what you don't know can hurt you
Showing 26 - 50 of 28,122 RSS Feed

Remote Files

Tourism Management System 1.0 Shell Upload
Posted Oct 19, 2020
Authored by Saurav Shukla, Ankita Pal

Tourism Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 023224c77cadc9a82e003c481b8f416f
Company Visitor Management System (CVMS) 1.0 SQL Injection
Posted Oct 16, 2020
Authored by Oguz Turkgenc

Company Visitor Management System (CVMS) version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 4157302994cd9e55e94b6aa44dd0fed1
Ubuntu Security Notice USN-4585-1
Posted Oct 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4585-1 - It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could use it to ran remote code by crafting a special filename.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-12904, CVE-2017-14500
MD5 | 328a24e2a98284b91341a4629d487991
Hotel Management System 1.0 Remote Code Execution
Posted Oct 16, 2020
Authored by Eren Simsek

Hotel Management System version 1.0 authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | b1e5c8ead51128c4406e997548fee939
CS-Cart 1.3.3 Remote Code Execution
Posted Oct 16, 2020
Authored by 0xmmnbassel

Details for achieving remote code execution on CS-Cart version 1.3.3, a really old version.

tags | exploit, remote, code execution
MD5 | 0df18b37ecb146e84ab2c6be59243438
Ubuntu Security Notice USN-4589-2
Posted Oct 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4589-2 - USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials. Various other issues were also addressed.

tags | advisory, remote, registry
systems | linux, ubuntu
advisories | CVE-2020-15157
MD5 | 0ff1cab3c8d8dd33e88294428bb3c3f2
Ubuntu Security Notice USN-4589-1
Posted Oct 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4589-1 - It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials.

tags | advisory, remote, registry
systems | linux, ubuntu
advisories | CVE-2020-15157
MD5 | 6b7595a2ebb73feb35765b548371311f
Alumni Management System 1.0 SQL Injection
Posted Oct 16, 2020
Authored by Ankita Pal

Alumni Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 7b8afdc94572790d06c5077a22852933
Employee Management System 1.0 SQL Injection
Posted Oct 16, 2020
Authored by Ankita Pal

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 6d7ec2c19f434bf7f9aa62926297c104
GRR 3.4.2.4
Posted Oct 15, 2020
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Minor bug-fix release on top of version 3.4.2.3
tags | tool, remote, web, forensics
systems | unix
MD5 | 83c8284e356fe2fc972ad21f6b6d301c
Simple Grocery Store Sales And Inventory System 1.0 SQL Injection
Posted Oct 15, 2020
Authored by Saurav Shukla, Jyotsna Adhana

Simple Grocery Store Sales and Inventory System 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 6c50e8d393c9fe49d4469648ddf3b04c
Zoo Management System 1.0 SQL Injection
Posted Oct 15, 2020
Authored by Jyotsna Adhana

Zoo Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 1a40df174f102f351c3f8b10a91756ab
Ubuntu Security Notice USN-4581-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4581-1 - It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2020-26116
MD5 | d903afd0dba27fdfc0f4fd0f7a1735b8
TimeClock Software 1.01 SQL Injection
Posted Oct 14, 2020
Authored by Francois Bibeau

TimeClock Software version 1.01 suffers from an authenticated time-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 017f6dcc3e7c8f8fdfbcbcbe696b977d
Red Hat Security Advisory 2020-4252-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4252-01 - This release of Red Hat build of Quarkus 1.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, sql injection
systems | linux, redhat
advisories | CVE-2019-14900, CVE-2020-10693, CVE-2020-11612, CVE-2020-1714, CVE-2020-1728
MD5 | 109ec127daca115dfe03116af7864696
Ubuntu Security Notice USN-4575-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4575-1 - It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-10683
MD5 | 13c22771427bf9520a58b64280918187
Sifter 10.21g
Posted Oct 14, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Updated README and various other bits.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 19f9c969f57d541617c0a2b33296dead
berliCRM 1.0.24 SQL Injection
Posted Oct 13, 2020
Authored by Ahmet Umit Bayram

berliCRM version 1.0.24 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 530d9cd832bd5a264cc1300d61796949
Nmap Port Scanner 7.91
Posted Oct 12, 2020
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Various bug fixes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
MD5 | a071afc6a4b5f4a5dc93d1aef82dfa9d
SEO Panel 4.6.0 Remote Code Execution
Posted Oct 12, 2020
Authored by Daniel Monzon, Kiko Andreu

SEO Panel version 4.6.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 9f9caff4b352d2413c1310db3ed195b3
Online Student's Management System SQL Injection
Posted Oct 10, 2020
Authored by George Tsimpidas

Online Student's Management System suffers from multiple unauthenticated remote SQL injection vulnerabilities. No version is provided for this software but a fix was verified by the author on October 7, 2020.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2eb37b4f3f262d3f0745a7fab4187a19
Packet Fence 10.2.0
Posted Oct 7, 2020
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Improved Layer-3 replication, more Golang, automated integration tests, and more.
tags | tool, remote
systems | unix
MD5 | badac27e328c35e43822d43864d8309a
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
Posted Oct 7, 2020
Authored by LiquidWorm | Site zeroscience.mk

A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a "nonce" value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.

tags | exploit, remote, web
advisories | CVE-2020-15688
MD5 | b8446c244573df9229e023dd4a04307d
FortiSIEM 5.2.8 EL Injection / Remote Code Execution
Posted Oct 7, 2020
Authored by redtimmysec | Site redtimmy.com

FortiSIEM versions 5.2.8 and below are vulnerable to an unauthorized remote command execution vulnerability via Expression Language injection. This advisory notes that the Richsploit exploit can be leveraged to still achieve code execution.

tags | advisory, remote, code execution
MD5 | ede89954670a655bc3179da240bac0c4
Ubuntu Security Notice USN-4572-2
Posted Oct 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4572-2 - USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14355
MD5 | f75b1a3129973828757d92800d60a53f
Page 2 of 1,125
Back12345Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    10 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close