what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2021-03-12

Apache OFBiz XML-RPC Java Deserialization
Posted Mar 12, 2021
Authored by Alvaro Munoz, wvu | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.

tags | exploit, java
advisories | CVE-2020-9496
SHA-256 | 92c0cbc161c309a9ee69f4716d1ce3b791ab490da8ad91b396463bbefc0310d2
Microsoft Windows Kernel NtGdiGetDeviceCapsAll Race Condition / Use-After-Free
Posted Mar 12, 2021
Authored by Google Security Research, mjurczyk

Microsoft Windows kernel suffers from a use-after-free of the PDEVOBJ object via a race condition vulnerability in NtGdiGetDeviceCapsAll.

tags | exploit, kernel
systems | windows
advisories | CVE-2021-26863
SHA-256 | bb85729e5392cb276b101d5c3546a158cfd681c68133d999f6aeb0d73a9eba5b
Ubuntu Security Notice USN-4754-3
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-26116, CVE-2020-27619, CVE-2020-8492
SHA-256 | 6c0e7ce6beab30b21a9bdb915fb21f53cfb96f785e275b6012bfe9f6b58e015f
Red Hat Security Advisory 2021-0811-01
Posted Mar 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0811-01 - This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and man-in-the-middle vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-13946, CVE-2020-13956, CVE-2020-25649
SHA-256 | c28667fc0da99f8d9f7d95ddffa82106e756d05bf694491cc1ef1780fba154b5
Ubuntu Security Notice USN-4763-1
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4763-1 - It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922
SHA-256 | 599a910be8819fa0dd616f45c2384e22c9b6e46bad567bf3d3a78948eb24b4f5
ForkCMS PHP Object Injection
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

ForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-24036
SHA-256 | fc94d42d043e4a90dc4bd339643f8d95cc873f96e7f9dd33fb84c5094fc4b0a1
QCubed 3.1.1 Cross Site Scripting
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

QCubed versions 3.1.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-24912
SHA-256 | 18b0d3135bcaff1b719e6581291ca716cc699fcb58311677812e3cdffadd0f0f
Monitoring Of Students Cyber Accounts System 1.0 SQL Injection
Posted Mar 12, 2021
Authored by Richard Jones

Monitoring of Students Cyber Accounts System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9f51e28fd31bce9bbb0c054b16e8b5f1fb6d7c8042f9c02352e305297ef719a0
Monitoring System (Dashboard) 1.0 SQL Injection
Posted Mar 12, 2021
Authored by Richard Jones

Monitoring System (Dashboard) version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 52cb8f143bee46f4b59ce419520e06b04114feabc954585b25905a7995ee2fd4
Monitoring System (Dashboard) 1.0 Shell Upload
Posted Mar 12, 2021
Authored by Richard Jones

Monitoring System (Dashboard) version 1.0 suffers from multiple remote code execution vulnerabilities that can be leveraged by malicious shells being uploaded.

tags | exploit, remote, shell, vulnerability, code execution
SHA-256 | 043e1e39fc51c24af436194959ed840ff021e1cc86a2304aed67b229017049f6
QCubed 3.1.1 SQL Injection
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

QCubed versions 3.1.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-24913
SHA-256 | fa46be89ca61956e12154f640ba0959c5f9115bbcf0e53388cf994a3324a8026
QCubed 3.1.1 PHP Object Injection
Posted Mar 12, 2021
Authored by Wolfgang Hotwagner | Site ait.ac.at

QCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-24914
SHA-256 | afd33bd47a0d3f014f965d9fb0061fac602a72b80d77eb291cf48a32fa36c1e6
D-Link DIR-3060 1.11b04 Command Injection
Posted Mar 12, 2021
Authored by T Shiomitsu | Site iot-inspector.com

D-Link DIR-3060 versions 1.11b04 and below suffer from an authenticated command injection vulnerability.

tags | exploit
advisories | CVE-2021-28144
SHA-256 | 934dc62fa5f0b5a818763d562c797ed8d79104a93d069761cc9dcaa5f0408e44
Vembu BDR 4.2.0.1 U1 Unquoted Service Path
Posted Mar 12, 2021
Authored by Mohammed Alshehri

Vembu BDR version 4.2.0.1 U1 suffers from multiple unquoted service path vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 7a2204e5ee9d67a5a4235c7df762383336d74328d1750434a09ec4f815b1e5f1
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close