what you don't know can hurt you
Showing 1 - 25 of 8,733 RSS Feed

Web Files

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
Posted Sep 15, 2021
Authored by Ricardo Jose Ruiz Fernandez

Remote command execution exploit for Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 which have a web interface called AlphaWeb XE that allows for a remote shell upload.

tags | exploit, remote, web, shell
advisories | CVE-2021-40845
MD5 | 7e648c2e86d13eff9019116bcae14157
Red Hat Security Advisory 2021-3534-01
Posted Sep 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3534-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-28491, CVE-2020-35509, CVE-2021-28170, CVE-2021-29425, CVE-2021-3513, CVE-2021-3597, CVE-2021-3632, CVE-2021-3637, CVE-2021-3644, CVE-2021-3690
MD5 | 1a4a311583d794fea92d4e9497b13887
Red Hat Security Advisory 2021-3527-01
Posted Sep 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3527-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2020-28491, CVE-2020-35509, CVE-2021-3513, CVE-2021-3632, CVE-2021-3637
MD5 | af0494392d128c7be8d00b3cf7a91814
Ulfius Web Framework Remote Memory Corruption
Posted Sep 14, 2021
Authored by Jeremy Brown

Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or potentially remote code execution with privileges of the running process.

tags | exploit, remote, web, code execution
advisories | CVE-2021-40540
MD5 | 1dabe63befe8e565facd80b332f86a58
Red Hat Security Advisory 2021-3529-01
Posted Sep 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3529-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2020-28491, CVE-2020-35509, CVE-2021-3513, CVE-2021-3632, CVE-2021-3637
MD5 | 7b87049f1219758b5c7faa46b7beadc0
Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
Posted Sep 14, 2021
Authored by Ricardo Jose Ruiz Fernandez

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload.

tags | exploit, remote, web, shell
advisories | CVE-2021-40845
MD5 | 6b53ff27b2a4d835007b117376d0f7c0
Red Hat Security Advisory 2021-3528-01
Posted Sep 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3528-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2020-28491, CVE-2020-35509, CVE-2021-3513, CVE-2021-3632, CVE-2021-3637
MD5 | 53637174aa28549f4c6575e28ed7378c
Red Hat Security Advisory 2021-3498-01
Posted Sep 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3498-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-38493
MD5 | 5c00b9140d159d6dccb3623185b97d36
Red Hat Security Advisory 2021-3497-01
Posted Sep 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3497-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-38493
MD5 | 7de386175c1e21886a30e27c05be6baf
Red Hat Security Advisory 2021-3496-01
Posted Sep 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3496-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-38493
MD5 | 7e9b88f4360fff03c1253e381b183835
Red Hat Security Advisory 2021-3501-01
Posted Sep 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3501-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-38493
MD5 | 27513153521cfb9b02f55d3410bb6292
Ubuntu Security Notice USN-5063-1
Posted Sep 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5063-1 - Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2021-40346
MD5 | d7a819670dace7d701b08923b3597780
SQLMAP - Automatic SQL Injection Tool 1.5.9
Posted Sep 3, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 32819398c46317bb918049666fad4e8f
Geutebruck Remote Command Execution
Posted Sep 2, 2021
Authored by Titouan Lazard, Sebastien Charbonnier, Ibrahim Ayadhi | Site metasploit.com

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 1.12.0.27 and below as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, web, arbitrary, cgi, root, vulnerability, code execution
advisories | CVE-2021-33543, CVE-2021-33544, CVE-2021-33548, CVE-2021-33550, CVE-2021-33551, CVE-2021-33552, CVE-2021-33553, CVE-2021-33554
MD5 | 92b73b5927fb8541093395f2793bd346
COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection
Posted Sep 1, 2021
Authored by nu11secur1ty

COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
MD5 | f33613a39be7abe868a0a2dd4d91f0ec
Red Hat Security Advisory 2021-3361-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3361-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a memory exhaustion vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22543, CVE-2021-22555, CVE-2021-22918, CVE-2021-25735, CVE-2021-25737, CVE-2021-27218, CVE-2021-3114, CVE-2021-3121, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541, CVE-2021-3609, CVE-2021-3636
MD5 | e40da272fb5c5a49d3bf9b9ae2c47e22
GRR 3.4.5.1
Posted Aug 23, 2021
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Mid-quarter release for Q3 2021. TSK, libfsntfs and YARA libraries are now run in a separate, unprivileged process for sandboxing in the GRR client. Fleetspeak, the next generation communication framework, is now enabled by default. Added a new MSI installer for Windows clients. New flow for named pipe collection on Windows for ListNamedPipes.
tags | tool, remote, web, forensics
systems | unix
MD5 | f8f841881ab05b82df4548fa99efb188
Ubuntu Security Notice USN-5042-1
Posted Aug 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5042-1 - It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions.

tags | advisory, remote, web, protocol
systems | linux, ubuntu
MD5 | dc1cc70c179bb157de4e3dac5881c65e
Red Hat Security Advisory 2021-3157-01
Posted Aug 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3157-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989
MD5 | fb469d5b943307e66efe501c20ae7749
Red Hat Security Advisory 2021-3154-01
Posted Aug 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3154-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989
MD5 | 4ed1302ca5fa05f07576eb3986cd55fd
Red Hat Security Advisory 2021-3156-01
Posted Aug 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3156-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989
MD5 | dcc670ce92d6dd07d5ad1281e836ad6b
Red Hat Security Advisory 2021-3159-01
Posted Aug 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3159-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989
MD5 | b9f5c426a3d2f1cc304b013600fd1ad3
CentOS Web Panel 0.9.8.1081 Cross Site Scripting
Posted Aug 16, 2021
Authored by Dinesh Mohanty

CentOS Web Panel version 0.9.8.1081 suffers from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
systems | linux, centos
MD5 | ff51ac25f304d0ad4ba7b11aefc45408
Tiny Java Web Server 1.115 Cross Site Scripting
Posted Aug 14, 2021
Authored by Maurizio Ruchay

Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability.

tags | exploit, java, web, xss
advisories | CVE-2021-37573
MD5 | 2aba718a6fc720896d47ec98ca63182e
Red Hat Security Advisory 2021-3140-01
Posted Aug 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3140-01 - This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, bypass, code execution, cross site scripting, denial of service, deserialization, information leakage, man-in-the-middle, memory leak, resource exhaustion, server-side request forgery, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability, code execution, xss, sql injection, memory leak
systems | linux, redhat
advisories | CVE-2017-18640, CVE-2017-5645, CVE-2019-12402, CVE-2019-14887, CVE-2019-16869, CVE-2019-20445, CVE-2020-10688, CVE-2020-10693, CVE-2020-10714, CVE-2020-10719, CVE-2020-11996, CVE-2020-13920, CVE-2020-13934, CVE-2020-13935, CVE-2020-13936, CVE-2020-13954, CVE-2020-13956, CVE-2020-14040, CVE-2020-14297, CVE-2020-14338, CVE-2020-14340, CVE-2020-1695, CVE-2020-17510, CVE-2020-17518, CVE-2020-1925, CVE-2020-1935, CVE-2020-1938
MD5 | 21a26b1675bef95b9bb70206a03731d7
Page 1 of 350
Back12345Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close