what you don't know can hurt you
Showing 26 - 50 of 8,617 RSS Feed

Web Files

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Privilege Escalation
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from a privilege escalation vulnerability. The non-privileged default user (user:user123) can elevate his/her privileges by sending a HTTP GET request to the configuration export endpoint and disclose the admin password. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.

tags | exploit, web
MD5 | dd6d3f0b7899d4ca7fe2150949c8b308
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

tags | exploit, web, cgi
MD5 | 1d8b3dfcfefc72d5cdcf8b936e80404e
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to restart the device with an HTTP GET request to /goform/RestartDevice page.

tags | exploit, web
MD5 | bdaea7da6759d7010755dac41c4e9199
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has an unprotected web management server that is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit the syslog page and disclose the webserver's log file containing system information running on the device.

tags | exploit, web, info disclosure
MD5 | 5355e78b600626554654f401bfe4118d
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pingAddr HTTP POST parameter bypassing the injection protection filter.

tags | exploit, web, arbitrary, shell
MD5 | 1a328f5c085e43fdbc6aa762de109b6f
SOYAL Biometric Access Control System 5.0 Weak Default Credentials
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

The web control panel SOYAL Biometric Access Control System version 5.0 uses a weak set of default administrative credentials (no password) that can be easily guessed in remote password attacks.

tags | exploit, remote, web
MD5 | 5c21b980433cae71313be94d4387bd2e
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

The controller in SOYAL Biometric Access Control System version 5.0 suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller's Programming mode and bypass physical security controls in place.

tags | exploit, web
MD5 | 1beb802bc3fbde60c391b10c557c6ae8
Red Hat Security Advisory 2021-0933-01
Posted Mar 18, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0933-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2020-13254
MD5 | 51a173aae020dc0343be6cefcaf53dd2
Red Hat Security Advisory 2021-0937-01
Posted Mar 18, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0937-01 - An update for rubygem-em-http-request is now available for Red Hat OpenStack Platform 13 (Queens). Issues addressed include a man-in-the-middle vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-13482
MD5 | 8e294423f4644b750c178fd7d235742a
Red Hat Security Advisory 2021-0915-01
Posted Mar 18, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0915-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2020-13254
MD5 | 9248d5dd4fb5b69e301f121b48884a04
Red Hat Security Advisory 2021-0882-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0882-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2019-17563, CVE-2020-1935
MD5 | 5f4db2cba4c8f2c190519d621739101f
Red Hat Security Advisory 2021-0883-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0883-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities.

tags | advisory, web, denial of service, overflow, perl, vulnerability
systems | linux, redhat
advisories | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
MD5 | 0f9cb8428110197da55672ff721c1568
Red Hat Security Advisory 2021-0877-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0877-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2019-5482
MD5 | 5281e3284ba14bf781d56881b5db9c35
Hydra Network Logon Cracker 9.2
Posted Mar 15, 2021
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Fix for http-post-form optional parameters. Enabled gcc 10 support for xhydra. IPv6 support for Host: header for http based modules. Various other updates.
tags | tool, web, imap
systems | cisco, unix
MD5 | 7bd30001cd11ba535f0d0f083a45bce3
VoIPmonitor WEB GUI 24.55 Cross Site Scripting
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

VoIPmonitor WEB GUI versions 24.53, 24.54, and 24.55 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | ac76c2187f9e21890054c0b65e433b84
F5 Big IP ASM is_hdr_criteria_matches Buffer Overflow
Posted Mar 11, 2021
Authored by Google Security Research, Felix Wilhelm

The bd daemon, which runs as part of the F5 BIG-IP Application Security Manager (ASM), is vulnerable to a stack-based buffer overflow when processing overlong HTTP response headers in the is_hdr_criteria_matches function.

tags | exploit, web, overflow
advisories | CVE-2021-22992
MD5 | fb4bb5a73422ead38863ca80421b7215
NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation
Posted Mar 10, 2021
Authored by LiquidWorm | Site zeroscience.mk

NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded value. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.

tags | exploit, remote, web
MD5 | 3e5b31a9ca75c80c897dddb08355d3a0
Red Hat Security Advisory 2021-0778-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2016-5766, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20372, CVE-2019-20388, CVE-2019-20907, CVE-2020-10543, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-1971
MD5 | 198f85a6d096aab12ca29885a346b930
Red Hat Security Advisory 2021-0779-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2019-20372, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-35678, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-20253
MD5 | fee4cb4e9b4465aff1ce39f4a6da2053
Red Hat Security Advisory 2021-0759-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0759-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2019-5482
MD5 | b3c97e1cc7ea8aed54c2da903547c968
VMware vCenter Server File Upload / Remote Code Execution
Posted Mar 8, 2021
Authored by mr_me, wvu, Mikhail Klyuchnikov, Viss | Site metasploit.com

This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.

tags | exploit, web, file upload
systems | linux, windows
advisories | CVE-2021-21972
MD5 | db7174f0c4fc0e0b2ac2dea0a4523ebf
Raptor WAF 0.62
Posted Mar 8, 2021
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Patch fix to the improving documentation.
tags | tool, web, firewall, xss, sql injection
systems | unix
MD5 | a9a2b604c97f875e0db3a55664ad6382
Web Application Reconnaissance And Mapping
Posted Mar 5, 2021
Authored by Rishabh Vats

This is a brief whitepaper that goes over some tooling that can be of assistance while performing reconnaissance against a web application prior to attack.

tags | paper, web
MD5 | c472e5557b1164f9df6424eef530e4bb
SQLMAP - Automatic SQL Injection Tool 1.5.3
Posted Mar 4, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | ce4b0dc1d2ac37013055fba060747e36
Android Vulnerability In ES File Explorer
Posted Mar 4, 2021
Authored by Tanmay Tyagi

Whitepaper called Android Vulnerability in ES File Explorer. It provides an overview of manual exploitation of ES File Explorer version 4.1.9.7.4 using counterfeit requests over HTTP.

tags | paper, web
advisories | CVE-2019-6447
MD5 | b297ea4788784b7da2249756c339b5e9
Page 2 of 345
Back12345Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close