exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path
Posted Feb 24, 2024
Authored by LiquidWorm | Site zeroscience.mk

Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

tags | exploit, arbitrary, local
systems | windows
Debian Security Advisory 5630-1
Posted Feb 24, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5630-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
Debian Security Advisory 5629-1
Posted Feb 24, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5629-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
Backdoor.Win32.Armageddon.r MVID-2024-0670 Hardcoded Credential
Posted Feb 24, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Armageddon.r malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
Debian Security Advisory 5628-1
Posted Feb 24, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
ConnectWise ScreenConnect 23.9.7 Unauthenticated Remote Code Execution
Posted Feb 24, 2024
Authored by sfewer-r7, WatchTowr | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve remote code execution by uploading a malicious extension module. All versions of ScreenConnect version 23.9.7 and below are affected.

tags | exploit, remote, code execution, bypass
SuperCali 1.1.0 Cross Site Scripting
Posted Feb 24, 2024
Authored by tmrswrr

SuperCali version 1.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Red Hat Security Advisory 2024-0952-03
Posted Feb 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0952-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
Red Hat Security Advisory 2024-0951-03
Posted Feb 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0951-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-0950-03
Posted Feb 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0950-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
The KeyTrap Denial-of-Service Algorithmic Complexity Attacks On DNS
Posted Feb 22, 2024
Authored by Niklas Vogel, Haya Schulmann, Michael Waidner, Elias Heftrig | Site athene-center.de

In this paper, the authors show that the design of DNSSEC is flawed. Exploiting vulnerable recommendations in the DNSSEC standards, they developed a new class of DNSSEC-based algorithmic complexity attacks on DNS, they dubbed KeyTrap attacks. All popular DNS implementations and services are vulnerable. With just a single DNS packet, the KeyTrap attacks lead to a 2.000.000x spike in CPU instruction count in vulnerable DNS resolvers, stalling some for as long as 16 hours. This devastating effect prompted major DNS vendors to refer to KeyTrap as "the worst attack on DNS ever discovered". Exploiting KeyTrap, an attacker could effectively disable Internet access in any system utilizing a DNSSEC-validating resolver.

tags | paper, encryption
Debian Security Advisory 5627-1
Posted Feb 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5627-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
Gentoo Linux Security Advisory 202402-29
Posted Feb 22, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-29 - Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. Versions greater than or equal to 7.5.9.2 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
Posted Feb 22, 2024
Authored by Spencer McIntyre, jheysel-r7, sfewer-r7 | Site metasploit.com

There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. The vulnerable endpoint is the quick.cgi component, exposed by the device's web based administration feature. The quick.cgi component is present in an uninitialized QNAP NAS device. This component is intended to be used during either manual or cloud based provisioning of a QNAP NAS device. Once a device has been successfully initialized, the quick.cgi component is disabled on the system. An attacker with network access to an uninitialized QNAP NAS device may perform unauthenticated command injection, allowing the attacker to execute arbitrary commands on the device.

tags | exploit, web, arbitrary, cgi
Ubuntu Security Notice USN-6649-1
Posted Feb 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6649-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
CMS Made Simple 2.2.19 Server-Side Template Injection
Posted Feb 22, 2024
Authored by tmrswrr

CMS Made Simple version 2.2.19 suffers from a server-side template injection vulnerability.

tags | exploit
CMS Made Simple 2.2.19 Cross Site Scripting
Posted Feb 22, 2024
Authored by tmrswrr

CMS Made Simple version 2.2.19 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
Ubuntu Security Notice USN-6648-1
Posted Feb 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6648-1 - It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
CMS Made Simple 2.2.19 Remote Code Execution
Posted Feb 22, 2024
Authored by tmrswrr

CMS Made Simple version 2.2.19 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SitePad 1.8.2 Cross Site Scripting
Posted Feb 22, 2024
Authored by tmrswrr

SitePad version 1.8.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
Dotclear 2.29 Cross Site Scripting
Posted Feb 22, 2024
Authored by tmrswrr

Dotclear version 2.29 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Red Hat Security Advisory 2024-0937-03
Posted Feb 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0937-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-0934-03
Posted Feb 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0934-03 - An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
Red Hat Security Advisory 2024-0853-03
Posted Feb 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0853-03 - Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.

tags | advisory
systems | linux, redhat
FreeIPA 4.10.1 Denial Of Service / Information Disclosure
Posted Feb 22, 2024
Authored by Robb Gatica

FreeIPA version 4.10.1 has an issue where specially crafted HTTP requests potentially lead to denial of service or data exposure.

tags | exploit, web, denial of service, info disclosure
View Older Files →

Recent News

News RSS Feed
Avast Ordered To Stop Selling Browsing Data From Its Browsing Privacy Apps
Posted Feb 24, 2024

tags | headline, privacy, data loss, fraud
Threat Actors Quick To Abuse SSH-Snake Worm-Like Tool
Posted Feb 22, 2024

tags | headline, malware, worm, cryptography
Oh Geez The Coast Guard Is Just Now Going To Think About Infosec?
Posted Feb 22, 2024

tags | headline, government, usa
VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin
Posted Feb 22, 2024

tags | headline, flaw
ConnectWise Exploit Could Spur Ransomware Free-For-All
Posted Feb 22, 2024

tags | headline, hacker, malware, flaw, cryptography
An Online Dump Of Chinese Hacking Documents Offers A Rare Window Into Pervasive State Surveillance
Posted Feb 22, 2024

tags | headline, hacker, government, china, data loss, cyberwar, spyware, military
70,000 AT&T Customers Are Without Service Across The US
Posted Feb 22, 2024

tags | headline, phone, denial of service
Code Injection Or Backdoor: A New Look At Ivanti's CVE-2021-44529
Posted Feb 21, 2024

tags | headline, hacker, flaw, backdoor
Cactus Ransomware Claims 1.5TB Of Schneider Electric Data
Posted Feb 21, 2024

tags | headline, hacker, malware, cybercrime, data loss, fraud, cryptography
Apple Adds Post-Quantum Encryption To iMessage
Posted Feb 21, 2024

tags | headline, privacy, apple, cryptography
View More News →

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close