what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2023-08-09

EuroTel ETL3100 Transmitter Information Disclosure
Posted Aug 9, 2023
Authored by LiquidWorm | Site zeroscience.mk

The EuroTel ETL3100 TV and FM transmitters suffer from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.

tags | exploit
SHA-256 | 16066a6818e6e4e0cbff4c06a01f3d229bdf94f93186113a922c895f6d2698ab
EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference
Posted Aug 9, 2023
Authored by LiquidWorm | Site zeroscience.mk

The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.

tags | exploit
SHA-256 | cc86fe1ce248afc0a0a39f2572e3ebbe5c33449e3144ca2a530416b9b690998a
EuroTel ETL3100 Transmitter Default Credentials
Posted Aug 9, 2023
Authored by LiquidWorm | Site zeroscience.mk

EuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

tags | exploit, remote
SHA-256 | 01968fa2229cd900e82c526109f7fea321b1e471640bb99f50efbca8c488e208
Ubuntu Security Notice USN-6279-1
Posted Aug 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6279-1 - It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm.

tags | advisory
systems | linux, ubuntu
SHA-256 | 7befc2a9d8c44b378644d28fbc5589a12c2f82aca9b932476de506d8fbeab810
Debian Security Advisory 5473-1
Posted Aug 9, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5473-1 - It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2023-33466
SHA-256 | 13f4ff90f65eb975703959742a0e15a689101fcd01605d6c6a6650c79c18cdbf
Metabase Remote Code Execution
Posted Aug 9, 2023
Authored by h00die, Shubham Shah, Maxwell Garrett | Site metasploit.com

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created with a TRIGGER that allows for code execution. We use a sample database for our connection string to prevent corrupting real databases. Successfully tested against Metabase 0.46.6.

tags | exploit, code execution
advisories | CVE-2023-38646
SHA-256 | 0a49c9f4d4d3d065adc61a8d542b1a3379563811b2a4fdfe39b4bc3102f9d059
Ubuntu Security Notice USN-4336-3
Posted Aug 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4336-3 - USN-4336-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-9742, CVE-2017-9756
SHA-256 | 0f0785948b31ace2d42ec0b363566447502dc3e0f032ab3e30c71a1880907716
Ubuntu Security Notice USN-6278-1
Posted Aug 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, code execution
systems | linux, ubuntu
advisories | CVE-2023-35390, CVE-2023-38178, CVE-2023-38180
SHA-256 | 398492662e44a0c763fee25f39cae11943767ba032c8f6482dec1ab6f6617eaf
Pyro CMS 3.9 Server-Side Template Injection
Posted Aug 9, 2023
Authored by Daniel Barros

Pyro CMS version 3.9 suffers from a server-side template injection vulnerability.

tags | exploit
advisories | CVE-2023-29689
SHA-256 | b4222e8a44749f81693f1c9d7b2c399f369bc23d6b78bbd59924ce9c0a518081
Debian Security Advisory 5472-1
Posted Aug 9, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5472-1 - It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object.

tags | advisory
systems | linux, debian
advisories | CVE-2023-37464
SHA-256 | e815ed796d98716daec24718d9f1e8fca1f08e0f4680903994da1dabbc41af77
Ubuntu Security Notice USN-6276-1
Posted Aug 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6276-1 - It was discovered that unixODBC incorrectly handled certain unicode to ansi copies. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-7409
SHA-256 | 6fd45d1918afaa900a6e70465f1779035cd46177c82a3b9a456f1656ce4c1b08
Red Hat Security Advisory 2023-4571-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4571-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

tags | advisory, udp, tcp
systems | linux, redhat
advisories | CVE-2023-38403
SHA-256 | 649b4756ae9affefac4a3eff17b9062a43ac79ec7d41e42dc8384364fe8203a5
Emagic Data Center Management Suite 6.0 Remote Command Execution
Posted Aug 9, 2023
Authored by thewhiteh4t, Shubham Pandey

Emagic Data Center Management Suite version 6.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2023-37569
SHA-256 | 1d50c321ee6832e20eb2a71f877d5a9a9ada4c378ca03a610f698cccda5baa0e
Red Hat Security Advisory 2023-4569-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4569-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-34969
SHA-256 | 532c4fbf019524998ac4f30914e694f4a2616c313f9ad3906aa91dff42700b3f
Red Hat Security Advisory 2023-4575-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089, CVE-2023-38408
SHA-256 | a98593a8060ade811648ba5d5dd712824690b84a705e28c8fe1981b12209ee79
PHPJabbers Vacation Rental Script 4.0 Cross Site Request Forgery
Posted Aug 9, 2023
Authored by Hasan Ali YILDIR

PHPJabbers Vacation Rental Script version 4.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0c74e788b1e03344573d579afe7ad511042a1c481a797e566edd00c973203c42
Red Hat Security Advisory 2023-4576-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-35252, CVE-2022-36227, CVE-2022-43552, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089, CVE-2023-38408
SHA-256 | b9b138ef5ed2017d1d6071fb95c69743b0800e58f2f41055d4d6bcb0d2caee06
Lucee 5.4.2.17 Cross Site Scripting
Posted Aug 9, 2023
Authored by Yehia Elghaly

Lucee version 5.4.2.17 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | da2d29ded40481e4c2dc5ccb687e50901b85f3d25e305ae8bab1983aed0341d9
Red Hat Security Advisory 2023-4570-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4570-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

tags | advisory, udp, tcp
systems | linux, redhat
advisories | CVE-2023-38403
SHA-256 | ca67723896efb65cc2a82478887d080ba1577972b840b76d2d81df90a22d1ec9
eHato CMS 1.0 Cross Site Scripting
Posted Aug 9, 2023
Authored by indoushka

eHato CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 288795acae37e9889703f9a9e13f4dc91e382a11ff20d9b6c617e50c574fefb2
Dexx CMS HTML And Site Builder 2.2.3 XSS / Arbitrary File Upload
Posted Aug 9, 2023
Authored by indoushka

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
SHA-256 | afad1c220fc9a0f9c55b16ff2ee432a14c6bcfdc35bd7e270945acd8f3ea9e17
DevSoft Arge Bilişim CMS 1.0.0 Cross Site Scripting
Posted Aug 9, 2023
Authored by indoushka

DevSoft Arge Bilişim CMS version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 67272756c10ccd80820dcdc8958e030b5c08f1c3aa5baaea2b17f8a2dea08a45
Desenvolvido Buscazip Guiaking CMS 1.0 Cross Site Scripting
Posted Aug 9, 2023
Authored by indoushka

Desenvolvido Buscazip Guiaking CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b7814560f8a656d8237f757412df185c3b0f95717762621b740327fbb08e94c6
Deprixa 3.2.5 SQL Injection
Posted Aug 9, 2023
Authored by indoushka

Deprixa version 3.2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | bd01df16d1b4c68e65363a4a7bd1cf83c59687b4040c494ab5f0b59d540d6de1
Datoo Complete Dating Script 1.0 HTML Injection
Posted Aug 9, 2023
Authored by indoushka

Datoo Complete Dating Script version 1.0 suffers from an html injection vulnerability.

tags | exploit
SHA-256 | 6ff697689f7bbcad80da1988a407104f2abbe6fedf40761d39996b8f78276efc
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close