what you don't know can hurt you
Showing 26 - 50 of 28,395 RSS Feed

Remote Files

Backdoor.Win32.Levelone.a Remote Stack Buffer Overflow
Posted Jan 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Levelone.a malware suffers from a remote stack buffer overflow vulnerability.

tags | exploit, remote, overflow
systems | windows
MD5 | 42c19cf7188e3ac194716a5bf3da43a2
Gentoo Linux Security Advisory 202101-01
Posted Jan 11, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-1 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.13 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-24386, CVE-2020-25275
MD5 | 3a89fff6479017300d6ec9a323c8b69e
Backdoor.Win32.Ketch.b Remote Stack Buffer Overflow
Posted Jan 9, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Ketch.b malware suffers from a remote stack buffer overflow vulnerability.

tags | exploit, remote, overflow
systems | windows
MD5 | 38df86e71109ce6870225d853970d548
Backdoor.Win32.NinjaSpy.c Remote Stack Buffer Overflow
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\ which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.

tags | exploit, remote, web, overflow, tcp
systems | windows, 32
MD5 | 8f5ab251df42addd482e25bdea7aa8d8
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 77c5903183e5519dfd6d1477ae0018a4
ECSIMAGING PACS 6.21.5 SQL Injection
Posted Jan 8, 2021
Authored by shoxxdj

ECSIMAGING PACS version 6.21.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7c262b918f02322cb8ce4f726a471a8a
Cockpit CMS Remote Code Execution
Posted Jan 8, 2021
Authored by Rafael Resende

Cockpit CMS versions prior to 0.6.1 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 2e84035dfa7fd332be24257ee653f517
WordPress Autoptimize Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com

WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.

tags | exploit, remote, arbitrary, shell, php, code execution
advisories | CVE-2020-24948
MD5 | b411262c32d42ec1cbf7382e1a8f4a37
Employee Record System 1.0 Shell Upload
Posted Jan 8, 2021
Authored by Saeed Bala Ahmed

Employee Record System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 743848822029ae69cea3de6909d752da
ECSIMAGING PACS 6.21.5 Remote Code Execution
Posted Jan 7, 2021
Authored by shoxxdj

ECSIMAGING PACS version 6.21.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | b2cc9890b72511e54bdc2287292f503d
Ubuntu Security Notice USN-4686-1
Posted Jan 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4686-1 - It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5727, CVE-2020-27842, CVE-2020-8112
MD5 | 4cd68750ef2abd5f6b9640ef33177e4f
Red Hat Security Advisory 2020-5388-01
Posted Jan 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5388-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.11 serves as a replacement for Red Hat support for Spring Boot 2.2.10, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-11996, CVE-2020-25638
MD5 | b3bdc25df3f101e501f013f1465ac1d3
Sonatype Nexus 3.21.1 Remote Code Execution
Posted Jan 7, 2021
Authored by 1F98D

Sonatype Nexus version 3.21.1 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-10199
MD5 | 0b962451f81cbc4bf034f6bb2fa9acee
Gitea 1.7.5 Remote Code Execution
Posted Jan 7, 2021
Authored by 1F98D

Gitea version 1.7.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-11229
MD5 | 6c9b0d3fdae6e3de5cf84344b28d7350
IPS Community Suite 4.5.4 SQL Injection
Posted Jan 6, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.

tags | exploit, remote, sql injection
advisories | CVE-2021-3025
MD5 | dbfe43c17c45eb62df239a2a07b7e8db
NTLM BITS SYSTEM Token Impersonation
Posted Jan 6, 2021
Authored by Andrea Pierini, Cassandre, Roberto, Antonio Cocomazzi | Site metasploit.com

This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server (WinRM) every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allows to steal a SYSTEM token. This token is then used to launch a new process as SYSTEM user. In the case of this exploit, notepad.exe is launched as SYSTEM. Then, it writes shellcode in its previous memory space and trigger its execution. As this exploit uses reflective dll injection, it does not write any file on the disk. Vulnerable operating systems are Windows 10 and Windows servers where WinRM is not running. Lab experiments has shown that Windows 7 does not exhibit the vulnerable behavior.

tags | exploit, remote, local, shellcode
systems | windows, 7
MD5 | c3736b57f1257197d426a69fdf409d38
Understanding And Exploiting Zerologon
Posted Jan 6, 2021
Authored by Siddharth Balyan, Nandini Rana

Zerologon is a vulnerability in Microsoft's Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.

tags | paper, remote, protocol
advisories | CVE-2020-1472
MD5 | 941b59db31d2ceb9c4233ac44fa7d62a
Responsive E-Learning System 1.0 Shell Upload
Posted Jan 6, 2021
Authored by Kshitiz Raj

Responsive E-Learning System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 34fb807bfbcc5b76646c356f0de6c804
IPeakCMS 3.5 SQL Injection
Posted Jan 6, 2021
Authored by MoeAlBarbari

IPeakCMS version 3.5 suffers from a blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-3018
MD5 | fd41ea112ebec6f86b624347ff915c4e
SpamTitan 7.07 Command Injection
Posted Jan 5, 2021
Authored by Christophe de la Fuente, Felipe Molina | Site metasploit.com

This Metasploit module exploits an improper input sanitization in SpamTitan versions 7.01, 7.02, 7.03 and 7.07 to inject command directives into the SNMP configuration file and get remote code execution as root. Note that only version 7.03 needs authentication and no authentication is required for versions 7.01, 7.02 and 7.07.

tags | exploit, remote, root, code execution
advisories | CVE-2020-11698
MD5 | 3fb380f22740f3fda8c78a8b5b723600
Ubuntu Security Notice USN-4676-1
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4676-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16587
MD5 | 590de48f77cba77bf4361c2d44509710
PLANEX CS-QP50F-ING2 Remote Configuration Disclosure
Posted Jan 5, 2021
Authored by Todor Donev

PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit.

tags | exploit, remote
MD5 | 1b0fba0ae224a9fa6035c5327c35b67e
Online Movie Streaming 1.0 SQL Injection
Posted Jan 5, 2021
Authored by Kshitiz Raj

Online Movie Streaming version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 0da9691efbdbf5bd54c0dbebcc348b83
Online Learning Management System 1.0 Remote Command Execution
Posted Jan 5, 2021
Authored by Bedri Sertkaya

Online Learning Management System 1.0 remote command execution exploit. Remote shell upload was already discovered in this version in October of 2020 by Jyotsna Adhana.

tags | exploit, remote, shell
MD5 | f9924d1cbe0095eacec9c93fa6ce973f
Klog Server 2.4.1 Command Injection
Posted Jan 5, 2021
Authored by B3KC4T

Klog Server version 2.4.1 suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2020-35729
MD5 | 245290d70c9f7e0faf0987707145dcd4
Page 2 of 1,136
Back12345Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close