exploit the possibilities
Showing 1 - 25 of 8,617 RSS Feed

Web Files

Red Hat Security Advisory 2021-1135-01
Posted Apr 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1135-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-25097
MD5 | 9640f7e1296caf3b61e76b29c3fbfccd
Gogs Git Hooks Remote Code Execution
Posted Apr 7, 2021
Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gogs. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gogs web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. No mitigation has been implemented so far (latest stable version is 0.12.3). This module has been tested successfully against version 0.12.3 on docker. Windows version could not be tested since the git hook feature seems to be broken.

tags | exploit, remote, web, code execution
systems | windows
advisories | CVE-2020-15867
MD5 | b94ad9d4b20219eb61069ef797cbb9b2
Gitea Git Hooks Remote Code Execution
Posted Apr 7, 2021
Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gitea web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. It has been mitigated in version 1.13.0 by setting the Gitea DISABLE_GIT_HOOKS configuration setting to true by default. This disables this feature and prevents all users (including admin) from creating custom git hooks. This module has been tested successfully against docker versions 1.12.5, 1.12.6 and 1.13.6 with DISABLE_GIT_HOOKS set to false, and on version 1.12.6 on Windows.

tags | exploit, remote, web, code execution
systems | windows
advisories | CVE-2020-14144
MD5 | 4cb5b6740800ce4b96147b406421ff7b
Dell OpenManage Server Administrator 9.4.0.0 File Read
Posted Apr 7, 2021
Authored by Rhino Security Labs

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

tags | exploit, remote, web, vulnerability
advisories | CVE-2020-5377
MD5 | a782a64eb3fb7e8fbc44e13f11d5378a
SAP SMD Agent Unauthenticated Remote Code Execution
Posted Apr 6, 2021
Site onapsis.com

A malicious unauthenticated user could abuse the lack of authentication check on SAP Solution Manager User-Experience Monitoring web service, allowing them to remotely execute commands in all hosts connected to the targeted SolMan through these SMD Agents. Affected versions include SAP Solution Manager SP004 Patch 0011 and lower, SP005 Patch 0012 and lower, SP006 Patch 0013 and lower, SP007 Patch 0019 and lower, SP008 Patch 0015 and lower, SP009 Patch 0007 and lower, SP010 Patch 0001 and lower, and SP011 Patch 0003 and lower.

tags | advisory, web
advisories | CVE-2020-6207
MD5 | e5535b0f577e39ff37f7aeb0ba2b15b8
SAP JAVA Configuration Task Execution
Posted Apr 5, 2021
Site onapsis.com

A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected components include SAP Netweaver JAVA versions 7.30 through 7.50 and LM CONFIGURATION WIZARD versions 7.30 SP019 Patch 0000, 7.30 SP020 Patch 0000, 7.31 SP023 Patch 0000, 7.31 SP024 Patch 0000, 7.31 SP025 Patch 0000, 7.31 SP026 Patch 0000, 7.40 SP018 Patch 0000, 7.40 SP019 Patch 0000, 7.40 SP020 Patch 0000, 7.40 SP021 Patch 0000, 7.50 SP012 Patch 0001 and lower, 7.50 SP013 Patch 0002 and lower, 7.50 SP014 Patch 0001 and lower, 7.50 SP015 Patch 0001 and lower, 7.50 SP016 Patch 0001 and lower, 7.50 SP017 Patch 0001 and lower, and 7.50 SP018 Patch 0000.

tags | advisory, java, web
advisories | CVE-2020-6287
MD5 | 44a27772e9c136ff2e4945cc84c95395
SQLMAP - Automatic SQL Injection Tool 1.5.4
Posted Apr 2, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 44cb9c378cd0433ae18b4bcf97cabedd
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
Posted Apr 1, 2021
Authored by LiquidWorm | Site zeroscience.mk

ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.

tags | exploit, web
MD5 | 4607935e1f6b2fc71ba56373899167b5
Ubuntu Security Notice USN-4898-1
Posted Mar 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4898-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2021-22876, CVE-2021-22890
MD5 | 231654afdd07d6769fa7452e76aff9ab
Red Hat Security Advisory 2021-1027-01
Posted Mar 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1027-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2019-5482
MD5 | f0351dc67a880c23116912c7b20d2184
Red Hat Security Advisory 2021-1030-01
Posted Mar 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1030-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2019-17563, CVE-2020-1935
MD5 | 2d1ab7263e987996cb0412aaebd91415
Ubuntu Security Notice USN-4895-1
Posted Mar 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4895-1 - Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2020-15049, CVE-2020-25097
MD5 | 1cebe622843beb614b653077f5a4fca8
Ubuntu Security Notice USN-4894-1
Posted Mar 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4894-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-27918, CVE-2021-1799
MD5 | 4e22d60fd6aa436f1afcb95822fbbce6
Red Hat Security Advisory 2021-1032-01
Posted Mar 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1032-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities.

tags | advisory, web, denial of service, overflow, perl, vulnerability
systems | linux, redhat
advisories | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
MD5 | 2ddb4b768adb43305929cb7dab3ed45a
SAP Solution Manager 7.2 Remote Command Execution
Posted Mar 26, 2021
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.

tags | exploit, java, remote, web, shell
advisories | CVE-2020-6207
MD5 | 1c233a9f84fe24a1f701e2b602123168
Red Hat Security Advisory 2021-0992-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0992-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 733b0f1a6487f3ea89ed22f34470c0f7
Red Hat Security Advisory 2021-0991-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0991-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 1731b7821447c2facdea627ff316d371
Red Hat Security Advisory 2021-0989-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0989-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | f746f33fe09674ebd846f4997a9116b9
Red Hat Security Advisory 2021-0990-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0990-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | bb311d79b5aeefbfec98a69bd3281455
Red Hat Security Advisory 2021-0974-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0974-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, and information leakage vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-28052, CVE-2020-35510, CVE-2020-7676, CVE-2020-8908, CVE-2021-20220, CVE-2021-20250
MD5 | c83639cf9e776c60527f889bf632c6f1
Red Hat Security Advisory 2021-0969-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0969-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
MD5 | cb88401dd70cb5cab29fe948225623f9
Red Hat Security Advisory 2021-0968-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0968-01 - Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
MD5 | ad4b8e74d8a3289c207c01af613569ef
Red Hat Security Advisory 2021-0967-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0967-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-7676
MD5 | db350f29bce83c607abee258d4cf80d0
Apache Ghostcat Exploitation
Posted Mar 22, 2021
Authored by Team SafeSecurity

This whitepaper focuses on explaining the Apache Ghostcat vulnerability and how it can be used to read file contents of all web applications deployed on Tomcat.

tags | paper, web
advisories | CVE-2020-1938
MD5 | 7b5367c3ca27515550ec6987a5c4a554
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers.

tags | exploit, web
MD5 | 84f580c69eb4c4b67b39a30f8f592c3a
Page 1 of 345
Back12345Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close