what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 135,090 RSS Feed

Files

Ubuntu Security Notice USN-6885-3
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-38474, CVE-2024-38476, CVE-2024-38477
SHA-256 | 31166839dd976fb13f0b4dbd232274dc5adcbdb22f6e4157c52f92b68f799311
Ubuntu Security Notice USN-7021-1
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7021-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2024-26677, CVE-2024-27012, CVE-2024-39496, CVE-2024-42228
SHA-256 | e949f3273efd091048f5d71881f2c7b452f9ff4168a1a80c84222cd196ba45c1
Ubuntu Security Notice USN-7020-1
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7020-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2024-41009, CVE-2024-42224, CVE-2024-42228
SHA-256 | 8bd17f2619f175659c888a248448a6b11ad2dd4cd57793413f87d6ff0ebf03d3
Online Traffic Offense 1.0 CSRF / Arbitrary File Upload
Posted Sep 18, 2024
Authored by indoushka

Online Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload, csrf
SHA-256 | e5a827b48fc4659294048f669ce8dc8150ad3c9cea88685a31c1e4fff34cdbbd
Ubuntu Security Notice USN-7019-1
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7019-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-38096, CVE-2023-52585, CVE-2023-52699, CVE-2023-52752, CVE-2023-52760, CVE-2023-52884, CVE-2023-52887, CVE-2024-23307, CVE-2024-23848, CVE-2024-24858, CVE-2024-24861, CVE-2024-25739, CVE-2024-25741, CVE-2024-25742
SHA-256 | 896effafd923d1de3290843acdecad88190e552d3dbe3db65ed560f5e511dd7a
Debian Security Advisory 5772-1
Posted Sep 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5772-1 - Yufan You discovered that Libreoffice's handling of documents based on ZIP archives was susceptible to spoofing attacks when the repair mode attempts to address a malformed archive structure.

tags | advisory, spoof
systems | linux, debian
advisories | CVE-2024-7788
SHA-256 | 18dfdc4d2a3cb0f1b3ab7cdbfff7c30a72fd566aa85476c85c16480b7d706aa4
Backdoor.Win32.CCInvader.10 MVID-2024-0694 Authentication Bypass
Posted Sep 18, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.CCInvader.10 malware suffers from a bypass vulnerability.

tags | exploit, bypass
systems | windows
SHA-256 | 7f8fbab739d2fc6fb8f975250a5f1be05abc1adfae0b192591971bf6f66b9101
Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution
Posted Sep 18, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | 717e62131924ca1af11ac62c8dd44bd60d6cffaaf4066df556a537c3442d678e
Backdoor.Win32.Delf.yj MVID-2024-0693 Information Disclosure
Posted Sep 18, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Delf.yj malware suffers from an information leakage vulnerability.

tags | exploit
systems | windows
SHA-256 | 145f23a8746541655af47b6cc26039a64ce706d01053710c1a2fcdd7dc5aa7a8
Ubuntu Security Notice USN-7018-1
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7018-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1968, CVE-2021-23840, CVE-2022-1292, CVE-2022-2068, CVE-2023-3446, CVE-2024-0727
SHA-256 | 587acc1f444243f9ef3c25e4d1de8aecbfcae8208b00502e26bf42e93ab7624c
Debian Security Advisory 5771-1
Posted Sep 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5771-1 - Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed.

tags | advisory, php
systems | linux, debian
advisories | CVE-2024-45411
SHA-256 | 1049496f29954214697205ebd4565fdbae36dcd02f1494f9dedfe7f85844e0dc
Debian Security Advisory 5770-1
Posted Sep 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
SHA-256 | c1619153de1b5b70d0c75d33d3807ae59a0796df1edfa06f7f54ce8a562d5941
Ubuntu Security Notice USN-7000-2
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7000-2 - USN-7000-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 22.04 LTS. Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-45490
SHA-256 | 59bf3b6ef3d66bb680edf070eb8e73bfa69b84933ee4e951d7c495cad067f15c
Online Exam System 1.0 Insecure Settings
Posted Sep 18, 2024
Authored by indoushka

Online Exam System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | 334bf4bade0494de08909a3410e621223fa30f288581d2a97ef3a411eb7d1432
Online Bus Ticket Booking Website 1.0 SQL Injection
Posted Sep 18, 2024
Authored by indoushka

Online Bus Ticket Booking Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 07cf01fe4d4e0156b5b9d3867b0d730760e244d75733bd6a21e9831bb21eb671
Nipah Virus Testing Management System 1.0 SQL Injection
Posted Sep 18, 2024
Authored by indoushka

Nipah Virus Testing Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, virus, sql injection, bypass
SHA-256 | 002fc73bbeed6a4576cfdb9982299838050b0bbc1adfeda7fc7c091a4c710fb3
Ubuntu Security Notice USN-7017-1
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7017-1 - Iggy Frankovic discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2024-44070
SHA-256 | 5de28707d33411664b92640aa20a05b15c3f1883532c98f677b861e05322fb02
Ubuntu Security Notice USN-7016-1
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7016-1 - Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2024-44070
SHA-256 | c16b067412f887ca443d01cd624f103aea4a4b7ba0c3c6ee59cf33092e6de7a9
Membership Management System 1.1 SQL Injection
Posted Sep 18, 2024
Authored by indoushka

Membership Management System version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 6a15cdedf00f0b752cebff83c346b7c042814e903684ee4884b3896ad044391b
HYSCALE System 1.9 Add Administrator / Cross Site Request Forgery
Posted Sep 18, 2024
Authored by indoushka

HYSCALE System version 1.9 suffers from add administrator and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | be1be6516ccdabbe67428de5ef0e49fca374004dda69f00f5fe8c675baa3d990
Furniture Master 2 SQL Injection
Posted Sep 18, 2024
Authored by indoushka

Furniture Master version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | de62e37b3de6cb06ff4294692fa90d5dbfd158a0153c79993900f1fcc28b6789
Food Ordering And Table Reservation System For Restaurants 1.0 Insecure Settings
Posted Sep 18, 2024
Authored by indoushka

Food Ordering and Table Reservation System for Restaurants version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | bc2fab72834ac56fe6948d05d57dea4c287fd8500fe999daf8cd8d910200f7a3
Beauty Parlour And Saloon Management System 1.1 Insecure Settings
Posted Sep 18, 2024
Authored by indoushka

Beauty Parlour and Saloon Management System version 1.1 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | d6660c1c6980ef3268d1a22cf2f264a4cca0ec4b56c1477c7fef4007d4b6424a
Microsoft Windows TOCTOU Local Privilege Escalation
Posted Sep 17, 2024
Authored by jheysel-r7, tykawaii98 | Site metasploit.com

CVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode. When the kernel performs the copy of the SecurityAttributesList, it sets up the list of the SecurityAttributes structure directly to the user supplied pointed. It then calls RtlCopyUnicodeString and AuthzBasepCopyoutInternalSecurityAttributeValues to copy out the names and values of the SecurityAttribute leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.

tags | exploit, kernel, vulnerability
systems | windows
advisories | CVE-2024-30038
SHA-256 | a4e521839032a10c16e91b79eb43b6f9620dcc27482be434b0d2b62d5ac92e66
WordPress LiteSpeed Cache Cookie Theft
Posted Sep 17, 2024
Authored by jheysel-r7, Rafie Muhammad | Site metasploit.com

This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default. The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.

tags | exploit
advisories | CVE-2024-44000
SHA-256 | 6e09b750ae1a9a0b2b8f3c6e3aa95c6c27115a13bd3431b2f9fa3155e9f1d346
Page 1 of 5,404
Back12345Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close