exploit the possibilities
Showing 26 - 50 of 29,227 RSS Feed

Remote Files

PrintNightmare Vulnerability
Posted Nov 22, 2021
Authored by Siddhi Verma, Divya Bora, Mayank Dholia

Whitepaper called PrintNightmare Vulnerability. This document illustrates the exploitation of the vulnerability found in the Windows spooler service. Originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch. Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat. This RCE vulnerability has been assigned a new identifier, CVE-2021-34527.

tags | paper, remote, local, code execution
systems | windows
advisories | CVE-2021-34527
MD5 | abd7ef242b6bd0fffaf67005b519a4bd
PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection
Posted Nov 20, 2021
Authored by Jason Colyvas | Site github.com

PuneethReddyHC Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-41648
MD5 | 62b24ed257ed9ae67a141155ade51b4e
Apache Storm Nimbus 2.2.0 Command Execution
Posted Nov 19, 2021
Authored by Spencer McIntyre, Alvaro Munoz | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.

tags | exploit, remote, code execution, bash
advisories | CVE-2021-38294
MD5 | 2631462b02a2e967032a92da5e87ddae
Packet Fence 11.1.0
Posted Nov 19, 2021
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: PacketFence v11 now fully supports multi-factor authentication for its captive portal, CLI and VPN. Advanced integration with Akamai MFA is now included as well as generic support for any TOTP solutions. A few new features and over two dozen enhancements and bug fixes.
tags | tool, remote
systems | unix
MD5 | 7d06527c96a3ffc5446d643fdd2870c8
WordPress Smart Product Review 1.0.4 Shell Upload
Posted Nov 17, 2021
Authored by Keyvan Hardani

WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 161936cf087f98580dab17309058c9b7
GitLab 13.10.2 Remote Code Execution
Posted Nov 17, 2021
Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2021-22204, CVE-2021-22205
MD5 | a203e85e39e4798bc3ada54cb3cc7271
Red Hat Security Advisory 2021-4702-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion
systems | linux, redhat
advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494
MD5 | 15d37f280e159b35ed6469b1f97ed672
Online Learning System 2.0 Remote Code Execution
Posted Nov 16, 2021
Authored by djebbaranon

Online Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection, file upload
advisories | CVE-2021-42580
MD5 | f1d60fe020db91363e34d8e5e5d028e1
Online Reviewer System 2.4.0 SQL Injection
Posted Nov 16, 2021
Authored by nu11secur1ty

Online Reviewer System version 2.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e0d67c854d6f65ba496fbc8683da167c
Simple Subscription Website 1.0 SQL Injection
Posted Nov 15, 2021
Authored by Daniel Haro

Simple Subscription Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2021-43140
MD5 | d0f2418dde749f911db5dbbbbd28b417
Fuel CMS 1.4.13 SQL Injection
Posted Nov 15, 2021
Authored by Rahad Chowdhury

Fuel CMS version 1.4.13 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ded71df9f03f0d856f150af3b1ddcab0
Ubuntu Security Notice USN-5145-1
Posted Nov 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5145-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23214
MD5 | fd8c899c8bff47059207ac6f3b29aa29
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
Posted Nov 12, 2021
Authored by Erik Wynter, Erik de Jong | Site metasploit.com

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain remote code execution as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the application responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a.

tags | exploit, remote, shell, local, root, php, vulnerability, code execution, file inclusion
advisories | CVE-2020-16152
MD5 | 70c6dcfbe8cd1056d848f4af42f66776
Mumara Classic 2.93 SQL Injection
Posted Nov 12, 2021
Authored by Shain Lakin

Mumara Classic versions 2.93 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e99bd2dd9e8e8c155f25b63cc633aeab
Red Hat Security Advisory 2021-4621-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4621-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2021-41159, CVE-2021-41160
MD5 | 98cc1368c1aabb680570b8a7d4e09839
Red Hat Security Advisory 2021-4622-04
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4622-04 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2021-41159, CVE-2021-41160
MD5 | bb4a60e7720389236437ac1299b6677e
Ubuntu Security Notice USN-5142-1
Posted Nov 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5142-1 - Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. Andrew Bartlett discovered that Samba did not correctly sandbox Kerberos tickets issues by an RODC. An RODC could print administrator tickets, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, local, root
systems | linux, ubuntu
advisories | CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-23192, CVE-2021-3671, CVE-2021-3738
MD5 | c11881a63d66cd2017af5970aefdad4a
Apache HTTP Server 2.4.50 Remote Code Execution
Posted Nov 11, 2021
Authored by Valentin Lobstein, Lucas Schnell

This is another variant of the Apache HTTP server version 2.4.50 remote code execution exploit.

tags | exploit, remote, web, code execution
advisories | CVE-2021-41773, CVE-2021-42013
MD5 | 906a8c46154c93bb51e32c7b41fa2eb0
YeaLink SIP-TXXXP 53.84.0.15 Command Injection
Posted Nov 11, 2021
Authored by tahaafarooq

YeaLink SIP-TXXXP version 53.84.0.15 suffers from a remote command injection vulnerability.

tags | exploit, remote
MD5 | 46ce1eaaaffb2dd76050853790c11dd6
Red Hat Security Advisory 2021-4623-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4623-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2021-41159, CVE-2021-41160
MD5 | 9dad7546d3cd4de18f6d246c7029e717
Red Hat Security Advisory 2021-4620-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4620-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2021-41159, CVE-2021-41160
MD5 | c053499174b0ade279b06b29d2a48b12
Red Hat Security Advisory 2021-4619-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4619-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

tags | advisory, remote, protocol
systems | linux, redhat, windows
advisories | CVE-2021-41159, CVE-2021-41160
MD5 | 575972dfc2a28bc6dc2ba35e9217ee78
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-33816
MD5 | 36528585cba85176debf6b055a43a015
Red Hat Security Advisory 2021-4582-02
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4582-02 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Security fixes: golang: crypto/tls: certificate of wrong type is causing TLS client to panic.

tags | advisory, remote, crypto
systems | linux, redhat
advisories | CVE-2019-3842, CVE-2020-13776, CVE-2021-22922, CVE-2021-22923, CVE-2021-34558, CVE-2021-3620
MD5 | 60c936fee8b9dec26ceb9f8b14f0ed3c
Movable Type 7 r.5002 XMLRPC API Remote Command Injection
Posted Nov 9, 2021
Authored by Ghost from Nemesis, The Criminal One | Site nemesis.sh

This Metasploit module exploits a remote command injection vulnerability in Movable Type versions 7 r.5002 and below.

tags | exploit, remote
advisories | CVE-2021-20837
MD5 | 2f92c30616395613f2b4bac24987c061
Page 2 of 1,170
Back12345Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close