what you don't know can hurt you
Showing 151 - 175 of 28,842 RSS Feed

Remote Files

Ubuntu Security Notice USN-4931-1
Posted May 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4931-1 - Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14318, CVE-2020-14323, CVE-2020-14383, CVE-2021-20254
MD5 | 286abb281e576ae65c0aec49bfe9eddc
Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution
Posted May 3, 2021
Authored by Richard Jones

Gadget Works Online Ordering System version 1.0 remote SQL injection to remote code execution exploit.

tags | exploit, remote, code execution, sql injection
MD5 | 54fabd3d8fd2ef1bf66e8982e1447134
Gadget Works Online Ordering System 1.0 SQL Injection
Posted May 3, 2021
Authored by Richard Jones

Gadget Works Online Ordering System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | a2eaa3a011a8f97e9215605c8c9e6fb1
Gentoo Linux Security Advisory 202104-01
Posted May 3, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202104-1 - A vulnerability has been found in Git that could allow a remote attacker to execute arbitrary code. Versions less than 2.26.3 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2021-21300
MD5 | ece8db17175da3a175f99db2c818ccfa
Voting System 1.0 SQL Injection
Posted May 3, 2021
Authored by Syed Sheeraz Ali

Voting System version 1.0 suffers from remote time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 592c7f356d721b7a151d210a4283ade6
GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution
Posted May 2, 2021
Authored by Bobby Cooke, Abhishek Joshi

The Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators browsers, which results in remote code execution on the hosting server, when an authenticated administrator visits a malicious third party website.

tags | exploit, remote, arbitrary, code execution, csrf
MD5 | f84e4d61a61db6947381a07172b5af44
Piwigo 11.3.0 SQL Injection
Posted Apr 30, 2021
Authored by nu11secur1ty

Piwigo version 11.3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-27973
MD5 | cba9d727369383b51aead53353eaaf3b
Ubuntu Security Notice USN-4929-1
Posted Apr 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4929-1 - Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-25214, CVE-2021-25215, CVE-2021-25216
MD5 | 8717bb83ee18054ef92b8588dcefa170
Cacti 1.2.12 SQL Injection / Remote Code Execution
Posted Apr 29, 2021
Authored by M4yFly, Leonardo Paiva

Cacti version 1.2.12 remote code execution exploit that leverages a remote SQL vulnerability.

tags | exploit, remote, code execution, sql injection
advisories | CVE-2020-14295
MD5 | 7d02b8eae5a01a746cf44cba4c1fe1a3
Fog Project 1.5.9 Shell Upload
Posted Apr 29, 2021
Authored by sML

Fog Project version 1.5.9 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 4137325100e71652f6c4dc385797fd66
Ubuntu Security Notice USN-4922-2
Posted Apr 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4922-2 - USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Various other issues were also addressed.

tags | advisory, remote, ruby
systems | linux, ubuntu
advisories | CVE-2021-28965
MD5 | 1b5b7b7ac26e069df4ca39541f536606
Hasura GraphQL 1.3.3 Remote Code Execution
Posted Apr 26, 2021
Authored by Dolev Farhi

Hasura GraphQL version 1.3.3 remote code execution exploit.

tags | exploit, remote, code execution
MD5 | cf7dfca51665d509bd1a1e39f4c0c17e
OpenPLC 3 Remote Code Execution
Posted Apr 26, 2021
Authored by Fellipe Oliveira

OpenPLC version 3 authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 18d387723d83b2f1059cb42372ad05a0
SEO Panel 4.8.0 SQL Injection
Posted Apr 26, 2021
Authored by nu11secur1ty

SEO Panel version 4.8.0 remote blind SQL injection exploit. Original discovery in this version is attributed to Piyush Patil in February of 2021.

tags | exploit, remote, sql injection
advisories | CVE-2021-28419
MD5 | 4b18d3433a071c4d3f98f08f8abcd113
Red Hat Security Advisory 2021-1342-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1342-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2021-3447
MD5 | d5925904ba1c6f4d35bd31628bcb2345
Ubuntu Security Notice USN-4924-1
Posted Apr 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4924-1 - It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A remote attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15107, CVE-2019-14513
MD5 | db00955d289374c9798d90f9935b94d7
Document Management System 1.0 SQL Injection / Remote Code Execution
Posted Apr 23, 2021
Authored by Richard Jones

Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.

tags | exploit, remote, web, shell, sql injection
MD5 | ce95bb6aee806602e2a432244244b16a
Red Hat Security Advisory 2021-1343-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1343-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2021-3447
MD5 | bf2f65bc3d37b1f9e5449f5508720479
GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution
Posted Apr 23, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.

tags | exploit, remote, code execution, xss, csrf
MD5 | 931e4a8e898c36150bfb22c1e2de3963
OTRS 6.0.1 Remote Command Execution
Posted Apr 22, 2021
Authored by Hex_26

OTRS version 6.0.1 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2017-16921
MD5 | 2a4a0d662ddbb40ed9bf9a5bbe357d4d
Red Hat Security Advisory 2021-1313-01
Posted Apr 22, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1313-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include double free, information leakage, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2017-2662, CVE-2019-18874, CVE-2020-11612, CVE-2020-14335, CVE-2020-25633, CVE-2020-9402
MD5 | 52c06a50249502d87081f9b0b7701eaf
Ubuntu Security Notice USN-4923-1
Posted Apr 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4923-1 - Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-28210, CVE-2021-28211
MD5 | 5b1e08d38f0dfa3b2d307d7650efc1ad
GravCMS 1.10.7 Remote Command Execution
Posted Apr 21, 2021
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an arbitrary configuration write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2021-21425
MD5 | 3a924cf6c744fbb9b7abad8463f578c8
Nagios XI 5.7.3 Remote Code Execution
Posted Apr 21, 2021
Authored by Chris Lyne, Erik Wynter | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-5792
MD5 | 2df6940f1d406eb594bb234456e3e6f5
Ubuntu Security Notice USN-4922-1
Posted Apr 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4922-1 - Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack.

tags | advisory, remote, ruby
systems | linux, ubuntu
advisories | CVE-2021-28965
MD5 | b1cdfd7ce654f38195dd8a4b7ac1e028
Page 7 of 1,154
Back56789Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close