exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2023-09-27

Microsoft Error Reporting Local Privilege Elevation
Posted Sep 27, 2023
Authored by bwatters-r7, Filip Dragovic, Octoberfest7 | Site metasploit.com

This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary executable as SYSTEM. If the current user is a local admin, the system will attempt impersonation and the exploit will fail.

tags | exploit, arbitrary, local
systems | windows
advisories | CVE-2023-36874
SHA-256 | a872f68c00626fe384e850bbe5b416e5a094fcbf5639c9f1deb5248fc85413ca
Everlasting ROBOT: The Marvin Attack
Posted Sep 27, 2023
Authored by Hubert Kario | Site people.redhat.com

Whitepaper called Everlasting ROBOT: the Marvin Attack. In this paper, the author shows that Bleichenbacher-style attacks on RSA decryption are not only still possible, but also that vulnerable implementations are common. The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key.

tags | paper
SHA-256 | 11fd5f5eb17765f91bb0b2d7fe6530d7a6e1e20781250cc9cc5e701006d329c9
Ubuntu Security Notice USN-6399-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6399-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2023-40175
SHA-256 | 95522cf54b015802183133101cb54cb3a750d70263f84472aaa0bb06bd499190
Ubuntu Security Notice USN-6398-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6398-1 - It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes.

tags | advisory, remote, web, overflow, local
systems | linux, ubuntu
advisories | CVE-2022-26505, CVE-2023-33476
SHA-256 | e6b9c23be1704ff9683c7ec1e7ebad7ae3586cc6f747aba35595f86f21361f68
Ubuntu Security Notice USN-6387-2
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6387-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-40283, CVE-2023-4128
SHA-256 | f996b052a5d8a42382af173d99592c385d1379e5d06dd710df420741bae776f9
Ubuntu Security Notice USN-6397-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-2002, CVE-2023-20593, CVE-2023-21255, CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776
SHA-256 | d13a796719bdfb63b4fcf139769434d3580bd60dc34168be371834a19bf9ba32
Ubuntu Security Notice USN-6396-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6396-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.

tags | advisory, x86, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-40982, CVE-2023-3212, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128
SHA-256 | 04f83418015d33b3205d491de8dc8ecd62f2ec112f80bc56af999e0c615748fa
Red Hat Security Advisory 2023-5353-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5353-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include an out of bounds write vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804
SHA-256 | c67c9e25c41c667cdd202f6279b38de5026dd196c6d6df73efb86391089e0220
Red Hat Security Advisory 2023-5362-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5362-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | 495a3f24d2632110634309010865240af57a5ea7b556b056d308808eae784582
Red Hat Security Advisory 2023-5361-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | d17f1315e979971a3621829636966df0e1f09cfbdf28fa99e162ce75d2223793
Red Hat Security Advisory 2023-5360-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5360-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | e81e319d29d715b4f89864cf976c9fc33fedd006c1df0d2ae413f8194ec09eff
Red Hat Security Advisory 2023-5363-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5363-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | c847a25ac05fb577d9d312fccc92714b065a2a75511c21413ff647b9c3fbba48
Ubuntu Security Notice USN-6361-2
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6361-2 - USN-6361-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-32360
SHA-256 | f9123a1386f6662e1350f22ae5fb3bbd57fb7d15a29172383d63f7a7ec323c1e
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close