what you don't know can hurt you
Showing 1 - 25 of 8,473 RSS Feed

Web Files

Red Hat Security Advisory 2020-5170-01
Posted Nov 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5170-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2020-11996
MD5 | b5085307d40df3ae3d9275ccf7a3969a
Red Hat Security Advisory 2020-5173-01
Posted Nov 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5173-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2020-11996
MD5 | c72ffe222101389c1405d5d32712cb6b
Red Hat Security Advisory 2020-5165-01
Posted Nov 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5165-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.198. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-16013, CVE-2020-16016, CVE-2020-16017
MD5 | 958924a4d1643b91502520d6a856ef5e
Code16 Notes Magazine 01
Posted Nov 23, 2020
Authored by Cody Sixteen, code16

Code16 is a compilation of notes from research performed by Cody16. This issue discusses creating web modules for Metasploit and more.

tags | paper, web, magazine
MD5 | 37e9cde49e5ddf663379d345d4abcce3
Barco wePresent Undocumented SSH Interface
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

tags | exploit, web
advisories | CVE-2020-28331
MD5 | 86102878b47498e5776df9ed90a4a19a
Barco wePresent Authentication Bypass
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.

tags | exploit, web
advisories | CVE-2020-28333
MD5 | 50b164f3cff95d8cf4dd33881f7f36e0
Barco wePresent Admin Credential Exposure
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.

tags | exploit, web, tcp
advisories | CVE-2020-28329, CVE-2020-28330
MD5 | 3ad24677ecaeff25f5cac17ee343f4a9
Avaya Web License Manager XML Injection
Posted Nov 18, 2020
Authored by M. Koplin | Site sec-consult.com

Avaya Web License Manager versions 6.x, 7.0 through 7.1.3.6, and 8.0 through 8.1.2.0.0 suffer from a blind out-of-band XML external entity injection vulnerability.

tags | exploit, web
advisories | CVE-2020-7032
MD5 | e259c56c68f946e44611814c7f1cdd66
Red Hat Security Advisory 2020-5139-01
Posted Nov 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5139-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | 70822c752fdfb208443cbe1896de0c2e
Red Hat Security Advisory 2020-5138-01
Posted Nov 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5138-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | 537cabb981ad5ba03a2a4c2f7a059d22
Red Hat Security Advisory 2020-5135-01
Posted Nov 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5135-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | 1167edcdf7b0657bacd5a1116edeb9b1
ASUS TM-AC1900 Arbitrary Command Execution
Posted Nov 13, 2020
Authored by b1ack0wl | Site metasploit.com

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.

tags | exploit, web, cgi, code execution
advisories | CVE-2018-9285
MD5 | 7d93c218049c0722da7e83b78f2c4623
HorizontCMS 1.0.0-beta Shell Upload
Posted Nov 13, 2020
Authored by Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.

tags | exploit, web, arbitrary, php, file upload
advisories | CVE-2020-27387
MD5 | b1586e133ec28d35e83ec172e95fe1d0
Red Hat Security Advisory 2020-5104-01
Posted Nov 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5104-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | c5ea2bf32bf79d19ddcea1ce8c6420f8
Red Hat Security Advisory 2020-5099-01
Posted Nov 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5099-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | 34fbe156466903f901565edeef88bad1
Red Hat Security Advisory 2020-5100-01
Posted Nov 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5100-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-26950
MD5 | e37a8da7a260131a50afef5f294ce719
Red Hat Security Advisory 2020-5086-01
Posted Nov 11, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5086-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and buffer overflow vulnerabilities.

tags | advisory, web, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-15095, CVE-2020-8116, CVE-2020-8201, CVE-2020-8252
MD5 | 247b6393a653a918a5800b4ee4e00b08
Red Hat Security Advisory 2020-5002-01
Posted Nov 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5002-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2020-8177
MD5 | e3c9b04c7505494aa3a26599542a0fe1
Red Hat Security Advisory 2020-5020-01
Posted Nov 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5020-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2020-1935
MD5 | 099a329060aa5f5330f19f1769829972
OvulaRing 4.2.2 Broken Object Level Authorization
Posted Nov 9, 2020
Authored by Tobias Glemser | Site secuvera.de

OvulaRing web application version 4.2.2 suffers from a broken object level authorization vulnerability.

tags | advisory, web
MD5 | a4d2f3d8f3deb95903e052373bad61ab
Red Hat Security Advisory 2020-4978-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4978-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a memory leak vulnerability.

tags | advisory, web, memory leak
systems | linux, redhat
advisories | CVE-2020-25644
MD5 | e9b4d756e9db8b61cad2000683152c8d
Red Hat Security Advisory 2020-4974-01
Posted Nov 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4974-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16008, CVE-2020-16009
MD5 | 439c305b39ff65ddfffe37601d84a451
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
Posted Nov 5, 2020
Authored by LiquidWorm | Site zeroscience.mk

iDS6 DSSPro Digital Signage System version 6.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | 207d76baf968933618e1083a7fd98079
iDS6 DSSPro Digital Signage System 6.2 Password Disclosure
Posted Nov 5, 2020
Authored by LiquidWorm | Site zeroscience.mk

iDS6 DSSPro Digital Signage System version 6.2 suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember (autoSave=true) feature. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.

tags | exploit, remote, web
MD5 | 6e74f91319785d9d2dc39fb672f1d06b
Red Hat Security Advisory 2020-4932-01
Posted Nov 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4932-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.3 security update on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-10776, CVE-2020-14389
MD5 | 8329734a18f2c1e3cf17bbd05f5e8603
Page 1 of 339
Back12345Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close