exploit the possibilities
Showing 1 - 25 of 8,351 RSS Feed

Web Files

Red Hat Security Advisory 2020-3358-01
Posted Aug 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss, ruby
systems | linux, redhat
advisories | CVE-2020-10777, CVE-2020-10778, CVE-2020-10779, CVE-2020-10780, CVE-2020-10783, CVE-2020-14296, CVE-2020-14324, CVE-2020-14325
MD5 | dbaeedb15bc59ebaac47e32fb56252f6
Ubuntu Security Notice USN-4448-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4448-1 - It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Request Smuggling. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-13935, CVE-2020-1935, CVE-2020-9484
MD5 | f490bd6674a82d8af4d84ba15996c17f
SQLMAP - Automatic SQL Injection Tool 1.4.8
Posted Aug 4, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 268727dd92e1f9549422eb99459a1154
Red Hat Security Advisory 2020-3308-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3308-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2020-13934, CVE-2020-13935
MD5 | 64720b7761a12fb3a4767798c78ae258
Red Hat Security Advisory 2020-3306-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3306-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2020-13934, CVE-2020-13935
MD5 | caecac300e64d3b48adb292d24855b6f
Red Hat Security Advisory 2020-3305-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3305-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-13935, CVE-2020-1935
MD5 | 6e1799e37ce5f20ef4e6ad6d064b44c3
Red Hat Security Advisory 2020-3303-01
Posted Aug 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3303-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-13935, CVE-2020-1935
MD5 | c3f05082eb8212198cca368d8f048dc0
Ubuntu Security Notice USN-4444-1
Posted Aug 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4444-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-9862, CVE-2020-9915
MD5 | 41e64fcb2adc18e2a3f8f179c1a36e11
Red Hat Security Advisory 2020-3253-01
Posted Jul 31, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3253-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | e01eecc5a56b059db2b363928fd406e1
Red Hat Security Advisory 2020-3254-01
Posted Jul 31, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3254-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | 24d8a756382b85154175442c1b43216f
Red Hat Security Advisory 2020-3241-01
Posted Jul 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3241-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | c6a0d0cf88d99de6b6131f069088ea60
Red Hat Security Advisory 2020-3233-01
Posted Jul 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | f4efcb874041e054ad72ac0ef6eaf897
Red Hat Security Advisory 2020-3229-01
Posted Jul 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3229-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | 33cb829076f23ed4c33d84c010c0a603
Ubuntu Security Notice USN-4443-1
Posted Jul 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4443-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary code. It was discovered that redirected HTTP requests which are observed or modified through a web extension could bypass existing CORS checks. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information across origins. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15659, CVE-2020-6514
MD5 | d80178008eece3baac547d3e0382ff43
Hydra Network Logon Cracker 9.1
Posted Jul 29, 2020
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Enabled gcc 10 support for xhydra. Fixed crash in MD5 auth for rtsp. New module for smb2 which also supports smb3. Various other updates.
tags | tool, web, cracker, imap
systems | cisco, unix
MD5 | 7a2f54980ce44aff0cc047fb75751dba
Red Hat Security Advisory 2020-3197-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3197-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.8.0 serves as an update to Red Hat Process Automation Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-10086, CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-16869, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-1718
MD5 | 4802194f13093960da268f98bc2961b2
Red Hat Security Advisory 2020-3196-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3196-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.8.0 serves as an update to Red Hat Decision Manager 7.7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-12406, CVE-2019-12423, CVE-2019-13990, CVE-2019-16869, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-1718, CVE-2020-7238
MD5 | 8a5cd2ac046da586f0c207777d730e3c
Ubuntu Security Notice USN-4442-1
Posted Jul 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4442-1 - Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. Various other issues were also addressed.

tags | advisory, web, root
systems | linux, ubuntu
advisories | CVE-2018-1000550, CVE-2018-1000671, CVE-2020-10936
MD5 | 20f797199f0e729d298e107ea0ae73eb
Red Hat Security Advisory 2020-3192-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3192-01 - This release of Red Hat Fuse 7.7.0 serves as a replacement for Red Hat Fuse 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, XML injection, bypass, cross site scripting, denial of service, information leakage, and server-side request forgery vulnerabilities.

tags | advisory, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2016-4970, CVE-2018-1000632, CVE-2018-11797, CVE-2018-12541, CVE-2018-3831, CVE-2019-0231, CVE-2019-10086, CVE-2019-10172, CVE-2019-12086, CVE-2019-12400, CVE-2019-14540, CVE-2019-14888, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-17573, CVE-2019-20330, CVE-2019-20444, CVE-2019-20445, CVE-2019-3797, CVE-2019-9511, CVE-2019-9827, CVE-2020-10672
MD5 | cecd543467bfd58c12f141dcd8d8f2e6
Sophos VPN Web Panel 2020 Denial Of Service
Posted Jul 22, 2020
Authored by Berk Kiras

Sophos VPN Web Panel 2020 denial of service proof of concept exploit.

tags | exploit, web, denial of service, proof of concept
MD5 | 00504c0026b87dc91f6dc60d478bb7f9
Red Hat Security Advisory 2020-3032-01
Posted Jul 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3032-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Issues addressed include an open redirection vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-14857, CVE-2019-20479
MD5 | 27bf9904a036720effb45180689019a5
Plex Unpickle Dict Windows Remote Code Execution
Posted Jul 17, 2020
Authored by h00die, Chris Lyne | Site metasploit.com

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled, which causes remote code execution as the user who started Plex. Plex_Token is required, to get it you need to log-in through a web browser, then check the requests to grab the X-Plex-Token header. See info -d for additional details. If an exploit fails, or is cancelled, Dict is left on disk, a new ALBUM_NAME will be required as subsequent writes will make Dict-1, and not execute.

tags | exploit, remote, web, arbitrary, code execution, python
systems | windows
advisories | CVE-2020-5741
MD5 | 41eb0c77f9b7de3ab74e8c47a61a86c3
Web Based Online Hotel Booking System 0.1.0 SQL Injection
Posted Jul 16, 2020
Authored by KeopssGroup0day Inc

Web Based Online Hotel Booking System version 0.1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
MD5 | d38e98cd98ee43c2aa1167c212cbc21d
Wing FTP Server 6.3.8 Remote Code Execution
Posted Jul 16, 2020
Authored by V1n1v131r4

Wing FTP Server version 6.3.8 authenticated remote code execution exploit that leverages the web console.

tags | exploit, remote, web, code execution
MD5 | b103c764509737c359f33833e2aa71ae
Ubuntu Security Notice USN-4422-1
Posted Jul 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4422-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-13753, CVE-2020-9806
MD5 | 1b8543f2c71af096df5e32c7f265fadc
Page 1 of 335
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close