exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 10,201 RSS Feed

Web Files

ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the SYSLOG HTTP POST parameter called by the syslogSwitch.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | bd108fa7ce900744b1676f5426423c1034cfcf86df1a6c72f006197b3c7c4616
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the Footer HTTP POST parameter called by the caldavUtil.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 8a578a88dc628bdf9030f24dfeb5efed5a2916122d7b2c6617ee5215c5c7a0d4
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the timeserver HTTP POST parameter called by the setTimeServer.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 7a951ff7fa25dce192577e79009a2ecc161d07c5d3e93a4698034aee54606ea7
Debian Security Advisory 5783-1
Posted Oct 4, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5783-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9401
SHA-256 | d6e973db117eecd0774e6df97f98106f30600a1abd447da40462c767ea65fcb3
Acronis Cyber Infrastructure Default Password Remote Code Execution
Posted Oct 3, 2024
Authored by h00die-gr3y, Acronis International GmbH | Site metasploit.com

Acronis Cyber Infrastructure (ACI) is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native applications in production environments. This Metasploit module exploits a default password vulnerability in ACI which allow an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This opens the door for the attacker to upload SSH keys that enables root access to the appliance/server. This attack can be remotely executed over the WAN as long as the PostgreSQL and SSH services are exposed to the outside world. ACI versions 5.0 before build 5.0.1-61, 5.1 before build 5.1.1-71, 5.2 before build 5.2.1-69, 5.3 before build 5.3.1-53, and 5.4 before build 5.4.4-132 are vulnerable.

tags | exploit, web, root
advisories | CVE-2023-45249
SHA-256 | 07990b1f6994d1629f554b31888e1fa6a36fccc954738c75a95e2ac86e270498
TitanNit Web Control 2.01 / Atemio 7600 Code Injection
Posted Oct 2, 2024
Authored by indoushka

TitanNit Web Control 2.01 and Atemio 7600 suffer from a PHP code injection vulnerability.

tags | exploit, web, php
SHA-256 | ae322d271852c8f25de18f6d647d31c02a2bc3f366c6ee1f1c7d3ed36bff9c05
Ubuntu Security Notice USN-7015-3
Posted Oct 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7015-3 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088
SHA-256 | 0390e83a0739fcfacc6a5629ced929a50e15b96cabb5e32ff94afb187b1335a3
Sistem Penyewaan Baju atau Pakaian Berbasis Web 1.0 SQL Injection
Posted Sep 30, 2024
Authored by indoushka

Sistem Penyewaan Baju atau Pakaian Berbasis Web version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection, bypass
SHA-256 | 6bf344eafaf6c191620e5d4aaa4bda969218a3a332ca545a121590babfb99c51
ABB Cylon Aspect 3.07.00 Remote Code Execution
Posted Sep 25, 2024
Authored by LiquidWorm | Site zeroscience.mk

The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.

tags | exploit, web, arbitrary, shell, php
advisories | CVE-2023-0636
SHA-256 | 8123a5d0a4c6fa336d0b765079abb5168cf0f686b24baa715db1e55915f315fe
Ubuntu Security Notice USN-7032-1
Posted Sep 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7032-1 - It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2023-46589
SHA-256 | 19ad4cab25b37facba8c59f772004773b63724edac1ac9aadf381cd6bd195897
ABB Cylon Aspect 3.08.01 Arbitrary File Deletion
Posted Sep 24, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 MS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in databasefiledelete.php is not properly sanitized before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

tags | exploit, web, arbitrary, php
advisories | CVE-2024-6209
SHA-256 | 5dbc986f6601c3bda5e54887231d2fa175f92f4f522e9ef2bc6cd9d2c722d9d9
Red Hat Security Advisory 2024-6928-03
Posted Sep 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-6928-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available. Issues addressed include HTTP response splitting and server-side request forgery vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2023-38709
SHA-256 | e6d296361367127ef2c83d6876e361aa61a44764ac8bad189777d62595cf373f
Red Hat Security Advisory 2024-6927-03
Posted Sep 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-6927-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available. Issues addressed include a HTTP response splitting vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-38709
SHA-256 | a46212c14a8f7f02210b86e19840bd78e0cf8353486be6775227bb55ec86218e
Ubuntu Security Notice USN-6885-3
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-38474, CVE-2024-38476, CVE-2024-38477
SHA-256 | 31166839dd976fb13f0b4dbd232274dc5adcbdb22f6e4157c52f92b68f799311
Dockwatch Remote Command Execution
Posted Sep 17, 2024
Authored by Jeremy Brown

Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not restrict input for parameters, so both container and parameters for the dockerInspect command were vulnerable to shell command injection on the container as the abc user with (limited) command output. See commits 23df366 and c091e4c for fixes.

tags | exploit, web, shell
SHA-256 | 4dc88e4bbab7011783c0ecfab89efa0414dbb5928fb33b19bb6580f2eaabe3c2
Rejetto HTTP File Server 2.3m Template Injection / Arbitrary Code Execution
Posted Sep 16, 2024
Authored by verylazytech | Site github.com

Proof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.

tags | exploit, remote, web, code execution, proof of concept
advisories | CVE-2024-23692
SHA-256 | 94abc34636ee9d2ee77ab7b6f4f07a3e5915b2c3ea027b41ba855261a1cd204a
3DSecure 2.0 3DS Authorization Method Cross Site Request Forgery
Posted Sep 12, 2024
Authored by Rubén López Herrera

A cross site request forgery vulnerability was identified in the Authorization Method of 3DSecure version 2.0, allowing attackers to submit unauthorized form data by modifying the HTTP Origin and Referer headers.

tags | exploit, web, csrf
advisories | CVE-2024-25286
SHA-256 | 032e3a53c89b7b4a7b7b3de30de850a84f091eca55d4270ee219cc8a08689f23
3DSecure 2.0 3DS Authorization Method Cross Site Scripting
Posted Sep 12, 2024
Authored by Rubén López Herrera

Multiple reflected cross site scripting vulnerabilities in the 3DS Authorization Method of 3DSecure version 2.0 allow attackers to inject arbitrary web scripts via the threeDSMethodData parameter.

tags | exploit, web, arbitrary, vulnerability, xss
advisories | CVE-2024-25284
SHA-256 | 6d39badeee9ca588e282577f02ef7077faa513c136944eec8da9e5f0a73a67a8
3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting
Posted Sep 12, 2024
Authored by Rubén López Herrera

Multiple reflected cross site scripting vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure version 2.0. These flaws allow attackers to inject arbitrary web scripts, CSS, or HTML through the manipulation of the params parameter in the request URL.

tags | exploit, web, arbitrary, vulnerability, xss
advisories | CVE-2024-25283
SHA-256 | 5c49c8e7ecdf6ea8c0ca9ef4838d0136aa0e0903e7e668c089948442cca4d4d4
Ubuntu Security Notice USN-6996-1
Posted Sep 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6996-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2024-40776, CVE-2024-40789
SHA-256 | 495c021cebaed12775fb7591f330431d792303b4c0b48774c767ece1790af9e8
PDF Generator Web Application 1.0 Insecure Settings
Posted Sep 9, 2024
Authored by indoushka

PDF Generator Web Application version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit, web
SHA-256 | ea0edf3e01f27c48e18ff7db4471b92d0d058e7c65718cf02003efd67a75fb49
Debian Security Advisory 5765-1
Posted Sep 4, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5765-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384
SHA-256 | dfab6913b39748bebfcdb6654b977dbe4d0b99559dd95f8e7705706523881d55
Ubuntu Security Notice USN-6988-1
Posted Sep 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6988-1 - It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. It was discovered that Twisted did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection leading to a cross-site scripting attack.

tags | advisory, remote, web, xss
systems | linux, ubuntu
advisories | CVE-2024-41671, CVE-2024-41810
SHA-256 | b3e9ccedfdbf38665257767f0dc668db4901ec80e4f37709d43bcb54502ddae9
Debian Security Advisory 5762-1
Posted Sep 2, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5762-1 - The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. More issues are listed in this advisory.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558
SHA-256 | 84334a31b07991491b6bf97b8a6dd18f35a882dd2e58fa59b968cb5797f2b082
OKI Printer Default Login Credential Scanner
Posted Sep 1, 2024
Authored by antr6X | Site metasploit.com

This Metasploit module scans for OKI printers via SNMP, then tries to connect to found devices with vendor default administrator credentials via HTTP authentication. By default, OKI network printers use the last six digits of the MAC as admin password.

tags | exploit, web
SHA-256 | 8613aa2a1290a7367538b13eddb3594428f9fc32d1fd8e239c7ddb8a9589ca0c
Page 3 of 408
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close