PS Exploit News

Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  1. OpenBSD OpenSMTPD Privilege Escalation / Code Execution

    Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.
  2. Fifthplay S.A.M.I Cross Site Request Forgery / Cross Site Scripting

    Fifthplay S.A.M.I suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
  3. Octeth Oempro 4.8 SQL Injection

    Octeth Oempro version 4.8 suffers from a remote SQL injection vulnerability.
  4. Centreon 19.10.5 Remote Command Execution

    Centreon version 19.10.5 suffers from a remote command execution vulnerability.
  5. Centreon 19.10.5 Credential Disclosure

    Centreon version 19.10.5 suffers from a database credential disclosure vulnerability.
  6. Adive Framework 2.0.8 Cross Site Request Forgery

    Adive Framework version 2.0.8 suffers from a cross site request forgery vulnerability.
  7. macOS / iOS ImageIO Heap Corruption

    macOS and iOS suffers from an ImageIO heap corruption vulnerability when processing malformed TIFF images.
  8. IceWarp WebMail 11.4.4.1 Cross Site Scripting

    IceWarp WebMail versions 11.4.4.1 and below suffer from a cross site scripting vulnerability.
  9. FusionAuth 1.10 Remote Command Execution

    FusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions (either site templates or e-mail templates) in the FusionAuth dashboard can execute commands on the underlying operating system using the Apache FreeMarker Expression language.
  10. SolarWinds n-Central Dumpster Diver

    This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.
  11. Torrent 3GP Converter 1.51 Stack Overflow

    Torrent 3GP Converter version 1.51 suffers from a stack overflow vulnerability.
  12. Realtek SDK Information Disclosure / Code Execution

    Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities.
  13. Ricoh Printer Driver Local Privilege Escalation

    Ricoh printer drivers for Windows suffer from a local privilege escalation vulnerability due to insecure file permissions. Many versions are affected.
  14. OLK Web Store 2020 Cross Site Request Forgery

    OLK Web Store 2020 suffers from a cross site request forgery vulnerability.
  15. Webtareas 2.0 SQL Injection

    Webtareas version 2.0 suffers from a remote SQL injection vulnerability.
  16. TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot

    TP-Link TP-SG105E version 1.0.0 suffers from an unauthenticated remote reboot vulnerability.
  17. Genexis Platinum-4410 2.1 Authentication Bypass

    Genexis Platinum-4410 version 2.1 suffers from an authentication bypass vulnerability.
  18. qdPM 9.1 Remote Code Execution

    qdPM version 9.1 suffers from a remote code execution vulnerability.
  19. Umbraco CMS 8.2.2 Cross Site Request Forgery

    Umbraco CMS version 8.2.2 suffers from cross site request forgery vulnerabilities.
  20. Pachev FTP Server 1.0 Path Traversal

    Pachev FTP Server version 1.0 suffers from a path traversal vulnerability.
  21. BOOTP Turbo 2.0 Denial Of Service

    BOOTP Turbo version 2.0 SEH denial of service proof of concept exploit.
  22. D-Link DIR-859 Unauthenticated Remote Command Execution

    D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
  23. Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation

    This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.
  24. ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting

    ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.
  25. Employee Leaves Management System 2.0 Cross Site Request Forgery

    Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.
Новое на форуме