Ubuntu Security Notice 5102-1 - It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.
e71e1679f651bde177030852ead42d8e287182832c4dd5bc0623c2f76bc24094Ubuntu Security Notice 5101-1 - It was discovered that MongoDB incorrectly handled certain wire protocol messages. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service.
1f3c6d8bffec7becafbfcf085928c3e42927814e1335c71a09abf5cbcf6c60dfUbuntu Security Notice 5100-1 - It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host filesystem, possibly leading to privilege escalation.
bec06fbddf01a97b4741a148057556d1a2d45613606170b7bb3b8123d3bd2801Ubuntu Security Notice 5099-1 - It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.
f3829ab6cd6c5115a174960dcff66f7925121dc3ef45f381ce35f50ddc6b220cCompany's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.
0103d8ad580c793d797961e56db9354ffd8cf0de23dbad71c6f37ffe599adbdbLocal Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.
856efe11ddf1e2251f41e21889418c81e80390b979a0a41f709f289863ab150fCollege Management System 1.0 suffers from an insecure direct object reference that allows a user to add an administrator without any authentication.
c280ad8bf5b5856f85c7029e01c1480a77731c45abd4f7f4a4d74b8378349c08Ubuntu Security Notice 4973-2 - USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: #1928057. This update fixes the problem. It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions. Various other issues were also addressed.
c196735c92f4db65e944d2ae4d93193aa693a7dcfe98671e5a7a8573a75157f3College Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
da15ad8a141bd0f394de0285cec82f229fd4d7c8d7a42554de75c078a6395dbeThis tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
0a198af8d7876d7adb9c0517025bd6443d13399a188615a078cf3e45e120f19etestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
05768444d6cf3dc5812f8fb88695d17a82668089deddd6aaf969041ba4c10b10College Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6ecb70ef2a809ebc7897afdde2d67ae1b81bda174212d7a23ffd6e67dc2520bePyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.
5f01162a450a7fc506165118344947967c264bcef977e012bb2cff3b330b0436Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.
c7390c0ef2061eb2f26a7cc5a7ad91394e34550d095a3ea3099eb5b7fd50be60MedSec is a network utility tool developed to perform some network, security administrator, and pentesting tasks. Basic functionality includes port scans, host discovery, banner grabbing, dns checks, subdomain enumeration, and more.
da3e4ac6caa379175e26ece82ffa34906d015bf85c441e6d363bb3c6707faa98This script will create a zip file exploiting CVE-2021-1810 by creating a directory hierarchy deep enough for Archive Utility to fail setting quarantine attributes on certain files while also making some path names long enough to prevent Safari automating unzipping from unpacking the archive. Finally, the script will create a symbolic link at the top level, making the zip file appear like a normal app bundle zip file.
27f01873128025928ef40392c54869c04de239ae765903eac4c672f993c9065bLifestyle Store version 1.0 suffers from a cross site scripting vulnerability.
d419c5b0dc29f160afaae4675ed884a9a9fecdf88362c3de09bf1499603cf8e8Young Entrepreneur E-Negosyo System version 1.0 suffers from a persistent cross site scripting vulnerability.
d2d272d3a7b19c3a2803d9faf08671279fd15b028c26e81b0583119f5248696cYoung Entrepreneur E-Negosyo System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e597e7d2789e0aa771bb79c6c524df2746ef3e9c11afc76e4627642d6044bfe9Vehicle Service Management System version 1.0 unauthenticated remote shell upload exploit that uses authentication bypass with SQL injection.
6c102a236cb9e21f5427c1ae2c9ecec8289f62748f674b9bd2f0e484459314c2Vehicle Service Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities one of which allows for authentication bypass.
bda6787acf0033d7dd6861a3aaf0c52668f3986daf80429fc5e0054fccb7ef22Open Game Panel suffers from an authenticated remote code execution vulnerability.
d1b96cf77f4c3fb50c6c8ae13d64687601f5c342d5969c20faca45617dd9ea3aPet Shop Management System version 1.0 suffers from privilege escalation and remote shell upload vulnerabilities.
abef648d07fa476965ff52c8f9b813211d1cedf8b5428340a5a9fddc13a24202College Management System version 1.0 suffers from an arbitrary file upload vulnerability.
86c8805556c5e66a65a17ebcb0557527109d4682af2a0bb382e6b163bb6ceb14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed