sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
34c116f3de831ae3eab7216b933ca5a3dbb6a91af4970fb59db7465110018ff8This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload, load it by the application, and gain remote code execution.
c41bfe806c54e70143302c2e59ad47e1d40d583ed2206ee0b710112183f254cbUbuntu Security Notice 3962-1 - It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code.
052380ea1c71d02d8410070677e7a708f6a453a3153ccacfd6ed27ffef7d6d63Winamp version 5.12 playlist (.pls) buffer overflow exploit with ASLR + EGGHUNT + REV_SHELL. Written in Python.
a9b323cb439cf09ca1e1857f96364155595651c7e4c96ab60eaf494596a801aaThis archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.
3356c7f94ef68ddc7268602c64a93e10fbaff874992374b51f89d7cf87f71a0cRed Hat Security Advisory 2019-0935-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include an incorrect validation of port settings.
5aa4b505cc22226efc52429ece3e58253547fe929d4c14efc7848afbe66cac7bUbuntu Security Notice 3961-1 - It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service.
cda6024b86947a39dfed42fa93c70134e44c20d09ea1b1fc88cb668427e16b2bRed Hat Security Advisory 2019-0919-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. Issues include a sensitive data disclosure vulnerability.
2af0a459256b464603d9c95f7f9ca98d9fdf28445330d8b33c4422b6a85648a3CentOS Web Panel versions 0.9.8.793 (Free), 0.9.8.753 (Pro), and 0.9.8.807 (Pro) suffer from a domain field (Add DNS Zone) cross site scripting vulnerability.
ee3961407a160b37541218eebc898754276a429b1858ce385e94e5bb1c7f1e43phpBB versions 3.2.5 and below suffer from a native full text denial of service vulnerability.
4ee52841db17fd7c232af9b9d30c29e77193d561dc0410ebc4083f7f11d0de3eOpenSkos Simple Knowledge Organization System version 2.0 suffers from a database configuration file disclosure vulnerability.
5ef4f816f3c5ac51cdef05783d25a8985e183e6007ec4d8f04c8c0c6d0a4f42bRed Hat Security Advisory 2019-0916-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include an invalid port setting validation.
83d7a9bf73dee2a928a714298a2a1520b11b9dde5a517e98fd6ffb2fc31caefdSentrifugo Human Resource Management System version 3.2 suffers from a database configuration file disclosure vulnerability.
a70ca60105b27e9f8ad4a49d9a01cf33c820b2ae7510f8751c0dcd035348c038MailCarrier version 2.51 HELP remote buffer overflow exploit.
402a6539e31dead80fb524b65b4da602f1a58f9e785b08cb3ca8960d8a4aedfaRed Hat Security Advisory 2019-0917-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fibre Channel, iSCSI, and NFS mounts attached to Compute nodes. Issues addressed include a data retention issue post deletion.
8389d5203532c096873bc11f1579f2b21bcb6418c5f8183794ef2311ecac9d2eRed Hat Security Advisory 2019-0911-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
1205438f653f2786d0c5e0c83873952d909dacf8a0deeb8df299a0423bfc58ac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed