exploit the possibilities
Showing 26 - 50 of 8,351 RSS Feed

Web Files

Trend Micro Web Security Remote Code Execution
Posted Jul 14, 2020
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities together in order to achieve remote code execution in Trend Micro Web Security versions prior to 6.5 SP2 Patch 4 (Build 1901).

tags | exploit, remote, web, vulnerability, code execution
advisories | CVE-2020-8604, CVE-2020-8605, CVE-2020-8606
MD5 | d7036cbc4fecb0531893b183314bceb1
Liferay Portal Remote Code Execution
Posted Jul 12, 2020
Authored by nu11secur1ty

Liferay Portal versions prior to 7.2.1 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface.

tags | exploit, web, code execution
advisories | CVE-2020-7961
MD5 | 1b2dd015379b863c0608bdba7753b167
Pandora FMS 7.0 NG 7XX Remote Command Execution
Posted Jul 11, 2020
Authored by Fernando Catoira, Erik Wynter, Julio Sanchez | Site metasploit.com

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).

tags | exploit, web, arbitrary, shell, local, php
systems | linux, centos
advisories | CVE-2020-13851
MD5 | f5291266eaebb8b290e3a0b7e6659455
GRR 3.4.2.0
Posted Jul 7, 2020
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: New SplunkOutputPlugin to export Flow/Hunt results to Splunk. New NTFS virtual file system handler for file system parsing using libfsntfs. A couple new flows and multiple other updates.
tags | tool, remote, web, forensics
systems | unix
MD5 | 9bb8c3df830a29eaf4dd88ed29569a46
Red Hat Security Advisory 2020-2835-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2835-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include an underflow vulnerability.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | 7d3efa23b778cb571c090b3a2406b404
Red Hat Security Advisory 2020-2827-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2827-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
MD5 | bad1f516b5b30f3f5463117066131cd4
Red Hat Security Advisory 2020-2828-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2828-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
MD5 | 6db568e2477fd7752456c46fb637df77
Red Hat Security Advisory 2020-2826-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2826-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
MD5 | eb868b5c0a1d3423ad94f52ff9f6175f
Red Hat Security Advisory 2020-2824-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2824-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
MD5 | 04a7cdccc509e40d553224fbc5d269e9
rauLink Software Domotica Web 2.0 SQL Injection
Posted Jul 6, 2020
Authored by LiquidWorm | Site zeroscience.mk

rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
MD5 | 2e87055a57f33f9b29edeaf78101e3e4
Red Hat Security Advisory 2020-2825-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2825-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Issues addressed include information leakage and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
MD5 | 4dacbdd82dac1d8f815059abe37f4899
Fire Web Server 0.1 Denial Of Service
Posted Jul 6, 2020
Authored by Saeed reza Zamanian

Fire Web Server version 0.1 remote denial of service proof of concept exploit.

tags | exploit, remote, web, denial of service, proof of concept
MD5 | cf922f7b9acdf5e4a7459a6f7875b4dc
Ubuntu Security Notice USN-4415-1
Posted Jul 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4415-1 - Felix Doerre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. Various other issues were also addressed.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-4067
MD5 | 11f9ee05e1860d5ec55b80a92f75d1b8
Red Hat Security Advisory 2020-2817-01
Posted Jul 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2817-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2019-20372
MD5 | ff035f1244dbfc0959dcde6a860cb2bf
Red Hat Security Advisory 2020-2813-01
Posted Jul 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2813-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.1 serves as a replacement for Red Hat Single Sign-On 7.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-10719, CVE-2020-10748, CVE-2020-11022, CVE-2020-11023, CVE-2020-1694, CVE-2020-1714, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548
MD5 | fc87487bd16e3e344871d5b5c6ab11d5
SQLMAP - Automatic SQL Injection Tool 1.4.7
Posted Jul 1, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 0013f2e6caa2f485ba5ab824129df1bd
Red Hat Security Advisory 2020-2761-01
Posted Jun 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2761-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 83.0.4103.116. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6509
MD5 | 55f6740c6047af440bfff40fadc7d436
Fire Web Server Pre-Alpha Denial Of Service
Posted Jun 26, 2020
Authored by Saeed reza Zamanian

Fire Web Server Pre-Alpha version suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
MD5 | cc901b0bebc41ed3bf27514b561ba612
Red Hat Security Advisory 2020-2646-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2646-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.

tags | advisory, web, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595
MD5 | e83a71b4bc88543a706aad6f12cb4126
Red Hat Security Advisory 2020-2644-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2644-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.

tags | advisory, web, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595
MD5 | a71fe6af0fb16e3610bd7a75e89e2e1a
Red Hat Security Advisory 2020-2643-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2643-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 83.0.4103.106. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-6505, CVE-2020-6506, CVE-2020-6507
MD5 | 4840001b074a35f2ebfe66ed6db2fda4
Mereo 1.9.4 Denial Of Service
Posted Jun 22, 2020
Authored by Saeed reza Zamanian

Mereo version 1.9.4 suffers from a remote HTTP server denial of service vulnerability.

tags | exploit, remote, web, denial of service
MD5 | 61835931a9f8d5b82c7478435a3bcb73
Agent Tesla Panel Remote Code Execution
Posted Jun 18, 2020
Authored by Ege Balci, mekhalleh, gwillcox-r7 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as user running the web server. Agent Tesla panels released on or after this date can still be exploited however, provided that attackers have valid credentials for the Agent Tesla control panel. Note that this module presently only fully supports Windows hosts running Agent Tesla on the WAMP stack. Support for Linux may be added in a future update, but could not be confirmed during testing.

tags | exploit, remote, web, php, code execution, sql injection
systems | linux, windows
MD5 | d4d981962d4baab56ec1e03af0dd4132
Red Hat Security Advisory 2020-2547-01
Posted Jun 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2547-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.387. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2020-9633
MD5 | 71949fb0ded53532275388036c0ec324
Red Hat Security Advisory 2020-2544-01
Posted Jun 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2544-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 83.0.4103.97. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468, CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473, CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6478, CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483, CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488, CVE-2020-6489, CVE-2020-6490, CVE-2020-6491, CVE-2020-6493, CVE-2020-6494
MD5 | fcc9bdf15f58157ed239c8e4775b39dd
Page 2 of 334
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close