Online DJ Booking Management System Project Report version 1.0 remote SQL injection exploit that achieves code execution.
a9e41d63dd700e9847b63f161dcb8bf8Liferay Portal versions prior to 7.2.1 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface.
1b2dd015379b863c0608bdba7753b167Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload.
245bf731b05ac276a48b0f51f260ba04Impress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code execution.
b5f8c806b5bde139ab34a7e35d46ad18Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.
411b5ebef9a23a0632621a466851bcb3Red Hat Security Advisory 2020-2833-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.
c15d51965d9e7559c550cff4212cfca5This exploit demonstrates the remote code execution vulnerability in the Traffic Management User Interface (TMUI) in BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1.
8560c8fc52cbe883bafd9702f00353bcRSA IG+L Aveksa version 7.1.1 suffers from a remote code execution vulnerability due to an authorization bypass issue.
7f8a7faeaf6a30052a2f2e03d4e71999Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.
31691ce3c81c37946e036a7240a1b83fWhitepaper discussing how to leverage the WhatsApp remote code execution vulnerability that takes advantage of a double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library.
9970cc4e34af7ebf4899a50eaf2a2bc7Proof of concept exploit that leverages a double-free in the DDGifSlurp function in decoding.c in the android-gif-drawable library in order to achieve remote code execution in WhatsApp.
114e0559ea9446171ccf0388c938ad4bRiteCMS version 2.2.1 suffers from an authenticated remote code execution vulnerability.
4124481b24b6169f3e6365184d8f21b2Bolt CMS versions 3.7.0 and below suffer from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities that when combined can achieve remote code execution in one click.
e1905dcd1353235ff99a9faf7ed545efOCS Inventory NG version 2.7 suffers from a remote code execution vulnerability.
11cc526d805b8e3ce99d3b7f7600418dRed Hat Security Advisory 2020-2816-01 - Packages: Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 6. Issues addressed include a code execution vulnerability.
305c99a3906baeee9845f83cd9f59f6cRed Hat Security Advisory 2020-2814-01 - Packages: Red Hat Single Sign-On 7.4.1 adapters for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include a code execution vulnerability.
89b5259b3e747b45dc8b0c79b028d834Red Hat Security Advisory 2020-2813-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.1 serves as a replacement for Red Hat Single Sign-On 7.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and cross site scripting vulnerabilities.
fc87487bd16e3e344871d5b5c6ab11d5Red Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
d863f41048b1ebe1f7f80eddca076cfeRed Hat Security Advisory 2020-2737-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
0f29e0c0fcd0008881ea52cec8b8b6b6OpenEMR version 5.0.1 suffers from a remote code execution vulnerability.
23ed8b760daddea91e76635e26b35edeThis Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).
de6af616d3b724854268bccfee1cf557The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
0ce466f922be78b19e5b1169c13ef711Qualys has released their local privilege escalation and remote code execution exploit for qmail that leverages the vulnerability as described in CVE-2005-1513.
918f10fb453026a4eef569943c62c387Lansweeper version 7.2 has a default admin account enabled which allows for remote code execution.
68dd400bb05cb6860309c4939877a95dRed Hat Security Advisory 2020-2583-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and double free vulnerabilities.
775b3556f5e37f4421f913205327dda2
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed