exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 557 RSS Feed

Files Date: 2023-07-01 to 2023-07-31

Western Digital MyCloud Unauthenticated Command Injection
Posted Jul 28, 2023
Authored by Remco Vermeulen, Erik Wynter, Steven Campbell | Site metasploit.com

This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.

tags | exploit, remote, web, cgi, root, php, vulnerability, code execution
advisories | CVE-2016-10108, CVE-2018-17153
SHA-256 | 0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
Joomla Solidres 2.13.3 Cross Site Scripting
Posted Jul 28, 2023
Authored by CraCkEr

Joomla Solidres extension version 2.13.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ae48996993894a633fb76e87ae7d464ab6ad9123dbbc06bb9f5bb3f85a13dc9
Red Hat Security Advisory 2023-4313-01
Posted Jul 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4313-01 - PostgreSQL is an advanced object-relational database management system.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2454, CVE-2023-2455
SHA-256 | d6e56520302f2d64d01c51e0a97b335e8167485a0078f5e6c0f464e9f421a45d
Ubuntu Security Notice USN-6259-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6259-1 - Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior.

tags | advisory, tcp
systems | linux, ubuntu
advisories | CVE-2020-13987, CVE-2020-13988, CVE-2020-17437
SHA-256 | 11add8b04ad913d8a0d55bdb51820f2c3df6cc99cc46d3fb35aa47446b9c769f
Ubuntu Security Notice USN-6260-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48502, CVE-2023-2640, CVE-2023-3090, CVE-2023-31248, CVE-2023-3141, CVE-2023-32629, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001
SHA-256 | a4384a0d58c965d16d9a12fe71bc79afb9b36f12a4660d6419a9dae8338f976a
Red Hat Security Advisory 2023-4226-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2022-46663, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-1260, CVE-2023-24329, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-25173
SHA-256 | ce4492864dcb382a006d5197438c039f97330f652c6c8aed7cc631262735dfe7
Red Hat Security Advisory 2023-4225-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2023-1260, CVE-2023-24329, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-27561, CVE-2023-2828, CVE-2023-29400, CVE-2023-3089
SHA-256 | 1ee5cc88afc05f04f8cab5e69c08e0c0eb450ca34081c1800b05f30e7d89899b
Debian Security Advisory 5460-1
Posted Jul 27, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5460-1 - It was discovered that Curl performed incorrect file path handling when saving cookies to files, which could lead to the creation or overwriting of files.

tags | advisory
systems | linux, debian
advisories | CVE-2023-32001
SHA-256 | 6e2f994d08396a20ab9a51c73c0d306c696b60020ddc145cb1423220ed1abd2b
TOR Virtual Network Tunneling Tool 0.4.7.14
Posted Jul 27, 2023
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This version contains several minor fixes and one major bugfix affecting vanguards (onion service).
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | a5ac67f6466380fc05e8043d01c581e4e8a2b22fe09430013473e71065e65df8
Ubuntu Security Notice USN-5193-3
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5193-3 - USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-4008
SHA-256 | 1eb1ddb27fbb758f427c0bf5ea4ee429be3e11990390a1e22ded9d1a9f2be38e
Ubuntu Security Notice USN-6258-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6258-1 - It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-29932, CVE-2023-29933, CVE-2023-29934, CVE-2023-29939
SHA-256 | 15c885edb7e0ba7f4983c7a40211df4b440b82848835df91fc7c1e82a2b8501a
XLAgenda 4.4 Cross Site Request Forgery
Posted Jul 27, 2023
Authored by indoushka

XLAgenda version 4.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b32d86f04f194dce3c7ff53cbf3caca6972b63541fb6d557a75d1b79c5076778
WonderCMS 0.6-Beta Password Disclosure
Posted Jul 27, 2023
Authored by indoushka

WonderCMS version 0.6-Beta suffers from a password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 7730fce6db7c8209b7f075de09ab07291b78604414042879ee1427de2ab0f527
xForUp Simple File Uploader 1.0 SQL Injection
Posted Jul 27, 2023
Authored by indoushka

xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection, file upload
SHA-256 | 361651b4acd30ddc2f3f044531153e1a0b18342e97aaf21d8d9a9cdeebb3c58c
Ubuntu Security Notice USN-6257-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6257-1 - It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-20867
SHA-256 | 9874c20b43c69ee280343a66768f47a879830a6aa5d20f830e0e79427463ade2
Ubuntu Security Notice USN-6256-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6256-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-3108, CVE-2022-3707, CVE-2022-3903, CVE-2022-4129, CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118
SHA-256 | 53c2946b5d19f257334d1182e7199b58771f576b4b09ca7d1fb73edd8b8401a3
B-OBEC V.092019 SQL Injection
Posted Jul 27, 2023
Authored by indoushka

B-OBEC version V.092019 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5a322b9d3bddaaa850e7f2eb9c8fa01c12d8bc7f0f77059234b6bbe521e18c21
BMIT BMS 2.1 SQL Injection
Posted Jul 27, 2023
Authored by indoushka

BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6c44b20654cc1ac0bd5815441e8f32129376fb466e937a80b8c808e94f6eee08
Ubuntu Security Notice USN-6255-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-3389, CVE-2023-3390, CVE-2023-3439, CVE-2023-35001
SHA-256 | b92e45b5821cbc38a01a9f4fad300b0ca630b46f0b15c730d3315c01259ea4d7
Red Hat Security Advisory 2023-4290-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2021-46848, CVE-2022-1271, CVE-2022-1304, CVE-2022-2509, CVE-2022-28805, CVE-2022-34903, CVE-2022-35737, CVE-2022-36227, CVE-2022-3715, CVE-2022-40303, CVE-2022-40304, CVE-2022-47629, CVE-2023-0464
SHA-256 | 1e2b8ec0277e95d223b5e93c67cebd05ba8613dd04c6a60f215d9837febfb0b2
Red Hat Security Advisory 2023-4293-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-41723, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-24539, CVE-2023-26125, CVE-2023-26604, CVE-2023-29400, CVE-2023-29401
SHA-256 | a6c7962adce03ec3f046c6f9917c53d0076af524b7a7d3efc40bc00d003762f8
Ubuntu Security Notice USN-6254-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0458, CVE-2023-1611, CVE-2023-2124, CVE-2023-2162, CVE-2023-2513, CVE-2023-3090, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001
SHA-256 | 0faaa1a4c904d2777eb8f39748a9d767eddb9f41659d19079b8dcbea4f5d81ef
AMSS++ 5.21.09 SQL Injection
Posted Jul 27, 2023
Authored by indoushka

AMSS++ version 5.21.09 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d6eff57f5ad369547a8526cb80208127f9e3dca31c5ffa7cd2842cd831b083a6
AMS Logistics 2.2 SQL Injection
Posted Jul 27, 2023
Authored by indoushka

AMS Logistics version 2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c055825a498e3cdbb7ec70ab1ea8dd878ae30e419ded9bd11a3d50cac6ee442a
Red Hat Security Advisory 2023-4286-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2022-48281, CVE-2023-1667, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-2283, CVE-2023-25193, CVE-2023-26604, CVE-2023-27535, CVE-2023-28466
SHA-256 | d5d35601175060e7441b9a1481c61970c832969895ba21bcfab1b55787d9e0f1
Page 1 of 23
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close