exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 466 RSS Feed

Files Date: 2021-01-01 to 2021-01-31

Gentoo Linux Security Advisory 202101-38
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-38 - A vulnerability was discovered in NSD which could allow a local attacker to cause a Denial of Service condition. Versions less than 4.3.4 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
advisories | CVE-2020-28935
SHA-256 | 7d524441ccd8474adf4b85bdd76aa9cb9c85c2b7ff7a88a04dffde4e91306901
Ubuntu Security Notice USN-4714-1
Posted Jan 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell, code execution
systems | linux, ubuntu
advisories | CVE-2020-26217, CVE-2020-26258, CVE-2020-26259
SHA-256 | 0599be6b3cfb387f0c1c305c18e99a24d7e7aabf6f5bb1820cebfd59b75b191b
Metasploit Framework 6.0.11 Command Injection
Posted Jan 29, 2021
Authored by Justin Steven

Metasploit Framework version 6.0.11 msfvenom APK template command injection exploit.

tags | exploit
advisories | CVE-2020-7384
SHA-256 | 0d9c5f7dc903dd1d7e2dd33b50690e3be7b460458dacf13578f2a28fa5ba3ec3
Packed.Win32.Katusha.o MVID-2021-0061 Insecure Permissions
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Packed.Win32.Katusha.o suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
SHA-256 | a9b5e83001190ef68d071f5929c56248aad49dd3be5021af063c90e76906e12d
Backdoor.Win32.MiniBlackLash MVID-2021-0060 Denial Of Service
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.MiniBlackLash malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
SHA-256 | 990e85aa559b8d7872f4bd1d2d9c7414e72696a4e08982398c71d435a17e36c1
Online Voting System 1.0 Authorization Bypass
Posted Jan 29, 2021
Authored by Richard Jones

Online Voting System version 1.0 suffers from an authorization bypass vulnerability that allows for the password change of other users.

tags | exploit, bypass
SHA-256 | b5602920743becf85d943b0687ceab51b1b1fe2b42685c27fffed369ebcea8e3
Red Hat Security Advisory 2021-0299-01
Posted Jan 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0299-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
SHA-256 | 47a6c099170886d0dfec4ce713a988a2cfc638ff6c8591e9a90a90b77ed1376e
BloofoxCMS 0.5.2.1 Cross Site Scripting
Posted Jan 29, 2021
Authored by LiPeiYi

BloofoxCMS version 0.5.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c6cc0a7902952943c480d0bed0bedebd44d4bb52108d4e042d32b75d376fb55a
Gentoo Linux Security Advisory 202101-37
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-37 - A buffer overflow in VLC might allow remote attacker(s) to execute arbitrary code. Versions less than 3.0.12.1 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2020-26664
SHA-256 | 4f3ec9b81da7090724694c74da49a355c57de39fca2fc9b1a27a44eb6f0dc55a
Gentoo Linux Security Advisory 202101-36
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-36 - A vulnerability in ImageMagick's handling of PDF was discovered possibly allowing code execution. Versions less than 6.9.11.41-r1 are affected.

tags | advisory, code execution
systems | linux, gentoo
advisories | CVE-2020-29599
SHA-256 | c2ba100de84f7d1fd8ec3787eaeac17dfcce035fef1ed1f023f21d07def2b642
Online Grading System 1.0 SQL Injection
Posted Jan 29, 2021
Authored by Ruchi Tiwari

Online Grading System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b03d85739dc18f083afd092e5bcc7421a9399a88f8fcb6b91fbece090f151f02
Backdoor.Win32.Mhtserv.b MVID-2021-0059 Missing Authentication
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Mhtserv.b malware suffers from a missing authentication vulnerability.

