exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 47 RSS Feed

Files Date: 2023-05-30

Wekan 6.74 Cross Site Scripting
Posted May 30, 2023
Authored by Heiner Liesegang | Site sec-consult.com

Wekan versions 6.74 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-28485
SHA-256 | 5f6a618a585ca68e8d37984d4e6630f7467ca93dcc564f837032ebe7f0466fa4
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens
Posted May 30, 2023
Authored by Fabian Densborn | Site sec-consult.com

Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.

tags | exploit, vulnerability, xss, file upload
advisories | CVE-2023-31285, CVE-2023-31286, CVE-2023-31287
SHA-256 | 0c6c4576c7182cef60f1720011b706cffbe6a3ce7cde23ea97cdccf7a4dc0430
Pydio Cells 4.1.2 Server-Side Request Forgery
Posted May 30, 2023
Site redteam-pentesting.de

Pydio Cells versions 4.1.2 and below suffer from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2023-32750
SHA-256 | e80dc14f94f6e8fcaa9d6b4c38de47e89b02fbf48eec2911feee938e8da47d63
Pydio Cells 4.1.2 Cross Site Scripting
Posted May 30, 2023
Site redteam-pentesting.de

Pydio Cells versions 4.1.2 and below implement the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross site scripting vulnerability.

tags | exploit, web, arbitrary, javascript, xss
advisories | CVE-2023-32751
SHA-256 | 5572c0a56c096d68de11c3dc1c9bcddd5b68526d9584952ea09e3ff2766d3365
Pydio Cells 4.1.2 Privilege Escalation
Posted May 30, 2023
Site redteam-pentesting.de

Pydio Cells versions 4.1.2 and below suffer from a privilege escalation vulnerability. It allows users, by default, to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.

tags | exploit, web, arbitrary
advisories | CVE-2023-32749
SHA-256 | 57d48188f889ecfd68177fabe259377f99ef7204208ed63108568aa4b966a11a
Papaya Medical Viewer 1.0 Cross Site Scripting
Posted May 30, 2023
Authored by Lennert Preuth | Site schutzwerk.com

Papaya Medical Viewer version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-33255
SHA-256 | 8df38a330ac2343b3e782afbd1eada60580f208c1258a2a059d50abc00c3df54
PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass
Posted May 30, 2023
Authored by Nadeem Salim, Eldar Marcussen, Luke Symons, Jeff Thomas, Stephen Bradshaw, Yianna Paris, Tony Wu, Gareth Phillips

PrinterLogic build version 1.0.757 suffers from authentication bypass, cross site request forgery, cross site scripting, session fixation, insufficient checks, impersonation, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, bypass, csrf
SHA-256 | 1631d9ea880d645fa96e60ab35dadd9fa31ea602fc8d3ea5528a7418cc9cfc0b
Ubuntu Security Notice USN-6121-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-26243, CVE-2021-21401
SHA-256 | 70aba3d5f351642efd33d4a90d4c7a283322101c6801955823fd4124f653d158
Ubuntu Security Notice USN-6120-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

tags | advisory, remote, denial of service, arbitrary, javascript, code execution
systems | linux, ubuntu
advisories | CVE-2023-25735, CVE-2023-29536, CVE-2023-32215
SHA-256 | 0beb4fd522279b672c4b92fcefa9d309a5387cdc5d645f3b2e6568d164bca679
Ubuntu Security Notice USN-6119-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-1255, CVE-2023-2650
SHA-256 | 7cded9be002541579e3683f090be21d5081a26fc1ec436e4d8356d4f2b13eea5
Ubuntu Security Notice USN-6111-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-30861
SHA-256 | f3bfcd4da58e2bede4e74902fc1c0e5e1ecf3fb718cae4373a7ba38a8117ca3e
Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow
Posted May 30, 2023
Authored by CyberIntel Team | Site cyberintel.es

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.

tags | advisory, overflow
advisories | CVE-2022-48336
SHA-256 | 02afd4c9fc0c2a2befcb44011c977e343cf195cfbc24cf539aeda6c095755e1e
Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow
Posted May 30, 2023
Authored by CyberIntel Team | Site cyberintel.es

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.

tags | advisory, overflow
advisories | CVE-2022-48335
SHA-256 | d438473704d7671721f288dc681bf4d91dc2e410798f33972f41920d4e94c857
Widevine Trustlet 5.x drm_verify_keys Buffer Overflow
Posted May 30, 2023
Authored by CyberIntel Team | Site cyberintel.es

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.

tags | advisory, overflow
advisories | CVE-2022-48334
SHA-256 | 8c5266b04d8d580797eed1dd688b474aeb0104e358a02453bbd39a55b2604206
Widevine Trustlet 5.x drm_verify_keys Buffer Overflow
Posted May 30, 2023
Authored by CyberIntel Team | Site cyberintel.es

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.

tags | advisory, overflow
advisories | CVE-2022-48333
SHA-256 | dca852cb81f2ee8b777732a16db0deb480a8e210720e5527f1a4c75e793bd4e9
Widevine Trustlet 5.x drm_save_keys Buffer Overflow
Posted May 30, 2023
Authored by CyberIntel Team | Site cyberintel.es

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.

tags | advisory, overflow
advisories | CVE-2022-48332
SHA-256 | 00618858615635079c0c4a2ffcbd253c46d153cd5b7d1bc89147c9f06425280a
Widevine Trustlet 5.x drm_save_keys Buffer Overflow
Posted May 30, 2023
Authored by CyberIntel Team | Site cyberintel.es

Widevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.

tags | advisory, overflow
advisories | CVE-2022-48331
SHA-256 | 480a5e354c015a3d414041a4f5313797e1c846023d6fc2195779351890c2f344
Ubuntu Security Notice USN-6118-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x69b0.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269
SHA-256 | c3fd847ee861707f2533419ee73e708fffbe40f6a8ae737596c1e1fe18e79052
Ubuntu Security Notice USN-6115-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6115-1 - Max Chernoff discovered that LuaTeX did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands.

tags | advisory, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2023-32700
SHA-256 | 0dcdb7dba102cbaf12dc94678349cca8c6c28a3e57f65bdb436b58404469aca1
Ubuntu Security Notice USN-6116-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6116-1 - It was discovered that hawk incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-29167
SHA-256 | af45de218e8096c29fc77f4a3e3f0fb10f1d977fc11f28dab974151edfe2454c
Ubuntu Security Notice USN-6114-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6114-1 - Yeting Li discovered that nth-check incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3803
SHA-256 | 90315d15a112db101c9738a23fd0aa077e1aebfd3aa40cb81f6a4f4deed285c0
Ubuntu Security Notice USN-6113-1
Posted May 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6113-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-6612
SHA-256 | c993c68ee262aa79c6867dcc73d49e0e1b48473cb4ae745e18efc06b67e12858
Gentoo Linux Security Advisory 202305-33
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-33 - Multiple vulnerabilities have been found in OpenImageIO, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.4.6.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-36354, CVE-2022-38143, CVE-2022-41639, CVE-2022-41649, CVE-2022-41684, CVE-2022-41794, CVE-2022-41837, CVE-2022-41838, CVE-2022-41977, CVE-2022-4198, CVE-2022-41981, CVE-2022-41988, CVE-2022-41999, CVE-2022-43592
SHA-256 | 3dd527d2b5e7ca984a2b0a358b5b181b237ddce19dac490dbe16bf6d387b633d
Gentoo Linux Security Advisory 202305-35
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-0767, CVE-2023-1945, CVE-2023-1999, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25731, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25742
SHA-256 | 80fb46eeb6bf6b4a190797c274bb247b815138162b8deea3f7a113e5d441ebc6
Gentoo Linux Security Advisory 202305-32
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-32885, CVE-2022-32886, CVE-2022-32888, CVE-2022-32891, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-42826, CVE-2022-42852, CVE-2022-42856, CVE-2022-42863, CVE-2022-42867, CVE-2022-46691
SHA-256 | 906ab1ece4af058a436e7f776c3157d7dbe079d880f2fc7014b44b4ea3fab838
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close