what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2023-04-18

SecurePoint UTM 12.x Memory Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, memory leak
advisories | CVE-2023-22897
SHA-256 | 15ddc40a5043fe4407a10fa673fb39fdb12a08b717f9167e70ad626fbe024350
Ubuntu Security Notice USN-6010-2
Posted Apr 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6010-2 - USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29538, CVE-2023-29539, CVE-2023-29540, CVE-2023-29541, CVE-2023-29548
SHA-256 | 91b321d6bb292302d0902231bbb90982f43608fbd09b88542bb4eb7885242ffa
Red Hat Security Advisory 2023-1823-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2023-1668
SHA-256 | e8f44fb74ddd743b498dc4da96280d03329e94dfb3b869f04aa7e6b2edb4a7d3
Red Hat Security Advisory 2023-1809-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1809-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | dfe257d75c056b521684f9f2b2d3a47d7cc40698d11a3cd0008d1233199aee09
SecurePoint UTM 12.x Session ID Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, info disclosure
advisories | CVE-2023-22620
SHA-256 | 1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69
Red Hat Security Advisory 2023-1815-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1815-01 - Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 2eff8844a7d75ec8ab0b319a1d489a5238ea00dcd5e05f7637dfd0a486367298
Red Hat Security Advisory 2023-1810-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1810-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | 81ff7852b2ea95f1a40ee70d5d74d1e16790b2a800fa21a3f41fc9c3cd1d1a77
SPIP Remote Command Execution
Posted Apr 18, 2023
Authored by coiffeur, Laluka, Julien Voisin | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10, below 4.1.18 and below 4.2.1.

tags | exploit, web, arbitrary, php
advisories | CVE-2023-27372
SHA-256 | da36b42d35a291178bebac45397335e931352a6a022f64275dfb7fc469079f1f
Red Hat Security Advisory 2023-1802-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1802-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | 538f023917a5eb6868e1045cee7e0be11d7bda3fa07d93aa038d30422a8a8e2b
Red Hat Security Advisory 2023-1811-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1811-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | 9cb37a900ff1cfc9423cb4a8ad2c9324f0a00bb12a53f5e29650ae6816d801f4
VMware Workspace ONE Remote Code Execution
Posted Apr 18, 2023
Authored by mr_me, jheysel-r7 | Site metasploit.com

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute any operation. The second vulnerability, CVE-2022-22957, is a JDBC injection remote code execution vulnerability specifically in the DBConnectionCheckController class's dbCheck method which allows an attacker to deserialize arbitrary Java objects which can allow for remote code execution.

tags | exploit, java, remote, arbitrary, vulnerability, code execution
advisories | CVE-2022-22956, CVE-2022-22957
SHA-256 | 7c29d90e3f3e9d482ff4bcd4e44dc3c7f3847da9e1f2f563dc1812dc6362bcd4
Red Hat Security Advisory 2023-1804-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1804-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | 01a2a96c3e0e8201e6334f23dce9c534e30ab319bb471b3431fd6e2a2f81d955
Red Hat Security Advisory 2023-1803-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1803-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | ea6d658d9101df85c0af033c0333d2761b6794fbd21adf9254e0165d5f27593d
WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting
Posted Apr 18, 2023
Authored by Ramuel Gall, Alex Thomas | Site wordfence.com

WordPress Weaver Xtreme theme versions 5.0.7 and below and Weaver Show Posts plugin versions 1.6 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-1403, CVE-2023-1404
SHA-256 | b0172ec77c6215204d9915dd71ebcb20dcc8714211ffcb31f41fff852f6ba6fd
Red Hat Security Advisory 2023-1806-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1806-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | 048779c73b2a45ea1802c3a92b25e01ce1f3c46d68f08c26ec67d3987d95fa96
Red Hat Security Advisory 2023-1805-01
Posted Apr 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1805-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-0547, CVE-2023-1945, CVE-2023-28427, CVE-2023-29479, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550
SHA-256 | 0399db37c143a0249e18af01f7d4eb3b0ab31384dc02e04cbb6816a10a3c58a6
CentOS Stream 9 Missing Kernel Security Fix
Posted Apr 18, 2023
Authored by Jann Horn, Google Security Research

CentOS Stream 9 has a missing kernel security fix for a tun double-free amongst other missing fixes. Included is a local root exploit to demonstrate the issue.

tags | exploit, kernel, local, root
systems | linux, centos
advisories | CVE-2022-4744, CVE-2023-1249
SHA-256 | ff7d7021860395c29340e572b9c37574d2458d361ce7c71f08cc837f0834b69e
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close