what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2020-11-25

BigBlueButton 2.2.29 Brute Force
Posted Nov 25, 2020
Authored by Ismail Saygili

BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.

tags | exploit, cracker
advisories | CVE-2020-29042
SHA-256 | 7779a47f90e53f789a2fbce3072e0d2ff2ac04320c70d8126d32c0cd38ef8a28
House Rental 1.0 SQL Injection
Posted Nov 25, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.

tags | exploit, remote, sql injection
SHA-256 | f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3
OpenMediaVault rpc.php Authenticated PHP Code Injection
Posted Nov 25, 2020
Authored by Anastasios Stasinopoulos | Site metasploit.com

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-26124
SHA-256 | e0e5ffa0c0727fd8caae8d1a6288e302aebc6906241ff1131429f2abbcdbe8a1
Kong Gateway Admin API Remote Code Execution
Posted Nov 25, 2020
Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.

tags | exploit
SHA-256 | 4bafd791ffc69e6f0e7e5e659d5843334eaeb9b206ab4512782cccf29ffe011a
WordPress Simple File List Unauthenticated Remote Code Execution
Posted Nov 25, 2020
Authored by h00die, coiffeur | Site metasploit.com

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

tags | exploit, remote, arbitrary, php
SHA-256 | c76d8f741d62e082e4021197c4f997d2888355186e9e04b1278f52540744b1fa
Ubuntu Security Notice USN-4644-1
Posted Nov 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4644-1 - It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20349
SHA-256 | 36b45e5bfb54b57372c5e59ba133db2f7997fdeb4b4be4e54951e5f434ce0131
SyncBreeze 10.0.28 Remote Buffer Overflow
Posted Nov 25, 2020
Authored by Abdessalam King

SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | 21147b01f84dbcd01dd7401e1fa1618def57364c73f6c87de1e4deda21699dd9
osCommerce 2.3.4.1 Cross Site Scripting
Posted Nov 25, 2020
Authored by Emre Aslan

osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3a2d13a1bea10737d2fffae795bbf8e8e1456bee046f30ed0b0fc07162a20926
Wondershare Driver Install Service Help 10.7.1.321 Unquoted Service Path
Posted Nov 25, 2020
Authored by Luis Sandoval

Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 22e81b9e302abbc514142b60342851f9f20aea48f363575022e6b4d599358ec4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close