what you don't know can hurt you
Showing 101 - 125 of 8,349 RSS Feed

Web Files

Red Hat Security Advisory 2020-1624-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1624-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, information leakage, integer overflow, and out of bounds read vulnerabilities.

tags | advisory, web, overflow, php, vulnerability
systems | linux, redhat
advisories | CVE-2018-20783, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640
MD5 | 654cda5bc83e59369a9511877f52d8d1
Red Hat Security Advisory 2020-1576-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1576-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2019-11596
MD5 | 051bf5f1c3815c60f4623fc275a053cc
Red Hat Security Advisory 2020-1725-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1725-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2019-18277, CVE-2019-19330
MD5 | a3939a41e51a3352db5996f0472731ef
Red Hat Security Advisory 2020-1792-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1792-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include buffer overflow and double free vulnerabilities.

tags | advisory, web, overflow, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2019-5436, CVE-2019-5481, CVE-2019-5482
MD5 | 18d77e36f531d8ecfa916126fffa8ef4
Red Hat Security Advisory 2020-1660-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1660-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2019-13038
MD5 | cac48b14eaeded6ba9701643c8efc9ca
URLCrazy Domain Name Typo Tool 0.7.1
Posted Apr 24, 2020
Authored by Andrew Horton (urbanadventurer) | Site github.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Added --debug to show debugging output for development. No longer requires pry gem unless debugging. Checks for a low ulimit and shows a warning.
tags | tool, web
systems | unix
MD5 | a20c223e81c93371dc4a1c486cbcfdc3
Red Hat Security Advisory 2020-1561-01
Posted Apr 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1561-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. HTTP request smuggling vulnerabilities were addressed.

tags | advisory, web, vulnerability, python
systems | linux, redhat
advisories | CVE-2020-10108, CVE-2020-10109
MD5 | ba0436b4816583a8a2ff9dfe9e6fcdad
QRadar Community Edition 7.3.1.6 Server Side Request Forgery
Posted Apr 21, 2020
Authored by Yorick Koster, Securify B.V.

QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation (whitelisting), it is possible for authenticated attackers to execute Server-Side Request Forgery attacks. Using this issue it is possible to call the Apache Axis AdminService webservice in order to execute arbitrary code with the privileges of the Tomcat user.

tags | exploit, web, arbitrary
advisories | CVE-2020-4294
MD5 | de790813f9ae985ff869c69760705113
Ubuntu Security Notice USN-4333-1
Posted Apr 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4333-1 - It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2019-18348, CVE-2020-8492
MD5 | ac5bba68bffcad546f4ea31d25cfd519
haproxy hpack-tbl.c Out-Of-Bounds Write
Posted Apr 21, 2020
Authored by FX, Google Security Research

The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).

tags | exploit, web
advisories | CVE-2020-11100
MD5 | ec4200ed138e11159b83e1a1d18ff6d3
Red Hat Security Advisory 2020-1510-01
Posted Apr 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1510-01 - The http-parser package provides a utility for parsing HTTP messages. An HTTP request smuggling vulnerability was addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-15605
MD5 | ad2cc46dce1202985a42d9edd99e915c
Red Hat Security Advisory 2020-1520-01
Posted Apr 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1520-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3 serves as a replacement for Red Hat JBoss Web Server 5.2, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a privilege escalation vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2019-12418, CVE-2019-17563, CVE-2019-17569, CVE-2020-1935, CVE-2020-1938
MD5 | 261f442204f082d31ecbd59b1b2e616e
Red Hat Security Advisory 2020-1521-01
Posted Apr 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1521-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3 serves as a replacement for Red Hat JBoss Web Server 5.2, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a privilege escalation vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2019-12418, CVE-2019-17563, CVE-2019-17569, CVE-2020-1935, CVE-2020-1938
MD5 | c60aa435de8678a1ff26836010ad236b
Red Hat Security Advisory 2020-1504-01
Posted Apr 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1504-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.113. A use-after-free vulnerability has been addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6457
MD5 | aca527009e588a613b95fa450822c2c9
Ubuntu Security Notice USN-4331-1
Posted Apr 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4331-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-11793
MD5 | 16ba646c6de722db5f2ea92e3b69fb3f
Red Hat Security Advisory 2020-1487-01
Posted Apr 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1487-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.92. Issues addressed include an out of bounds read vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6423, CVE-2020-6430, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, CVE-2020-6448, CVE-2020-6454, CVE-2020-6455, CVE-2020-6456
MD5 | 85b19248c553a606ac1aef4b395ef869
ThinkPHP 5.0.23 Remote Code Execution
Posted Apr 14, 2020
Authored by wvu | Site metasploit.com

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.

tags | exploit, web, php, vulnerability
advisories | CVE-2018-20062, CVE-2019-9082
MD5 | e63e44c2cb033ac880ece4ae4c6a8e43
Red Hat Security Advisory 2020-1429-01
Posted Apr 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1429-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | 566df86347007db6f3671392e89c0190
Red Hat Security Advisory 2020-1420-01
Posted Apr 9, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1420-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | 824c8b0da836e5516be561fd00e054f3
Symantec Web Gateway 5.0.2.8 Remote Code Execution
Posted Apr 9, 2020
Authored by Cody Sixteen

Symantec Web Gateway version 5.0.2.8 pre-authentication remote code execution exploit.

tags | exploit, remote, web, code execution
MD5 | 4626e1e8d0204fec4863f5b78c64b0a5
Symantec Web Gateway 5.0.2.8 Remote Code Execution
Posted Apr 9, 2020
Authored by Cody Sixteen

Symantec Web Gateway version 5.0.2.8 post authentication remote code execution exploit.

tags | exploit, remote, web, code execution
MD5 | c88d1355f7cf9690236ca64c4866aaac
Red Hat Security Advisory 2020-1406-01
Posted Apr 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1406-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | ed0c79646f8f333e91d1355f2c415184
Red Hat Security Advisory 2020-1404-01
Posted Apr 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1404-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | 82837a12a5ac9e9088b66cf7dbafa22c
Symantec Web Gateway 5.0.2.8 Remote Code Execution
Posted Apr 8, 2020
Authored by Cody Sixteen

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in Symantec Web Gateway version 5.0.2.8.

tags | exploit, paper, remote, web, vulnerability, code execution
MD5 | abc6efe48f42679d3df8d10a4ab60e49
Symantec Web Gateway 5.0.2.8 Remote Command Execution
Posted Apr 8, 2020
Authored by Cody Sixteen

This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.

tags | exploit, paper, remote, web, proof of concept
MD5 | e3a2193e793902cf582aa14cc8f1a1ee
Page 5 of 334
Back34567Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close