exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2020-08-13

Wireshark Analyzer 3.2.6
Posted Aug 13, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Multiple bug fixes including a dissector crash.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2020-17498
SHA-256 | ebb1eebe39bcecee02195dc328dd25f6862fc9e9dea4c2e29eae50537d5eb4f2
vBulletin 5.x Remote Code Execution
Posted Aug 13, 2020
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.

tags | exploit, remote, php, code execution
systems | linux, ubuntu
advisories | CVE-2019-16759, CVE-2020-7373
SHA-256 | 1b0222ba8ccc40d3c85308ce0622667517301180b99d1570ccc4c4ea8d918333
Microsoft Windows AppContainer Enterprise Authentication Capability Bypass
Posted Aug 13, 2020
Authored by James Forshaw, Google Security Research

On Microsoft Windows 10 1909, LSASS does not correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials.

tags | exploit
systems | windows
advisories | CVE-2020-1509
SHA-256 | add2a6155569229eb72c46617e93a9349d033f14467cf27d02c0e25d3f347e94
Ubuntu Security Notice USN-4458-1
Posted Aug 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4458-1 - Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-11984, CVE-2020-11993, CVE-2020-1927, CVE-2020-1934, CVE-2020-9490
SHA-256 | 4c21378f5547785a91c122ca0a869ace7a197113022d389224aa2b182dc0d3a3
GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery
Posted Aug 13, 2020
Authored by Bobby Cooke, hyd3sec

GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 075778612c10f536d4c7290644af4418086d7b993e4b199b7293a0ab52418e5e
QiHang Media Web Digital Signage 3.0.9 Remote Code Execution
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a pre-authentication remote code execution vulnerability.

tags | exploit, remote, web, code execution
SHA-256 | 2d547f40fe9cd960f61a9ab06e633a88224fc123c974b59c97a633cbd5eebdac
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, web, arbitrary
SHA-256 | a85880f8211498bee02dae8001af36ba4ad2379bea06af68285b23937103a65d
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability.

tags | exploit, web, arbitrary
SHA-256 | 611254b76f7be929179ac3bbb671003526d13c7e5a6794a8b8cbd9445a9a96bc
QiHang Media Web Digital Signage 3.0.9 Credential Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.

tags | exploit, web
SHA-256 | 618a6277c9e2bd86c29943962b8350b5eb4b1be17b9b50322882b25fcc4979f6
QiHang Media Web Digital Signage 3.0.9 Password Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.

tags | exploit, remote, web
SHA-256 | f96d7582f9ecb335fe5d16e815d27894b4e9b1b96bd020918ef5c8ab3bea047c
Car Rental Script Cross Site Scripting
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Car Rental Script from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.

tags | exploit, xss
SHA-256 | 9b8931a7cdd6bbe5a1255a07b9ef329805a6398f87271a25618100cfcf035d49
Car Rental Script SQL Injection
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Car Rental Script from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.

tags | exploit, remote, sql injection
SHA-256 | 1be6126b3c521accdf335f500e3ccfed74329e68075435dfe14474c37b354458
Online Book Store Cross Site Scripting
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Online Book Store from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.

tags | exploit, xss
SHA-256 | a2a871d354cdbb0c3a3947542e1add4dbf9f0257a87cb4fe349e417509a7409e
Online Book Store SQL Injection
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Online Book Store from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.

tags | exploit, remote, sql injection
SHA-256 | 39bdba6d1357688214210ee4f834b0964caa27b39ff1373d715f1d2eb3ddc240
Online Shopping System SQL Injection
Posted Aug 13, 2020
Authored by Yussef Dajdaj

Online Shopping System from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.

tags | exploit, remote, sql injection
SHA-256 | cdc2fef809545473ea22bd0f4e21f9739414b25ec2bd2cfd353cb91ba108d64c
vBulletin 5.6.2 Cross Site Scripting
Posted Aug 13, 2020
Authored by Vincent666 ibn Winnie | Site pentest-vincent.blogspot.com

vBulletin version 5.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9ecbb502c74dcc25b94acca4c4d869e8c562d90358ff917a5d5953a2dd70e92f
CMS Made Simple 2.2.14 Shell Upload
Posted Aug 13, 2020
Authored by Roel van Beurden

CMS Made Simple version 2.2.14 suffers from an authenticated shell upload vulnerability.

tags | exploit, shell
SHA-256 | dfec683841667f70218145ec3220e0b1035d7cd217d4a78f597b5fdeafa9b894
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close