what you don't know can hurt you
Showing 1 - 25 of 8,282 RSS Feed

Web Files

Red Hat Security Advisory 2020-2321-01
Posted May 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2321-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.6 serves as a replacement for Red Hat Data Grid 7.3.5 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include HTTP request smuggling, cross site scripting, out of bounds read, and traversal vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2018-10862, CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-10219, CVE-2019-14540, CVE-2019-16869, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
MD5 | e68f4eb5689fda743d06e6ca00ead832
Red Hat Security Advisory 2020-2288-01
Posted May 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2288-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.

tags | advisory, web, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2017-17742, CVE-2018-8778
MD5 | 9e57a184e4c7e98b79f4e74f758bfc77
Red Hat Security Advisory 2020-2263-01
Posted May 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2263-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include an open redirection vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-10098, CVE-2020-1927
MD5 | fe17d5caa732aad49b8526504cbd9883
Red Hat Security Advisory 2020-2265-01
Posted May 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2265-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2019-18277, CVE-2019-19330
MD5 | 4f5607756bb510a12a4b70e23b079830
Plesk / myLittleAdmin ViewState .NET Deserialization
Posted May 22, 2020
Authored by Spencer McIntyre, wvu | Site metasploit.com

This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as an optional component that is selected automatically during "full" installation. This exploit caters to the Plesk target, though it should work fine against a standalone myLittleAdmin setup. Successful exploitation results in code execution as the user running myLittleAdmin, which is IUSRPLESK_sqladmin for Plesk and described as the "SQL Admin MSSQL anonymous account". Tested on the latest Plesk Obsidian with optional myLittleAdmin 3.8.

tags | exploit, web, code execution, asp
advisories | CVE-2020-13166
MD5 | 863f2f71f0ddb8aeb000570885bf0d3f
Red Hat Security Advisory 2020-2212-01
Posted May 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2212-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.

tags | advisory, web, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2017-17742, CVE-2018-8778
MD5 | 2d553879d3f6203c6cc6b183b21ffa4b
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
Posted May 18, 2020
Authored by h00die, Nick Frichette | Site metasploit.com

This Metasploit module exploits a command execution in Pi-Hole versions 4.4 and below. A new blocklist is added, and then an update is forced (gravity) to pull in the blocklist content. PHP content is then written to a file within the webroot. Phase 1 writes a sudo pihole command to launch teleporter, effectively running a privilege escalation. Phase 2 writes our payload to teleporter.php, overwriting the content. Lastly, the phase 1 PHP file is called in the web root, which launches our payload in teleporter.php with root privileges.

tags | exploit, web, root, php
advisories | CVE-2020-11108
MD5 | 45a7854959d2d37b594d4f7a3b3c052e
Red Hat Security Advisory 2020-2067-01
Posted May 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2067-01 - This release of Red Hat build of Thorntail 2.5.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include HTTP request smuggling, bypass, cross site request forgery, cross site scripting, denial of service, and out of bounds read vulnerabilities.

tags | advisory, web, denial of service, vulnerability, xss, csrf
systems | linux, redhat
advisories | CVE-2019-0205, CVE-2019-0210, CVE-2019-10086, CVE-2019-10199, CVE-2019-10201, CVE-2019-10219, CVE-2019-12400, CVE-2019-12406, CVE-2019-12419, CVE-2019-14540, CVE-2019-14820, CVE-2019-14832, CVE-2019-14838, CVE-2019-14887, CVE-2019-14888, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2019-3875, CVE-2019-9511, CVE-2019-9512, CVE-2019-9514
MD5 | a208726ba1bc74cc917982d0dc15b0c2
Red Hat Security Advisory 2020-2113-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2113-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for the Undertow package in Red Hat Single Sign-On 7.3.8. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-14371, CVE-2019-10174, CVE-2020-6950
MD5 | 2332b66522910d3a598e582170139c9c
Red Hat Security Advisory 2020-2112-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2112-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, information leakage, and remote SQL injection vulnerabilities.

tags | advisory, remote, web, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2019-10172, CVE-2019-14900, CVE-2019-17573, CVE-2020-1695, CVE-2020-1718, CVE-2020-1719, CVE-2020-1724, CVE-2020-1757, CVE-2020-1758, CVE-2020-7226
MD5 | 0e42f6865cd6216d794ee75f6af3d933
Red Hat Security Advisory 2020-2108-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2108-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
MD5 | 08b2922929fdbe0c7cf2b51dacce613f
Red Hat Security Advisory 2020-2106-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2106-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
MD5 | 6521ba99d4ddce3ee5dd208059263fd5
Red Hat Security Advisory 2020-2107-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2107-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-1718, CVE-2020-1724, CVE-2020-1758
MD5 | 00ba2e2f174359d2ae59e1d429abc98a
Red Hat Security Advisory 2020-2064-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2064-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.138. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2020-6464, CVE-2020-6831
MD5 | 7847b4b6d6273daf2aac94191ab945da
Extreme Networks Aerohive HiveOS 11.x Denial Of Service
Posted May 6, 2020
Authored by LiquidWorm | Site zeroscience.mk

Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP request using the action.php5 script calling the CliWindow function thru the _page parameter, denying access to the web server hive user interface.

tags | exploit, remote, web, denial of service, proof of concept
MD5 | 8bc523d3b61e243e2e55cdddefe4c905
Red Hat Security Advisory 2020-2040-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2040-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12519, CVE-2019-12525, CVE-2020-11945
MD5 | c9ead37292b9249a859c083433b15484
Red Hat Security Advisory 2020-2041-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2041-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12519, CVE-2019-12525, CVE-2020-11945
MD5 | 91f1d0708e541b9b967faeb3cedc7eae
Red Hat Security Advisory 2020-2038-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2038-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12519, CVE-2020-11945
MD5 | 4badb46a025fb208e4e9eae47c65fa1d
Red Hat Security Advisory 2020-2039-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2039-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-12519, CVE-2020-11945
MD5 | e34751fe93b7cf17d8fbcd6dd1b756c1
Red Hat Security Advisory 2020-2036-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2036-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831
MD5 | 0971f4bca4c7daa230881114edcce45c
Red Hat Security Advisory 2020-2037-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2037-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831
MD5 | 5de2ea83e1cbda3181f2424820d97cb9
Red Hat Security Advisory 2020-2031-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2031-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831
MD5 | bc650517bed7cd4181a689876c0b57d7
Red Hat Security Advisory 2020-2032-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2032-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831
MD5 | 5927736c05927d131317cb3bd7e1fe48
Red Hat Security Advisory 2020-2033-01
Posted May 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2033-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831
MD5 | 3f34a9e30c47445fb42985fd9a05b67f
SQLMAP - Automatic SQL Injection Tool 1.4.5
Posted May 4, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Multiple updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 851bffce1429aa9a8c33f9bb331ec6f9
Page 1 of 332
Back12345Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    7 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close