tags | exploit
systems | windows
SHA-256 | c2d962b6b33685f4a1b80d7ef4869d759d00c5699b31aa97936bf2d6accbf8a3
Red Hat Security Advisory 2021-0298-01
Posted Jan 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0298-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
SHA-256 | 3522adef5d9665bda2b6a20a4478bdf85a0af546dacec458397fbdd1752a84dc
Quick.CMS 6.7 Remote Code Execution
Posted Jan 29, 2021
Authored by mari0x00

Quick.CMS versions 6.7 and below suffer from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-35754
SHA-256 | c14f2374f378b8f14bdd754ad6b876269ddc8433b34763841ada668656c12a01
Home Assistant Community Store 1.10.0 Path Traversal
Posted Jan 29, 2021
Authored by Lyghtnox

Home Assistant Community Store (HACS) version 1.10.0 suffers from a path traversal vulnerability that allows for account takeover.

tags | exploit, file inclusion
SHA-256 | 06a8ea0658722e24ff3247bf292a001bb12ff1cf3cce3876e958d4add5ff945b
Backdoor.Win32.Zhangpo MVID-2021-0058 Denial Of Service
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zhangpo malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
SHA-256 | 5cb8723bcc0056e506df32a4a5bd6da484f5fa7c392b129308a901e46c9a4dee
Backdoor.Win32.Zetronic MVID-2021-0057 Denial Of Service
Posted Jan 29, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zetronic malware suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | windows
SHA-256 | 58737cb63d2968feaacbe6dce8c7ad02a3d0289723f92f5a5dff7376fb89db3f
MyBB Hide Thread Content 1.0 Information Disclosure
Posted Jan 29, 2021
Authored by 0xB9

MyBB Hide Thread Content plugin version 1.0 suffers from an information leakage vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-3337
SHA-256 | 7f46b890703ec52c6f242ce37fd468e2f2fd79d720184202e24037508b01fd8b
Red Hat Security Advisory 2021-0297-01
Posted Jan 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0297-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
SHA-256 | 238fdcbe4d4917b8291e1febe41d0d12f2e523bf85472e50e2b701209c7c7d4b
Glibc Character Conversion Assertion
Posted Jan 29, 2021
Authored by Tavis Ormandy, Google Security Research

If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding.

tags | advisory
SHA-256 | c6a21c4fe097d825b800e707fc854c169f367c24e1653ab4813d566b22024d97
PRTG Network Monitor Remote Code Execution
Posted Jan 28, 2021
Authored by Josh Berry, Julien Bedel | Site metasploit.com

This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform remote code execution using a Powershell payload. It may require a few tries to get a shell because notifications are queued up on the server. This vulnerability affects versions prior to 18.2.39.

tags | exploit, remote, web, shell, code execution
advisories | CVE-2018-9276
SHA-256 | c4ad3f67d521bd09be953b85a6d838485af4c4523264fbbbeb295896439dc54a
Micro Focus UCMDB Remote Code Execution
Posted Jan 28, 2021
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to exploit Operations Bridge Manager (containerized) and Application Performance Management.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2020-11853, CVE-2020-11854
SHA-256 | 59be14dc0b274846876d82ee91afdb255998980f7c79be4eb7f93d0f3ff0e005
Ubuntu Security Notice USN-4706-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4706-1 - Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header injection via a CORS ExposeHeader tag. An attacker could use this to gain access or cause a crash. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2020-10736, CVE-2020-10753, CVE-2020-25660
SHA-256 | 5ca5f6fbb96672b6cacce6e620542245a2be459f209d4b6805ec82e20023821f
Ubuntu Security Notice USN-4707-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4707-1 - It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-3139
SHA-256 | d473dee44de4b75bcb27ef0b49ecb25cee9ff1c51e5f0ccf25581627b9d4e8d2
Chamilo LMS 1.11.14 Cross Site Scripting
Posted Jan 28, 2021
Authored by Daniel Bishtawi | Site netsparker.com

Chamilo LMS version 1.11.14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 66912e34644409efcf1b7788f9989030b4429b09a9c1f83c3d68aaa2c0bfe80b
Page 1 of 19
Back12345Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close