exploit the possibilities
Showing 51 - 75 of 8,625 RSS Feed

Web Files

Red Hat Security Advisory 2021-0778-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2016-5766, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20372, CVE-2019-20388, CVE-2019-20907, CVE-2020-10543, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-1971
MD5 | 198f85a6d096aab12ca29885a346b930
Red Hat Security Advisory 2021-0779-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2019-20372, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-35678, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-20253
MD5 | fee4cb4e9b4465aff1ce39f4a6da2053
Red Hat Security Advisory 2021-0759-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0759-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2019-5482
MD5 | b3c97e1cc7ea8aed54c2da903547c968
VMware vCenter Server File Upload / Remote Code Execution
Posted Mar 8, 2021
Authored by mr_me, wvu, Mikhail Klyuchnikov, Viss | Site metasploit.com

This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.

tags | exploit, web, file upload
systems | linux, windows
advisories | CVE-2021-21972
MD5 | db7174f0c4fc0e0b2ac2dea0a4523ebf
Raptor WAF 0.62
Posted Mar 8, 2021
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Patch fix to the improving documentation.
tags | tool, web, firewall, xss, sql injection
systems | unix
MD5 | a9a2b604c97f875e0db3a55664ad6382
Web Application Reconnaissance And Mapping
Posted Mar 5, 2021
Authored by Rishabh Vats

This is a brief whitepaper that goes over some tooling that can be of assistance while performing reconnaissance against a web application prior to attack.

tags | paper, web
MD5 | c472e5557b1164f9df6424eef530e4bb
SQLMAP - Automatic SQL Injection Tool 1.5.3
Posted Mar 4, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | ce4b0dc1d2ac37013055fba060747e36
Android Vulnerability In ES File Explorer
Posted Mar 4, 2021
Authored by Tanmay Tyagi

Whitepaper called Android Vulnerability in ES File Explorer. It provides an overview of manual exploitation of ES File Explorer version 4.1.9.7.4 using counterfeit requests over HTTP.

tags | paper, web
advisories | CVE-2019-6447
MD5 | b297ea4788784b7da2249756c339b5e9
Web Based Quiz System 1.0 SQL Injection
Posted Mar 4, 2021
Authored by Deepak Kumar Bharti

Web Based Quiz System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 32e85137f45169204f063d1f69337b0b
Web Based Quiz System 1.0 Cross Site Scripting
Posted Mar 2, 2021
Authored by Praharsh Kumar Singh

Web Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability related to MCQ options.

tags | exploit, web, xss
MD5 | 33d7b64ac2b9aead162afda02fdb40a1
Web Based Quiz System 1.0 Cross Site Scripting
Posted Mar 2, 2021
Authored by P.Naveen Kumar

Web Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability in the name field.

tags | exploit, web, xss
MD5 | 1db1bfe9e6bec3cc8f5d41b082884456
Remote Desktop Web Access Authentication Timing Attack
Posted Feb 26, 2021
Authored by Matthew Dunn

Remote Desktop Web Access suffers form an authentication timing attack vulnerability.

tags | exploit, remote, web
MD5 | d7a6d2ac9acd853edd93517eab0a4f55
Red Hat Security Advisory 2021-0659-01
Posted Feb 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0659-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978
MD5 | 55a53897a6c343eac10d5e1b653e8e71
Red Hat Security Advisory 2021-0656-01
Posted Feb 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0656-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978
MD5 | b5a84caf47849a53d03c83d5377b5e02
Red Hat Security Advisory 2021-0660-01
Posted Feb 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0660-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978
MD5 | f012ae6d84664f69823dac75c1b34664
Red Hat Security Advisory 2021-0655-01
Posted Feb 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0655-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978
MD5 | f4bff61c59bbd16cba2b830cc37c9f01
Apache Flink JAR Upload Java Code Execution
Posted Feb 23, 2021
Authored by Brendan Coles, bigger.wing, Henry Chen | Site metasploit.com

This Metasploit module uses job functionality in the Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2 on Ubuntu 18.04.4; 1.9.3 on Windows 10; and 1.11.2 on Windows 10.

tags | exploit, java, remote, web, arbitrary
systems | linux, windows, ubuntu
MD5 | df5b84ceecc3ad0a0dd97aadca7fdd1a
HFS (HTTP File Server) 2.3.x Remote Code Execution
Posted Feb 23, 2021
Authored by Pergyz

HFS (HTTP File Server) version 2.3.x remote code execution exploit.

tags | exploit, remote, web, code execution
advisories | CVE-2014-6287
MD5 | b595e576c62f3f8fe99679ec1f65cc13
Wapiti Web Application Vulnerability Scanner 3.0.4
Posted Feb 22, 2021
Authored by Nicolas Surribas | Site wapiti.sourceforge.net

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

Changes: Added more payloads for code execution. 5 new module updates. Additions to cross site scripting and SQL injection attacks. Various other updates.
tags | tool, web, scanner, vulnerability
systems | unix
MD5 | 4a1a74b4a8cdcd5b15cbc7292a17fb9c
Ubuntu Security Notice USN-4742-1
Posted Feb 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4742-1 - It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2021-23336
MD5 | 279bc118d71b269f7d49c712f6ea35c4
Ubuntu Security Notice USN-4739-1
Posted Feb 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4739-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-13558
MD5 | a5feb8fa066d0c3a1865f6e0f2147384
Red Hat Security Advisory 2021-0599-01
Posted Feb 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0599-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server and command-line utilities for server administration, the Administration Server HTTP agent package, and the GUI console packages. Issues addressed include an information leakage vulnerability.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2020-35518
MD5 | c1d396f90b610bea999d8674eed927f8
Red Hat Security Advisory 2021-0557-01
Posted Feb 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0557-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, perl
systems | linux, redhat
advisories | CVE-2020-12723
MD5 | be081b7bf4fcfb242bf899525f9b3fec
Red Hat Security Advisory 2021-0549-01
Posted Feb 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0549-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, denial of service, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2019-10746, CVE-2019-10747, CVE-2020-7754, CVE-2020-7788, CVE-2020-8265, CVE-2020-8287
MD5 | d12e31190f42f1146fa898afa1452587
Red Hat Security Advisory 2021-0548-01
Posted Feb 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0548-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-15095, CVE-2020-15366, CVE-2020-7608, CVE-2020-7754, CVE-2020-7774, CVE-2020-7788, CVE-2020-8116, CVE-2020-8252, CVE-2020-8265, CVE-2020-8287
MD5 | 26e22cd5c2bbda37974b7b609c2a39d4
Page 3 of 345
Back12345Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close