what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 15 of 15

Files Date: 2020-06-03

Node.js Hostname Verification Bypass

Posted Jun 3, 2020

Authored by Google Security Research, Felix Wilhelm

Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.

tags | exploit

SHA-256 | b404dcfa6d845cbd272f8eca0446855bd9671e0f4684dcd3a059efe2b423226d

Download | Favorite | View

Apache Tomcat CVE-2020-9484 Proof Of Concept

Posted Jun 3, 2020

Authored by redtimmysec, masahiro331

Apache Tomcat is affected by a Java deserialization vulnerability if the PersistentManager is configured as session manager. Successful exploitation requires the attacker to be able to upload an arbitrary file to the server. This archive includes a write up and proof of concept code from multiple researchers.

tags | exploit, java, arbitrary, proof of concept

advisories | CVE-2020-9484

SHA-256 | 5db34fe7e7adcdfc030cf05662a1514025c97b95bc660d4698e532b08ba58604

Download | Favorite | View

Sabberworm PHP CSS Code Injection

Posted Jun 3, 2020

Authored by Eldar Marcussen

Sabberworm PHP CSS parser suffers from a code injection vulnerability. Many versions are affected.

tags | exploit, php

advisories | CVE-2020-13756

SHA-256 | cbff4c11162bd6a8c86cb798bce9beeaaea906f988d1e1211fcc87823ed3acb5

Download | Favorite | View

JSC JIT Out-Of-Bounds Access

Posted Jun 3, 2020

Authored by saelo, Google Security Research

The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.

tags | exploit

advisories | CVE-2020-9802

SHA-256 | c63474f7958ed7b94d4d7df571792f778fb9ea8a94dac6a55e849f3c5a09d7e2

Download | Favorite | View

Bluetooth Impersonation Attack (BIAS) Proof Of Concept

Posted Jun 3, 2020

Authored by Marcin Kozlowski, francozappa

This archive holds Bluetooth Impersonation Attack (BIAS) CVE-2020-10135 proof of concept and reproduction research from multiple researchers.

tags | exploit, proof of concept

advisories | CVE-2020-10135

SHA-256 | 41004a9e2b60df9ce140f6ce8134c8d2d77630719d6ee1ae883f9de82e4b456b

Download | Favorite | View

Red Hat Security Advisory 2020-2383-01

Posted Jun 3, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2383-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An issue was addressed where BIND does not sufficiently limit the number of fetches performed when processing referrals as well as an issue where a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c.

tags | advisory, protocol

systems | linux, redhat

advisories | CVE-2020-8616, CVE-2020-8617

SHA-256 | fe10f4f1ba40599a3ec6cfcfc4f4743f42397b4f5d36f372d59f945a76c2b6f0

Download | Favorite | View

Red Hat Security Advisory 2020-2382-01

Posted Jun 3, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2382-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web

systems | linux, redhat

advisories | CVE-2020-12405, CVE-2020-12406, CVE-2020-12410

SHA-256 | 916ab0f23a51a4ed61acd3e1d103cb826b43ac71c1b612caf36c1a2535cbf7b9

Download | Favorite | View

Ubuntu Security Notice USN-4381-1

Posted Jun 3, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4381-1 - Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2020-13254, CVE-2020-13596

SHA-256 | 5a47aadeb9474c5fc5acffb3a2a672de3641279c011265116c9249b2d5b00fc1

Download | Favorite | View

Red Hat Security Advisory 2020-2378-01

Posted Jun 3, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2378-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web

systems | linux, redhat

advisories | CVE-2020-12405, CVE-2020-12406, CVE-2020-12410

SHA-256 | d11e15e896d512099c9118ccbb9250d64607d675cbc5c8493240508dbcfedf6d

Download | Favorite | View

Red Hat Security Advisory 2020-2305-01

Posted Jun 3, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2305-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a privilege escalation vulnerability.

tags | advisory

systems | linux, redhat

advisories | CVE-2020-1706

SHA-256 | 6ed1e4b28e646045a58440a3c2ddb04980bf1e36d7c1c81299e50fbf59e71dc3

Download | Favorite | View

Red Hat Security Advisory 2020-2306-01

Posted Jun 3, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2306-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and memory exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability

systems | linux, redhat

advisories | CVE-2020-8552

SHA-256 | 317a1dc682bbe949d5e60d15397da39bf34d12a9ff1d55e3996850f081b14b9a

Download | Favorite | View

Red Hat Security Advisory 2020-2380-01

Posted Jun 3, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2380-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web

systems | linux, redhat

advisories | CVE-2020-12405, CVE-2020-12406, CVE-2020-12410

SHA-256 | 58228fc9b28df7c52b73a180280cbcf058674b590af5d9b896fc69fc2ebdb7c7

Download | Favorite | View

Red Hat Security Advisory 2020-2379-01

Posted Jun 3, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2379-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web

systems | linux, redhat

advisories | CVE-2020-12405, CVE-2020-12406, CVE-2020-12410

SHA-256 | 2eb373fdc58a94b36487d68b8bb039414bbd0788b16ce3e35d6a00c9f88d5534

Download | Favorite | View

Apple Security Advisory 2020-06-01-4

Posted Jun 3, 2020

Authored by Apple | Site apple.com

Apple Security Advisory 2020-06-01-4 - watchOS 6.2.6 is now available and addresses a code execution vulnerability.

tags | advisory, code execution

systems | apple

advisories | CVE-2020-9859

SHA-256 | 3cf22c9449097702cd3afcf096f5f7de2925208f95ae011a2dcaa034730f4061

Download | Favorite | View

OpenCart 3.0.3.2 Cross Site Scripting

Posted Jun 3, 2020

Authored by Kailash Bohara

OpenCart version 3.0.3.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

advisories | CVE-2020-10596

SHA-256 | 5e60117743888d1a91b9c87549d73e2d83cca8c8f22f0ee072e4ff971c29ab2b

Download | Favorite | View