what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2022-05-02

Packet Storm New Exploits For April, 2022
Posted May 2, 2022
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 150 exploits added to Packet Storm in April, 2022.

tags | exploit
SHA-256 | 308c93a4119d3e38af49bcea7afd2162357abf8f1f8689ed16e0b2bc4aa0de4e
WSO Arbitrary File Upload / Remote Code Execution
Posted May 2, 2022
Authored by Orange Tsai, wvu, hakivvi, Jack Heysel | Site metasploit.com

This Metasploit module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.

tags | exploit, remote, code execution, file upload
advisories | CVE-2022-29464
SHA-256 | 7bdab9b3101da4ba2df8ff1f6a558171e4d8a503d4d44bcbaf0347587fa69a4d
Red Hat Security Advisory 2022-1665-01
Posted May 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1665-01 - The gzip packages contain the gzip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1271
SHA-256 | ca530d5e9416b7c13a4d78af15826bfad84ef29c2938e0cbc37677862407e3f3
WordPress Stafflist 3.1.2 Cross Site Request Forgery
Posted May 2, 2022
Authored by Hassan Khan Yusufzai

WordPress Stafflist plugin version 3.1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 9d6c94780d9e6bad20039cfa30e21ac1263e9e05f4af98d371874857a71295c3
WordPress Stafflist 3.1.2 SQL Injection
Posted May 2, 2022
Authored by Hassan Khan Yusufzai

WordPress Stafflist plugin version 3.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 76212ce51a690afcb72976ffdf858974f47d6bff5804091f1c6e89f12d4ebfe3
Ubuntu Security Notice USN-5382-2
Posted May 2, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5382-2 - USN-5382-1 fixed a vulnerability in libinput. This update provides the corresponding updates for Ubuntu 22.04 LTS. Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-1215
SHA-256 | 67195fd3b54b029ccd4a0d9b0290d31b7dec01f28c5744fb01748494eafc8e67
Strapi 3.6.8 Password Disclosure / Insecure Handling
Posted May 2, 2022
Authored by Kitchaphan Singchai

Strap versions prior to 3.6.9 and 4.1.5 disclose a user's password due to simply base64 encoding it and sticking it in a cookie.

tags | exploit
advisories | CVE-2021-46440
SHA-256 | 069e678d219ce2bfcd777e3fcf09ee5a7c59fe5b6c563e15e918fd0877c7aff7
Red Hat Security Advisory 2022-1661-01
Posted May 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1661-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032
SHA-256 | fb61b760ab6bb66f0eee64aa5821f9a9797c53303b63d5f75f4c30009296afe6
Red Hat Security Advisory 2022-1663-01
Posted May 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1663-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2021-3733, CVE-2021-3737, CVE-2021-4189, CVE-2022-0391
SHA-256 | 6432414f7b8a6571ed395cf657578903108760e6c22f8983c8ddccfd17747480
Ransom.LockBit MVID-2022-0572 Code Execution
Posted May 2, 2022
Authored by malvuln | Site malvuln.com

LockBit ransomware looks for and executes DLLs in its current directory. This can potentially allow us to execute our own code, control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
SHA-256 | 2309d126cc5ad752cce17568336336941a74bd3cad316628d72b23e6103bbdc2
Red Hat Security Advisory 2022-1664-01
Posted May 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1664-01 - lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2021-43818
SHA-256 | 9e2395329688adbce9f1cb130f3cb5b197290b8c31a19fbfe1ef9ddcfdfbeb67
Covid 19 Travel Pass Management System 1.0 SQL Injection
Posted May 2, 2022
Authored by nu11secur1ty

Covid 19 Travel Pass Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8c232ce0a1da7fa75903ca2807d34366340d6c85780e027ddfaa612d65d60aea
Red Hat Security Advisory 2022-1662-01
Posted May 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1662-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-29599
SHA-256 | aa50bcf7e9ca9147b16c3946ba439286f9ef8c50feb70b742751fab6518e6934
Toll Tax Management System 1.0 SQL Injection
Posted May 2, 2022
Authored by nu11secur1ty

Toll Tax Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 317767316eef211ac935a713d8b56603dc6e80969ace44334e34402ca5937bf6
Red Hat Security Advisory 2022-1646-01
Posted May 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1646-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, protocol, python
systems | linux, redhat
advisories | CVE-2022-24801
SHA-256 | edafd374bc7080d26a801370b03b76f7d43b88ef319ac614fe523e26bd1f10a3
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close