what you don't know can hurt you
Showing 26 - 50 of 117,479 RSS Feed

Files

Online Hotel Reservation System 1.0 Cross Site Scripting
Posted Aug 2, 2021
Authored by Mohammad Koochaki

Online Hotel Reservation System version 1.0 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Mesut Cetin in January of 2021.

tags | exploit, vulnerability, xss
MD5 | 0edf6c9cc89607788d24c82489b990e2
Neo4j 3.4.18 Remote Code Execution
Posted Aug 1, 2021
Authored by Nick Gonella, Christopher Ellis

Neo4j version 3.4.18 RMI-based java deserialization remote code execution exploit.

tags | exploit, java, remote, code execution
MD5 | 4308113757c05a9c6ddc914eadc40b93
Men Salon Management System 1.0 SQL Injection
Posted Jul 31, 2021
Authored by Akshay Khanna

Men Salon Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 0ff477e555550da6dc8a150460ace2e3
Pi-Hole Remove Commands Linux Privilege Escalation
Posted Jul 30, 2021
Authored by h00die, Emanuele Barbeno | Site metasploit.com

Pi-Hole versions 3.0 through 5.3 allows for command line input to the removecustomcname, removecustomdns, and removestaticdhcp functions without properly validating the parameters before passing to sed. When executed as the www-data user, this allows for a privilege escalation to root since www-data is in the sudoers.d/pihole file with no password.

tags | exploit, root
advisories | CVE-2021-29449
MD5 | dac4dfce514725aab909b2548e85e3ee
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
Posted Jul 30, 2021
Authored by LiquidWorm | Site zeroscience.mk

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | 144372220bfafa4d89dbf4f8e47b37df
Red Hat Security Advisory 2021-2965-01
Posted Jul 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2021-21409, CVE-2021-3536
MD5 | a0114d53b577918564cb95687a4409bb
Ubuntu Security Notice USN-5026-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18020, CVE-2021-36978
MD5 | 1df5275a8531c053a169685e8b2d82e6
Ubuntu Security Notice USN-5027-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32610
MD5 | e229b5ed152b516f5a258a11fdafd755
ObjectPlanet Opinio 7.13 Shell Upload
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2020-26806
MD5 | 428a660ba8fcf617d5de88b7920acbe4
ObjectPlanet Opinio 7.13 Expression Language Injection
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio version 7.13 suffers from an expression language injection vulnerability.

tags | exploit
advisories | CVE-2020-26565
MD5 | e4ac02c7c40ce27bf82fc181349ac136
ObjectPlanet Opinio 7.13 / 7.14 XML Injection
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio versions 7.13 and 7.14 suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2020-26564
MD5 | 42b0801a736a8c5f0e5d56cd04363a4e
Demystifying Nmap Scans At The Packet Level
Posted Jul 30, 2021
Authored by Aditya Srivastava | Site adityasrivastava2762.blogspot.com

This paper contains a step by step detailed walk-through of different nmap scanning techniques and how the nmap traffic looks like in wireshark for each scan. The objective of documenting the paper is to get a better understanding of packets while initiating any nmap scan so that it can help in bypassing firewalls or debugging what went wrong between the source and destination. It can also help in writing basic firewall rules.

tags | paper
MD5 | d7c2cc86d7a9d259f00455f3d755ec57
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
Posted Jul 29, 2021
Authored by James Forshaw, Google Security Research

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

tags | exploit
advisories | CVE-2021-34470
MD5 | 5f885a87a9be3f10bfe9e9e4c08c923c
Ubuntu Security Notice USN-5025-2
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
MD5 | 36961b1b148131d5ac49f6d33229fe09
Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection
Posted Jul 29, 2021
Authored by J. Francisco Bolivar

Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 3c10a991eb8badac274f6dcaed884e44
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Posted Jul 29, 2021
Authored by LiquidWorm | Site zeroscience.mk

Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.

tags | exploit, arbitrary
MD5 | 6a5637ce7d7f32fbc3a3c1f0931505e7
Ubuntu Security Notice USN-5025-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
MD5 | 317f74ce8072ee0dc28309859d8ab843
Denver IP Camera SHO-110 Snapshot Disclosure
Posted Jul 29, 2021
Authored by Ivan Nikolsky

Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.

tags | exploit, info disclosure
MD5 | 9c56c41fd6c84e6025c78a7ea70f8fc2
ObjectPlanet Opinio 7.12 Cross Site Scripting
Posted Jul 29, 2021
Authored by Ang Kar Min

ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-26563
MD5 | 2baf2d582b70bc71d82c7d5d66558dd6
Ubuntu Security Notice USN-4944-2
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4944-2 - USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Ubuntu 20.04 has been updated to MariaDB 10.3.30.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 805c04f52ac0499cb1925b8798585651
CloverDX 5.9.0 Code Execution / Cross Site Request Forgery
Posted Jul 29, 2021
Authored by niebardzo

CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.

tags | exploit, remote, code execution, csrf
advisories | CVE-2021-29995
MD5 | 6b9334fc24a1423e729c3cc9ba40c878
Ubuntu Security Notice USN-5024-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2021-21775, CVE-2021-30689, CVE-2021-30749, CVE-2021-30799
MD5 | 50a9963ba1903faeab04b47189a80b51
Care2x Integrated Hospital Info System 2.7 SQL Injection
Posted Jul 29, 2021
Authored by securityforeveryone.com

Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2edf1e8741d37582e1ac3205362fd224
IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration
Posted Jul 29, 2021
Authored by LiquidWorm | Site zeroscience.mk

IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.

tags | exploit
MD5 | 3dbce8c7f3ef261ca1360be805297f27
Red Hat Security Advisory 2021-2932-01
Posted Jul 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2932-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-22918, CVE-2021-23362, CVE-2021-27290, CVE-2021-33502
MD5 | 09026fe4bea1368d8dd91241bc564be1
Page 2 of 4,700
Back12345Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    7 Files
  • 5
    Aug 5th
    7 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close