exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files Date: 2023-08-04

Debian Security Advisory 5467-1
Posted Aug 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5467-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078
SHA-256 | 9746736e5ad0547769a67aa9e3341df6a9896e510c46325b72fba0be7a4965cd
Debian Security Advisory 5466-1
Posted Aug 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5466-1 - It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received.

tags | advisory
systems | linux, debian
advisories | CVE-2023-4012
SHA-256 | ea9f1572b7d4ca5fa982ffce4713932ead0ecbfd3d51492fad7558417049d4c1
Canon PIXMA TR4550 1.020 / 1.080 Unencrypted Secret Storage
Posted Aug 4, 2023
Authored by Manuel Stotz | Site syss.de

The Canon PIXMA TR4550 stores sensitive data, such as the SSID and the Wi-Fi pre-shared key (PSK), unencrypted in its persistent storage (EEPROM). Resetting the product to factory settings does not securely delete this sensitive information. Versions 1.020 and 1.080 are affected.

tags | exploit
SHA-256 | e18ed4bfb6b147224bfbdafe53ebbbc71e96f5992a0562fc4eba3906334ee60b
Ubuntu Security Notice USN-6274-1
Posted Aug 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6274-1 - Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-36661
SHA-256 | 19e79cbe903a0246e94a3fa323db69d8e7a0eaca4f93fad7e0207bf2f9ff311d
Intelliants Subrion CMS 4.2.1 Remote Code Execution
Posted Aug 4, 2023
Authored by Fellipe Oliveira, Ismail E. Dawoodjee, Hexife | Site metasploit.com

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.

tags | exploit, remote, code execution, file upload
advisories | CVE-2018-19422
SHA-256 | 72859313ffb21cb022d15b4566fe8863b0a0f88f5ef2dff2e8c3eba2e934c2ce
Citrix ADC (NetScaler) Remote Code Execution
Posted Aug 4, 2023
Authored by Ron Bowes, Spencer McIntyre, Douglass McKee | Site metasploit.com

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.

tags | exploit, remote, web, overflow, root, code execution
advisories | CVE-2023-3519
SHA-256 | 94d1415f6fe455813346e8f6de25a1fa7b5b88484ea770a8bc9b669e25457a13
GNU Transport Layer Security Library 3.7.10
Posted Aug 4, 2023
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Fixed removal of duplicate certificates during verification in libgnutls. Fixed checking on hash algorithm used in ECDSA in FIPS mode in libgnutls. Mark composite signature API non-approved in FIPS mode in libgnutls.
tags | protocol, library
SHA-256 | b6e4e8bac3a950a3a1b7bdb0904979d4ab420a81e74de8636dd50b467d36f5a9
Debian Security Advisory 5464-1
Posted Aug 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5464-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass.

tags | advisory, web, arbitrary, spoof
systems | linux, debian
advisories | CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4055, CVE-2023-4056
SHA-256 | 3069629d3ef5bc6b0d21cfa08fe173ff4a81f30ad88de2fa86b9b678de047138
WordPress Adivaha Travel 2.3 Cross Site Scripting
Posted Aug 4, 2023
Authored by CraCkEr

WordPress Adivaha Travel plugin version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e73caf77468320e4edfd0009aa8a04f4c0e978dc9be0d3890a8d42d41b1c4a0a
Red Hat Security Advisory 2023-4475-01
Posted Aug 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4475-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089
SHA-256 | 5a99e222d213dbe2342e0393e6098878ebf40578b53a89010d0aa852634b2e29
Ubuntu Security Notice USN-6273-1
Posted Aug 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6273-1 - Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-27337, CVE-2023-34872
SHA-256 | badf6cba568a05acbe51df73153826647bc7178fe772457b3982573cf50845a8
Debian Security Advisory 5465-1
Posted Aug 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5465-1 - Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service.

