what you don't know can hurt you
Showing 1 - 25 of 8,768 RSS Feed

Web Files

Red Hat Security Advisory 2021-3955-01
Posted Oct 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3955-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration. This release provides a number of security fixes, bug fixes and enhancements. For detailed information on changes in this release, see the Red Hat Directory Server 11 Release Notes linked from the References section.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-3652
MD5 | d0fa325631a3d5e688798bee9b8d6f45
Hikvision Web Server Build 210702 Command Injection
Posted Oct 25, 2021
Authored by bashis

Hikvision Web Server Build 210702 suffers from a command injection vulnerability.

tags | exploit, web
advisories | CVE-2021-36260
MD5 | f61fa809f59a5d34a34ed01d7d37b3d3
Apache HTTP Server 2.4.50 Remote Code Execution
Posted Oct 24, 2021
Authored by thelastvvv

Apache HTTP Server version 2.4.50 remote code execution exploit.

tags | exploit, remote, web, code execution
advisories | CVE-2021-42013
MD5 | 00e3007a5d132ef7e927cc763523a813
Red Hat Security Advisory 2021-3903-01
Posted Oct 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3903-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-22922, CVE-2021-22923
MD5 | 7b6df42510c0361b27c55dbd05345b40
Red Hat Security Advisory 2021-3856-01
Posted Oct 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3856-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-40438
MD5 | 13f9dedad23343e3acd6e4108e1bc25c
Red Hat Security Advisory 2021-3836-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3836-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-40438
MD5 | 24360cdd3532c8790175587bb477664b
Red Hat Security Advisory 2021-3837-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3837-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-40438
MD5 | 15b3d9e8a40e5c5098ff584014a1ba46
Apache HTTP Server 2.4.50 Path Traversal / Code Execution
Posted Oct 13, 2021
Authored by Lucas Souza

Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities.

tags | exploit, web, vulnerability, code execution, file inclusion
advisories | CVE-2021-42013
MD5 | 83e881b06b8c45b03c0e1280bba0e9df
Red Hat Security Advisory 2021-3816-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3816-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include heap overflow and server-side request forgery vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-26691, CVE-2021-40438
MD5 | 7cf611150f0bfbb476f7b62096ee1e48
Moodle SpellChecker Path Authenticated Remote Command Execution
Posted Oct 12, 2021
Authored by h00die, Adam Reiser | Site metasploit.com

Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This Metasploit module was tested against Moodle versions 3.11.2, 3.10.0, and 3.8.0.

tags | exploit, web
advisories | CVE-2021-21809
MD5 | a7e5d57a6bbc39e072f95b582e1a9b48
Moodle Authenticated Spelling Binary Remote Code Execution
Posted Oct 12, 2021
Authored by Brandon Perry | Site metasploit.com

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3.

tags | exploit, web, arbitrary, shell
advisories | CVE-2013-3630, CVE-2013-4341
MD5 | 92a400708d6b383cfe2f1bd0d3314d11
Red Hat Security Advisory 2021-3791-01
Posted Oct 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3791-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
MD5 | 72f6c257c56308b68f926b8af4056562
Red Hat Security Advisory 2021-3757-01
Posted Oct 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3757-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
MD5 | 9493789b0469b8f4183a22f9a4f66375
Red Hat Security Advisory 2021-3755-01
Posted Oct 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3755-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
MD5 | f70c844144b0da55d697b7369e97fc10
Red Hat Security Advisory 2021-3756-01
Posted Oct 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3756-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501
MD5 | 339c536274297e2198f4f54ef3ee0307
Red Hat Security Advisory 2021-3754-01
Posted Oct 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3754-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-40438
MD5 | 513214eccd8b74cca2eabf194305005b
Zed Attack Proxy 2.11.0 Cross Platform Package
Posted Oct 8, 2021
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: 10 code commits since last release.
tags | tool, web, vulnerability
MD5 | 3ee4cd3518d870166237f5e00f0cc4e1
Red Hat Security Advisory 2021-3746-01
Posted Oct 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3746-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 9 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 8 and includes an important security update. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-40438
MD5 | 2c980136ba7ec5f032313d3d52b32cbf
Red Hat Security Advisory 2021-3745-01
Posted Oct 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3745-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 9 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 8 and includes an important security update. Issues addressed include a server-side request forgery vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-40438
MD5 | 889befe8c8b4dd6288b2989e6781c360
Red Hat Security Advisory 2021-3743-01
Posted Oct 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3743-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2021-41079
MD5 | 7c0d66a99716232d07c2ee5e7c36f553
Red Hat Security Advisory 2021-3741-01
Posted Oct 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3741-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2021-41079
MD5 | 26bd9e847e01fe88c8d6c9a7c3882eb3
Online-Food-Ordering-Web-App SQL Injection
Posted Oct 6, 2021
Authored by Jason Colyvas | Site github.com

Online-Food-Ordering-Web-App suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
advisories | CVE-2021-41647
MD5 | 2e3935af30a88b048926ba5e206dad5a
Apache HTTP Server 2.4.49 Path Traversal / Remote Code Execution
Posted Oct 6, 2021
Authored by Lucas Souza

Apache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.

tags | exploit, web, file inclusion
advisories | CVE-2021-41773
MD5 | 1f8f44361142a2acbf7b9f53b654f29a
SQLMAP - Automatic SQL Injection Tool 1.5.10
Posted Oct 1, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 675f4c751850d0e0e066bdb6d38b8ebd
Red Hat Security Advisory 2021-3694-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3694-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-36222, CVE-2021-3749, CVE-2021-37576, CVE-2021-37750, CVE-2021-38201
MD5 | 1c9dc0773ccbd6d66d1f85debc49bc37
Page 1 of 351
Back12345Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close