exploit the possibilities
Showing 101 - 125 of 28,742 RSS Feed

Remote Files

PrestaShop 1.7.6.7 SQL Injection
Posted Apr 9, 2021
Authored by Vanshal Gaur

PrestaShop version 1.7.6.7 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-15160
MD5 | c954154779fef04ad61ce904511a42b9
Ubuntu Security Notice USN-4896-2
Posted Apr 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4896-2 - USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2021-28957
MD5 | e4f2f008e2cdcc1460a0b818e3b91206
Linux Kernel 5.4 BleedingTooth Remote Code Execution
Posted Apr 8, 2021
Authored by Andy Nguyen

Linux kernel version 5.4 BleedingTooth bluetooth zero-click proof of concept remote code execution exploit.

tags | exploit, remote, kernel, code execution, proof of concept
systems | linux
advisories | CVE-2020-12351, CVE-2020-12352
MD5 | 11e39065cefe8b6ef7461c14faa79210
Composr 10.0.36 Shell Upload
Posted Apr 8, 2021
Authored by Orion Hridoy

Composr version 10.0.36 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2021-30149
MD5 | 735eb24f76261ce2e85c105910c3e39c
Gogs Git Hooks Remote Code Execution
Posted Apr 7, 2021
Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gogs. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gogs web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. No mitigation has been implemented so far (latest stable version is 0.12.3). This module has been tested successfully against version 0.12.3 on docker. Windows version could not be tested since the git hook feature seems to be broken.

tags | exploit, remote, web, code execution
systems | windows
advisories | CVE-2020-15867
MD5 | b94ad9d4b20219eb61069ef797cbb9b2
Gitea Git Hooks Remote Code Execution
Posted Apr 7, 2021
Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gitea web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. It has been mitigated in version 1.13.0 by setting the Gitea DISABLE_GIT_HOOKS configuration setting to true by default. This disables this feature and prevents all users (including admin) from creating custom git hooks. This module has been tested successfully against docker versions 1.12.5, 1.12.6 and 1.13.6 with DISABLE_GIT_HOOKS set to false, and on version 1.12.6 on Windows.

tags | exploit, remote, web, code execution
systems | windows
advisories | CVE-2020-14144
MD5 | 4cb5b6740800ce4b96147b406421ff7b
Ignition 2.5.1 Remote Code Execution
Posted Apr 7, 2021
Authored by cfreal

Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel versions prior to 8.4.2.

tags | exploit, remote, arbitrary
advisories | CVE-2021-3129
MD5 | f2749663416c9f45e752a3213c8cb2d6
Ubuntu Security Notice USN-4903-1
Posted Apr 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4903-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-22876
MD5 | dbdf4b4dd72c03617d13968ae01c2494
Dell OpenManage Server Administrator 9.4.0.0 File Read
Posted Apr 7, 2021
Authored by Rhino Security Labs

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

tags | exploit, remote, web, vulnerability
advisories | CVE-2020-5377
MD5 | a782a64eb3fb7e8fbc44e13f11d5378a
Google Chrome 86.0.4240 V8 Remote Code Execution
Posted Apr 7, 2021
Authored by Rajvardhan Agarwal

Insufficient data validation in V8 in Google Chrome versions prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

tags | exploit, remote
advisories | CVE-2020-16040
MD5 | 6481aa5be0a9d0cbb7790678fe5bc863
Google Chrome 81.0.4044 V8 Remote Code Execution
Posted Apr 7, 2021
Authored by Rajvardhan Agarwal

An out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

tags | exploit, remote
advisories | CVE-2020-6507
MD5 | 546e810fbad0fb6b3f43fcd0773cef92
Ubuntu Security Notice USN-4902-1
Posted Apr 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4902-1 - Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-28658
MD5 | 6fb4afa701c67bbfc2606b1a826d5550
Red Hat Security Advisory 2021-1072-01
Posted Apr 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1072-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.

tags | advisory, remote, local
systems | linux, redhat
advisories | CVE-2021-20277
MD5 | 801f4e70a01df9126a3eae103d40299a
Mini Mouse 9.2.0 Remote Code Execution
Posted Apr 5, 2021
Authored by gosh

Mini Mouse version 9.2.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 92ed69b11c1ba38fe5ae273136aef715
OpenEMR 4.1.0 SQL Injection
Posted Apr 5, 2021
Authored by Michael Ikua

OpenEMR version 4.1.0 remote SQL Injection exploit.

tags | exploit, remote, sql injection
MD5 | 14553fa83810666e04f61e897a4946f0
Basic Shopping Cart 1.0 SQL Injection
Posted Apr 5, 2021
Authored by Viren Saroha

Basic Shopping Cart version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 684b20a18d440d8bc427b515567526b1
Simple Food Website 1.0 SQL Injection
Posted Apr 3, 2021
Authored by Richard Jones

Simple Food Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | ffc6348caa12b6063100db21ba4f2bc3
F5 BIG-IP 16.0.x Remote Code Execution
Posted Apr 2, 2021
Authored by Al1ex

F5 BIG-IP version 16.0.x suffers from an iControl REST remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-22986
MD5 | f45499daffe84f508ed80070af63ea45
Ubuntu Security Notice USN-4900-1
Posted Apr 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4900-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3474, CVE-2021-3478
MD5 | 22c7345367e0c3c848f48020433aace9
Ubuntu Security Notice USN-4899-1
Posted Apr 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4899-1 - Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-1946
MD5 | dbd6e8e06d2d1fef4a9f91f0e3ace87e
ScadaBR 1.0 Shell Upload
Posted Apr 1, 2021
Authored by Fellipe Oliveira

ScadaBR version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 8626f1f23af69cc594f9e46083b387d9
School Registration And Fee System 1.0 SQL Injection
Posted Apr 1, 2021
Authored by Richard Jones

School Registration and Fee System version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e7d2ffd603c7340148e78206e9763d13
Latrix 0.6.0 SQL Injection
Posted Apr 1, 2021
Authored by cptsticky

Latrix version 0.6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ef1d8d78c6029e5c832c709d5bfe3c96
Red Hat Security Advisory 2021-1050-01
Posted Mar 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1050-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-27827, CVE-2020-35498
MD5 | 5ff8aca5506d26ec6be3fd12d445df48
Gentoo Linux Security Advisory 202103-04
Posted Mar 31, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202103-4 - A vulnerability in SQLite could lead to remote code execution. Versions less than 3.34.1 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-20227
MD5 | f59bbf0f68384bc27dd0164f4bade7f9
Page 5 of 1,150
Back34567Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    2 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    21 Files
  • 18
    May 18th
    13 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close