what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2022-12-06

VMware vCenter vScalation Privilege Escalation
Posted Dec 6, 2022
Authored by h00die, Yuval Lazar | Site metasploit.com

This Metasploit module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was successfully tested against VMware VirtualCenter 6.5.0 build-7070488. Vulnerable versions should include vCenter 7.0 before U2c, vCenter 6.7 before U3o, and vCenter 6.5 before U3q.

tags | exploit, java, root
advisories | CVE-2021-22015
SHA-256 | e5bb28e758144ba8e3fbddf9c9f2df8795ff92df6198a13b91a6aa3fb2f54509
GNUnet P2P Framework 0.19.0
Posted Dec 6, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Added function to compute channel name for notifications. Improved platform-specific includes in builds. Large refactor in order to restore some sanity with respect to private defines used in headers. Various other updates.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 468f4859ee0bd2a20fcb857446c69ada9d38ff002d7530785a5364e298e3a52f
Faraday 4.3.0
Posted Dec 6, 2022
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Updated the associated command when an agent execution returns empty. Added cvss3 scope field to vulnerability schema. Added cvss2/3 and cwe to export_csv. Improved command object creation in bulk create. Fixed open and closed stats in ws filter endpoint. Added error command status in every validation of reports upload process. Added BulkDelete with filters. Changed filter logic on numeric fields.
tags | tool, rootkit
systems | unix
SHA-256 | 20104a160b2e4d417ce0ae0b01646a5284c8e2aeb808e7245ecace75e15a8f89
Evernote Web Clipper Same-Origin Policy Bypass
Posted Dec 6, 2022
Authored by Tavis Ormandy, Google Security Research

Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post.

tags | advisory, web, bypass
SHA-256 | edeb6d56c9d50dfe6a6599592c18c494c4d5dc6ad6ea545586270e0e19511589
Ubuntu Security Notice USN-5764-1
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2022-2347, CVE-2022-30767, CVE-2022-33103, CVE-2022-33967, CVE-2022-34835
SHA-256 | c374fbc3c67ea72a61b394231c2cae8b95818ad1195b97b00f7b4e460194f7d8
Ubuntu Security Notice USN-5761-2
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5761-2 - USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.

tags | advisory, root
systems | linux, ubuntu
SHA-256 | 2ac590c5fa5d1b4e79477dbb12628fb231764da07b5b38ba08c88919ec13ff84
Red Hat Security Advisory 2022-8799-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8799-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2414
SHA-256 | 5f529d38e958722e01b6252b7b3400d25dcb1b18bb19d6b8e008b7df8e538735
Red Hat Security Advisory 2022-8806-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8806-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-25058
SHA-256 | adb2ac8ca696ef480ddfc313f0e2d5ec834375a6dc658662a32c3328f5d35e87
Red Hat Security Advisory 2022-8809-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8809-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-1158, CVE-2022-2639
SHA-256 | 13de356a9378b54fac66748d94897c37a9eddb00ec9145bd1d5be6403fdbe58f
Red Hat Security Advisory 2022-8800-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8800-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2601, CVE-2022-3775
SHA-256 | 799b6ce0682c2cfecbcb669f0771aef19619f3087435d188570f5d1dd7b8beba
Red Hat Security Advisory 2022-8812-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
SHA-256 | cc1a2acc8818872d679756ba36138b354f4028b1c9dccd44025519aa59e0f7ee
Red Hat Security Advisory 2022-8792-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8792-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2022-2764
SHA-256 | edf0f82e2602814e4f0d0455866830c9461d65b60a07288c290dbbef9cadd901
Red Hat Security Advisory 2022-8790-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8790-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2022-2764
SHA-256 | f8537deeb7331e506aae0b26b53618051decb3a77e8ce6e9c5881fd50218cb2b
Red Hat Security Advisory 2022-8791-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8791-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2022-2764
SHA-256 | 5ae334363169253e36d15d224a6537f6638633641589cdb3630897d09f86a090
Red Hat Security Advisory 2022-8793-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8793-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2022-2764
SHA-256 | a5c16862afa422419bf5fc37961ecb9950dffd5f9d268d6ff9b546b7b440d82c
Ubuntu Security Notice USN-5762-1
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5762-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-38533
SHA-256 | d4887d08b68ed5ea32d53aade9726a79a220cdce01e8b92162e681fe7a953184
Ubuntu Security Notice USN-5761-1
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5761-1 - Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.

tags | advisory, root
systems | linux, ubuntu
SHA-256 | a1543428b0ef15f9a82d68c170b6dcc383d9cc53a47af58cfa00f7605a769e95
Senayan Library Management System 9.5.1 SQL Injection
Posted Dec 6, 2022
Authored by nu11secur1ty

Senayan Library Management System version 9.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1387c06b6cf9c53403863306d58077dc265824b6308fadf871038432e6f98c7e
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close