

tags | exploit, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-13151
SHA-256 | 9da6a0d3621953b2fc4709d0b41d45d3637b5f4cbe3f23650d74e4584833bfb6
Ubuntu Security Notice USN-4666-2
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
SHA-256 | ac4ca768b5ce952dba394cc6b1930615a99b670e0cb573d027161391c298c8cb
Rukovoditel 2.6.1 Shell Upload / Local File Inclusion
Posted Dec 11, 2020
Authored by coiffeur

Rukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, code execution, file inclusion
SHA-256 | 975b7ba7dfc1c500ea9e23d90655a5643b1a793677defc9ec265442ecab49fce
Dolibarr 12.0.3 SQL Injection / Remote Code Execution
Posted Dec 11, 2020
Authored by coiffeur

Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.

tags | exploit, remote, code execution, sql injection
SHA-256 | 752f6eae60abdb96ea2bf446f22afe9d2446db44df565231549fcd6896d20f74
Courier Management System 1.0 Cross Site Scripting
Posted Dec 11, 2020
Authored by Zhaiyi

Courier Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6e82f51cfebbd09c7ab16d5d4779e36ed7b58d1333a53e941f76b5d266779140
Courier Management System 1.0 SQL Injection
Posted Dec 11, 2020
Authored by Zhaiyi

Courier Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | c396f1c7ce034b15838b2aeaadb4359a9a46fc66ad4d19d8891399724a42c558
Medical Center Portal Management System 1.0 Cross Site Scripting
Posted Dec 11, 2020
Authored by Saeed Bala Ahmed

Medical Center Portal Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 70b7b5cc626d81d1fcc8e61c09febd776cff99c946493c5b6fef02ff093dec14
Jenkins 2.235.3 Cross Site Scripting
Posted Dec 11, 2020
Authored by gx1

Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-2229, CVE-2020-2230
SHA-256 | 5ae48804e53b05b0959fb9da096cca0880a8cea84800e7c45b02f24e07a2393d
Supply Chain Management System SQL Injection
Posted Dec 11, 2020
Authored by Piyush Malviya

Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6d5c4d8bdba37bc621af538a7b3cfaacea9de80efe3bb59e082ef15edfdf0a1b
Ubuntu Security Notice USN-4669-1
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.

tags | advisory, remote, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2019-12970
SHA-256 | ec56d0c884f8baad912f6d3ab6c4ea8f85e06797d750de40278239eb4fcd0009
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close