what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2020-09-01

SQLMAP - Automatic SQL Injection Tool 1.4.9
Posted Sep 1, 2020
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 8bd708fbb486b85b031bb08e662afd5448d344673e3a2aa72538e4db159b5fed
moziloCMS 2.0 Cross Site Scripting
Posted Sep 1, 2020
Authored by Abdulkadir Kaya

moziloCMS version 2.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c9035982f243fb3b2495fc832cd4f4f9d0f52ecb916b2f830c439dad2cc7bb55
Mara CMS 7.5 Remote Code Execution
Posted Sep 1, 2020
Authored by Michele Cisternino

Mara CMS version 7.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | bd17fcbb1a0a8560277798e1fbefce8cdb9ff909935dd46e2591c18761156ad1
Nos-Santos-Izquierdo Field
Posted Sep 1, 2020
Authored by Pedro el Banquero, Francisco Blas Izquierdo, Enrique S, Vicent Nos Ripolles

This paper explains how the Nos-Santos-Izquierdo Field (NSIF) works, focusing in the similarities between the RSA problem, factorization, and the calculation decimal expansions.

tags | paper
SHA-256 | aeab461b9276a048b8aba6a42be04a1de281069c3bc7e90a37323ed9d990f0dd
Kamailio 5.4.0 Header Smuggling
Posted Sep 1, 2020
Authored by Sandro Gauci | Site rtcsec.com

Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.

tags | exploit, bypass
SHA-256 | 90b01227ec53c669668b75248613fb8d1d22b84fea63434c5f55b4a27dee1fe7
Red Hat Security Advisory 2020-3598-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3598-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-10757
SHA-256 | d5ef4cb02fcbc523b9d881229a20fb9e9cf53d8d08316e62eac3878ae41ea5c7
Red Hat Security Advisory 2020-3592-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
SHA-256 | 67dc5c6ba3fbf2b09490124b6fc4334e806688dcf2bb5cf1dd12d730ec9c5baa
Rebar3 3.13.2 Command Injection
Posted Sep 1, 2020
Authored by Alexey Pronin

Rebar3 versions 3.0.0-beta.3 through 3.13.2 suffer from a command injection vulnerability.

tags | exploit
advisories | CVE-2020-13802
SHA-256 | ec2b41f1be4cf19047c4fa3acd9dd1f671c7454b455ba2e568edf51aebae1ffe
Sagemcom F@ST 5280 Privilege Escalation
Posted Sep 1, 2020
Authored by Ryan Delaney

Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.

tags | exploit
advisories | CVE-2020-24034
SHA-256 | b749b45a358358330f8fd5f3cec1a2eb0a30872b9d8f5cd95aaf47010c1890ef
Bagisto Credential Disclosure
Posted Sep 1, 2020
Authored by devsecweb

As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.

tags | exploit, root, info disclosure
SHA-256 | 74b9f3889f450e046f3f29aa9d6575b5877a84afc22c532d82f65985d7a9c34c
Red Hat Security Advisory 2020-3588-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3588-01 - LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2017-18922
SHA-256 | 8b3ae7933846cb4d69b60bf086fb3a8599cfb74db5273079db91237e8d7d671f
Red Hat Security Advisory 2020-3587-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3587-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include file disclosure and server-side request forgery vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-10086, CVE-2019-9827, CVE-2020-11994
SHA-256 | 41f19cd9185d03707f92109bcb2f80ca40f69069eccfd5c39fd5308fff6e0fb0
Ubuntu Security Notice USN-4481-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4481-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11095, CVE-2020-11099, CVE-2020-4032
SHA-256 | 752265c51278ff11568ea5a7302397673eca5d4a7c7f8964e28a3ef792b600d8
Ubuntu Security Notice USN-4471-2
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4471-2 - USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-15861, CVE-2020-15862
SHA-256 | 1017733bfb26f81e781ca1324961b481d36d10524492ccdb51984e779c99e588
Ubuntu Security Notice USN-4480-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4480-1 - It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-12689, CVE-2020-12690, CVE-2020-12691, CVE-2020-12692
SHA-256 | 3c08db6e10cf95d2fc1612319b52e834023d3ffc4661cd1510fa0ef8a2b277f3
Ubuntu Security Notice USN-4479-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4479-1 - It was discovered that Django, when used with Python 3.7 or higher, incorrectly handled directory permissions. A local attacker could possibly use this issue to obtain sensitive information, or escalate permissions.

tags | advisory, local, python
systems | linux, ubuntu
advisories | CVE-2020-24583
SHA-256 | cc1c4d80f93f46f20a7f3297df2c7104e9449ead66db8c7aa2894720c5dc55c7
Red Hat Security Advisory 2020-3586-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3586-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include information leakage and out of bounds read vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-10756, CVE-2020-14339
SHA-256 | ad8866f7fc0a2a7af79d106635c88771d2aeef777e5d61c1ab39bbbb10d358eb
Ubuntu Security Notice USN-4478-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4478-1 - It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2020-13757
SHA-256 | 3005fbc73d2f33c3beb07eeea2aae787a8cd4846989b49ff0b6f25ba9b3ab8a0
Packet Storm New Exploits For August, 2020
Posted Sep 1, 2020
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 128 exploits added to Packet Storm in August, 2020.

tags | exploit
SHA-256 | fc6a187c67bce9ab49a95c0bd50043a6b006fefc5d97c521e4c3172dd7afc14d
Sifter 10
Posted Sep 1, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Script Execution fixes. Result viewing issues addressed. Properly creates Result directories where need be. Tool install fixes. Rearranged some tools within categories.
tags | tool, remote, local, scanner, vulnerability
systems | unix
SHA-256 | 127207c6984fe08de44fe0116357860d11171e74709ebaac867590be553a5f53
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close