exploit Archives - RedPacket Security

CVE prog

Vulnerabilities

CVE-2020-35381

January 18, 2021 admin CVE, CVE-2020-35381, exploit, MISC, vulnerability

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.

CVE prog

Vulnerabilities

CVE-2020-35381

January 17, 2021 admin CVE, CVE-2020-35381, exploit, MISC, vulnerability

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.

CVE prog

Vulnerabilities

CVE-2020-36154

January 12, 2021 admin CVE, CVE-2020-36154, exploit, MISC, vulnerability

The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the “%SYSTEMDRIVE%\Pearson VUE” directory, which allows local users to obtain administrative privileges via a Trojan horse application.

CVE prog

Vulnerabilities

CVE-2019-20484

January 8, 2021 admin CVE, CVE-2019-20484, exploit, MISC, vulnerability

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.

CVE prog

Vulnerabilities

CVE-2019-20484

January 8, 2021 admin CVE, CVE-2019-20484, exploit, MISC, vulnerability

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.

CVE prog

Vulnerabilities

CVE-2020-35882

January 7, 2021 admin CVE, CVE-2020-35882, exploit, MISC, vulnerability

An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.

osint

[KIS-2021-01] IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability

January 7, 2021 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Egidio Romano on Jan 06 —————————————————————————– IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability —————————————————————————–

osint

Backdoor.Win32.Zombam.k / Remote Stack Buffer Overflow

January 7, 2021 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by malvuln on Jan 06 Discovery / credits: malvuln – Malvuln.com (c) 2021 Original source:https://malvuln.com/advisory/79d9908b6769e64f922e74a090f5ceeb.txt Contact: malvuln13 () gmail

osint

Files.com – Auth Bypass (Fat Client)

January 7, 2021 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Balázs Hambalkó on Jan 06 Hi, Vendor: Files.com Product: Fat Client Tested version: 3.3.6 but newer version high

osint

CVE-2020-24386: IMAP hibernation allows accessing other peoples mail

January 7, 2021 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Aki Tuomi on Jan 06 Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009

CVE prog

Vulnerabilities

CVE-2020-19664

January 6, 2021 admin CVE, CVE-2020-19664, exploit, MISC, vulnerability

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.

CVE prog

Vulnerabilities

CVE-2020-19664

January 6, 2021 admin CVE, CVE-2020-19664, exploit, MISC, vulnerability

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.

osint

survey on reliability of CVSS

December 29, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Zinaida Benenson on Dec 29 The University of Erlangen-Nuremberg (Germany) is conducting a research study to test the

osint

Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

December 29, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Mark E. Jeftovic on Dec 29 Is there a transposition typo in the Mac OSX version number? *Fixed

osint

Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze

December 26, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Reed Loden on Dec 25 Due to a process fail, this CVE ID was accidentally reused for another

osint

CarolinaCon Online CFP

December 26, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by CarolinaCon on Dec 25 We hope this email finds you well. This year has had its challenges and

osint

Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze

December 26, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Reed Loden on Dec 25 Due to a process fail, this CVE ID was accidentally reused for another

osint

[CVE-2018-7580] – Philips Hue Denial of Service

December 26, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Ilia Shnaidman on Dec 25 [+] Credits: Ilia Shnaidman [+] @0x496c on Twitter [+] https://www.iliashn.com Vendor: ============= Philips

osint

Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze

December 26, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Jason Geffner on Dec 25 Thanks, Reed. I’ve updated the GitHub repository name to reflect this change. The

osint

AST-2020-004: Remote crash in res_pjsip_diversion

December 23, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory – AST-2020-004 Product Asterisk Summary Remote crash in

osint

AST-2020-003: Remote crash in res_pjsip_diversion

December 23, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Asterisk Security Team on Dec 22 Asterisk Project Security Advisory – AST-2020-003 Product Asterisk Summary Remote crash in

osint

Rocket.Chat Path Traversal

December 22, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Moe Szyslak on Dec 21 Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to

osint

remote code execution when open a project in android studio that google refused to fix(still 0day)

December 22, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by houjingyi on Dec 21 Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio,

osint

SUPREMO Local privilege escalation

December 22, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Posted by Adan Alvarez on Dec 21 Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage:

← Previous