tags | advisory, web, denial of service, python
systems | linux, debian
advisories | CVE-2023-36053
SHA-256 | 33b7ca821d6fc6dd2ab809a37b4f1612df724b871bdac89beddd3b918a60c415
Red Hat Security Advisory 2023-4471-01
Posted Aug 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4471-01 - Red Hat OpenShift Serverless Client kn 1.29.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.29.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. This release includes security and bug fixes, and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3089
SHA-256 | 284f930ef367225816f3bafd712d70efcd7f83333fced0c0efb0b1493ecac730
Xlight FTP Server 3.9.3.6 Stack Buffer Overflow
Posted Aug 4, 2023
Authored by Yehia Elghaly

Xlight FTP Server version 3.9.3.6 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | c93c53ba75838e1a8737f505ea9a9ee2eb80967242203b18e7f363133ef1b554
Red Hat Security Advisory 2023-4472-01
Posted Aug 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4472-01 - Version 1.29.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13. This release includes security and bug fixes, and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-1667, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-2283, CVE-2023-24329, CVE-2023-24539, CVE-2023-25193, CVE-2023-26604
SHA-256 | 6279c43e2e64c3223f9a641285d7c47b27f5e06abc997f2a8678863ea219e43e
Ubuntu Security Notice USN-5064-3
Posted Aug 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5064-3 - USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-38185
SHA-256 | 848d27ec0229bbed482d72d1c434ad927ab11faebfa5356ff55ec79046e7f471
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
Posted Aug 4, 2023
Authored by Miguel Santareno

WordPress EventON Calendar plugin version 4.4 suffers from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2023-2796
SHA-256 | fb2bcd929980474ea78a4c3aef30b7f6cf18d2e0e345c56fb0eaf2f8dbd00157
WordPress Ninja Forms 3.6.25 Cross Site Scripting
Posted Aug 4, 2023
Authored by Mehran Seifalinia

WordPress Ninja Forms plugin version 3.6.25 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-37979
SHA-256 | 2f5172bba94c67423895b9834718d894cb792397b17c96031ba1295f5a262551
Ubuntu Security Notice USN-6275-1
Posted Aug 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6275-1 - Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user.

tags | advisory, local
systems | linux, unix, ubuntu
advisories | CVE-2023-38497
SHA-256 | f2966c79576ad4d4b94a6d3844273a23c1a3674ca05ab3e471da58790232a5aa
COURIER DEPRIXA 2.5 Cross Site Request Forgery
Posted Aug 4, 2023
Authored by indoushka

COURIER DEPRIXA version 2.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 057025def7e831a2032ce61d12d854618ff7bb979f4a1cf9889728a45e82d30e
Webedition CMS 2.9.8.8 Cross Site Scripting
Posted Aug 4, 2023
Authored by Mirabbas Agalarov

Webedition CMS version 2.9.8.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 473683b302116f34c4110e38ba573093cfa43c5d3305886f1b74ea71622b0a90
Webedition CMS 2.9.8.8 Remote Code Execution
Posted Aug 4, 2023
Authored by Mirabbas Agalarov

Webedition CMS version 2.9.8.8 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | d97ddb9da17cdbd3bdce2deb167b5d2950190a32a5e3b3b47d26690bb5828528
Webutler 3.2 Shell Upload
Posted Aug 4, 2023
Authored by Mirabbas Agalarov

Webutler version 3.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 22d02e75820e61be78b6ffc04f11672c3e6212206e9a28a62c1a26954c521f0a
Red Hat Security Advisory 2023-4461-01
Posted Aug 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4461-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Issues addressed include buffer overflow and bypass vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057
SHA-256 | ddb2a0756d62f711c911cd8c4b53ad7d0583595b1b5733ac92ad7e20029e2119
Ubuntu Security Notice USN-6272-1
Posted Aug 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | ef29c04ae8e50638fee3aa1910c46999d0da17350681fbef567a0f2c8a994549
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close