what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2023-03-30

Ancillary Function Driver (AFD) For Winsock Privilege Escalation
Posted Mar 30, 2023
Authored by Christophe de la Fuente, b33f, Yarden Shafir, chompie | Site metasploit.com

A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures and achieve local privilege escalation. This exploit only supports Windows 11 22H2 up to build 22621.963 (patched in January 2023 updates).

tags | exploit, arbitrary, kernel, local
systems | windows
advisories | CVE-2023-21768
SHA-256 | d5a189a643f3c07d66a853b96018a65f135901780840ff23dc17f6a405330ebb
Ubuntu Security Notice USN-5986-1
Posted Mar 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-1393
SHA-256 | 911066ac4311b788c41404c574cbf8917d8b512368840266587db82f72a72ccc
Debian Security Advisory 5380-1
Posted Mar 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.

tags | advisory, root
systems | linux, debian
advisories | CVE-2023-1393
SHA-256 | 013d8199c96a3b7dd39b9bfe5fe4ea2bc5461ae2364515cecde74828ad3a6eb2
Eve-ng 5.0.1-13 Cross Site Scripting
Posted Mar 30, 2023
Authored by hassan ali al-khafaji

Eve-ng version 5.0.1-13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | be43de673fe4e34764578de538a60501318e3c4d6d645aed30e25aa59b27759e
Red Hat Security Advisory 2023-1514-01
Posted Mar 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1514-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-38752, CVE-2022-41853, CVE-2022-41854, CVE-2022-41881, CVE-2022-4492, CVE-2022-45787, CVE-2023-0482, CVE-2023-1108
SHA-256 | d824fa0b2fa9cc42e7a86a5d520947e9f872bd49e8c27c8d03ebc68e2daf842c
Kernel Live Patch Security Notice LSN-0093-1
Posted Mar 30, 2023
Authored by Benjamin M. Romer

Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux
advisories | CVE-2023-0179, CVE-2023-0461
SHA-256 | 9ca065d34d62ef1d0df4e30ce9203dc0a6cfef9ecac0deae5d2d89eba1965f1d
Red Hat Security Advisory 2023-1513-01
Posted Mar 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1513-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-38752, CVE-2022-41853, CVE-2022-41854, CVE-2022-41881, CVE-2022-4492, CVE-2022-45787, CVE-2023-0482, CVE-2023-1108
SHA-256 | 8af2d0ded0c961c64669c01e0c9a55b02840722c7cb068fa9c23855dfb94ec90
WordPress WPForms 1.7.8 Cross Site Scripting
Posted Mar 30, 2023
Authored by Milad Karimi

WordPress WPForms plugin version 1.7.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6ccc5a533aa018a5be4bf48f7f87db7efe5aeabb1e0c4091a490e2fa64a35163
Ubuntu Security Notice USN-5985-1
Posted Mar 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5985-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3669, CVE-2022-2196, CVE-2022-4382, CVE-2023-23559
SHA-256 | 472ef01370911b81da0cb6d1cd39a89de18fe065419e73503f1c4ec9cfbe680d
Forcepoint (Stonesoft VPN Client) 6.2.0 / 6.8.0 Local Privilege Escalation
Posted Mar 30, 2023
Authored by Touhami Kasbaoui

Forcepoint (Stonesoft VPN Client) versions 6.2.0 and 6.8.0 suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | f6383ba11e6f010a7f9f457d8f2b9827a5acea62cbd5f49315ad1360bcf77d12
Red Hat Security Advisory 2023-1310-01
Posted Mar 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41717, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0767, CVE-2023-23916
SHA-256 | e5eb8b0b47fd0a608cf22a5a3e3741ddc9a553166dedfea4bfc036bc9cdb5742
CrowdStrike Falcon Agent 6.44.15806 Uninstall Issue
Posted Mar 30, 2023
Authored by Fortunato Lodari, Luca Bernardi, Davide Bianchin, Raffaele Nacca, Walter Oberacher

CrowdStrike Falcon Agent version 6.44.15806 has an uninstall bypass flaw that works without an installation token.

tags | exploit, bypass
advisories | CVE-2022-2841, CVE-2022-44721
SHA-256 | 167262fcff544a60f4b74a17ab58d1672ae1c935d619879546b24472434ee61a
Lavasoft 4.1.0.409 Unquoted Service Path
Posted Mar 30, 2023
Authored by P4p4 M4n3

Lavasoft version 4.1.0.409 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 5b794c681e560dc215c9b38c6aa29046256f478b25254460d301fd28da4eea5d
Red Hat Security Advisory 2023-1512-01
Posted Mar 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1512-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-38752, CVE-2022-41853, CVE-2022-41854, CVE-2022-41881, CVE-2022-4492, CVE-2022-45787, CVE-2023-0482, CVE-2023-1108
SHA-256 | 8b199d244e9663ea80d29b5f565ad951a94aac5b8c1b7531eb30175765526316
Ubuntu Security Notice USN-5987-1
Posted Mar 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5987-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2196, CVE-2022-3424, CVE-2022-36280, CVE-2022-41218, CVE-2022-4382, CVE-2022-48423, CVE-2022-48424, CVE-2023-0045, CVE-2023-0210, CVE-2023-0266, CVE-2023-23454, CVE-2023-23455, CVE-2023-23559, CVE-2023-26606
SHA-256 | 3ea2c4f328cd7b670a3685872b3e880855897778278430f766f4304cd2a0e323
Virtual Reception 1.0 Directory Traversal
Posted Mar 30, 2023
Authored by Spinae

Virtual Reception version 1.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 8e6ab59605f1f4d16d9e84559bfbc1cc7334ebb367d1996dfd274122c598c62b
Covenant 0.5 Remote Code Execution
Posted Mar 30, 2023
Authored by xThaz

Covenant version 0.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | d33a19f48e68f9cc41d80528f03b7c0b426bb5f695a0dd8f782f7cd338b0e126
DSL-124 Wireless N300 ADSL2+ Backup Disclosure
Posted Mar 30, 2023
Authored by Aryan Chehreghani

DSL-124 Wireless N300 ADSL2+ suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 63d71c45b66ab170d2acf14007338350c4e6603e64a4f67be40cf28b407eee4c
Red Hat Security Advisory 2023-1529-01
Posted Mar 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1529-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Issues addressed include a denial of service vulnerability.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2022-1705, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806, CVE-2022-24675, CVE-2022-27664, CVE-2022-28327, CVE-2022-29526, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-32189, CVE-2022-41715
SHA-256 | 076cb56938e56f5592e65cea88fd4e9701c30fce49bfb1b10a1802daa15305ca
Ubuntu Security Notice USN-5983-1
Posted Mar 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5983-1 - Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15227
SHA-256 | 7f3fc7481f4825c01bce964333eb8d675520cea2a1d34cd0eab61d090139569a
myBB forums 1.8.26 Cross Site Scripting
Posted Mar 30, 2023
Authored by Andrey Stoykov

myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 49b4fc9b3db0a04ca44a9ec1d64e1ec281a090a818f848111b735b27147db2e9
Dreamer CMS 4.0.0 SQL Injection
Posted Mar 30, 2023
Authored by lvren

Dreamer CMS version 4.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2022-43128
SHA-256 | 15d057c439a6bc075c46918cd4a29123a3d7b0081fbe9b56a8e0cbd844c96480
Helmet Store Showroom 1.0 SQL Injection
Posted Mar 30, 2023
Authored by Ameer Hamza

Helmet Store Showroom version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
SHA-256 | 07ae991621e02a876c8ba54defb2278fed838852914d0bc12b799b33c135291b
Uniview NVR301-04S2-P4 Cross Site Scripting
Posted Mar 30, 2023
Authored by Bleron Rrustemi

Uniview NVR301-04S2-P4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 51639a999c454c910d7ce644fac8bca7798e2d4607bc7a6ed7a3b6efa55c3632
Inbit Messenger 4.9.0 Remote Command Execution
Posted Mar 30, 2023
Authored by a-rey

Inbit Messenger versions 4.6.0 through 4.9.0 suffer from an unauthenticated remote command execution vulnerability.

tags | exploit, remote
SHA-256 | cf884f16a40135fedf2176fa7bc17668130317279122a83f01dddcd3d8aae02a
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close