Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.
198f85a6d096aab12ca29885a346b930Red Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.
fee4cb4e9b4465aff1ce39f4a6da2053Red Hat Security Advisory 2021-0759-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.
b3c97e1cc7ea8aed54c2da903547c968This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.
db7174f0c4fc0e0b2ac2dea0a4523ebfRaptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
a9a2b604c97f875e0db3a55664ad6382This is a brief whitepaper that goes over some tooling that can be of assistance while performing reconnaissance against a web application prior to attack.
c472e5557b1164f9df6424eef530e4bbsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
ce4b0dc1d2ac37013055fba060747e36Whitepaper called Android Vulnerability in ES File Explorer. It provides an overview of manual exploitation of ES File Explorer version 4.1.9.7.4 using counterfeit requests over HTTP.
b297ea4788784b7da2249756c339b5e9Web Based Quiz System version 1.0 suffers from a remote SQL injection vulnerability.
32e85137f45169204f063d1f69337b0bWeb Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability related to MCQ options.
33d7b64ac2b9aead162afda02fdb40a1Web Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability in the name field.
1db1bfe9e6bec3cc8f5d41b082884456Remote Desktop Web Access suffers form an authentication timing attack vulnerability.
d7a6d2ac9acd853edd93517eab0a4f55Red Hat Security Advisory 2021-0659-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
55a53897a6c343eac10d5e1b653e8e71Red Hat Security Advisory 2021-0656-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
b5a84caf47849a53d03c83d5377b5e02Red Hat Security Advisory 2021-0660-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
f012ae6d84664f69823dac75c1b34664Red Hat Security Advisory 2021-0655-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.
f4bff61c59bbd16cba2b830cc37c9f01This Metasploit module uses job functionality in the Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2 on Ubuntu 18.04.4; 1.9.3 on Windows 10; and 1.11.2 on Windows 10.
df5b84ceecc3ad0a0dd97aadca7fdd1aHFS (HTTP File Server) version 2.3.x remote code execution exploit.
b595e576c62f3f8fe99679ec1f65cc13Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
4a1a74b4a8cdcd5b15cbc7292a17fb9cUbuntu Security Notice 4742-1 - It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack.
279bc118d71b269f7d49c712f6ea35c4Ubuntu Security Notice 4739-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
a5feb8fa066d0c3a1865f6e0f2147384Red Hat Security Advisory 2021-0599-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server and command-line utilities for server administration, the Administration Server HTTP agent package, and the GUI console packages. Issues addressed include an information leakage vulnerability.
c1d396f90b610bea999d8674eed927f8Red Hat Security Advisory 2021-0557-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a denial of service vulnerability.
be081b7bf4fcfb242bf899525f9b3fecRed Hat Security Advisory 2021-0549-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, denial of service, and use-after-free vulnerabilities.
d12e31190f42f1146fa898afa1452587Red Hat Security Advisory 2021-0548-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and use-after-free vulnerabilities.
26e22cd5c2bbda37974b7b609c2a39d4
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed