exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 417 RSS Feed

Files Date: 2023-09-01 to 2023-09-30

JetBrains TeamCity Unauthenticated Remote Code Execution
Posted Sep 29, 2023
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource.

tags | exploit, remote, code execution, bypass
advisories | CVE-2023-42793
SHA-256 | 9b42a137d2171272114f4f82b7d3c86e4a6e0716fd13735f9ad8df778b17a4bc
Ubuntu Security Notice USN-6386-2
Posted Sep 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-40283, CVE-2023-4128, CVE-2023-4569
SHA-256 | 7cd557b2e2e3d2b14432e8c2e2789eb58ccb6872a0ba1afc3e86b015c5384f97
Gentoo Linux Security Advisory 202309-14
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-14 - Multiple vulnerabilities have been found in libarchive, the worst of which could result in denial of service. Versions greater than or equal to 3.7.1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2022-36227
SHA-256 | 0c68724ab33b1fa85eb11d7e8beb4f8cd4cb0ea227f142ba86cf3387cac5a5b2
Gentoo Linux Security Advisory 202309-13
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-13 - A buffer overflow vulnerability has been found in GMP which could result in denial of service. Versions greater than or equal to 6.2.1-r2 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2021-43618
SHA-256 | 4ed604814a817a9d13072456fb95a9e3a93708a17baecb671f31c507796d1c13
Gentoo Linux Security Advisory 202309-12
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-12 - Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation. Versions greater than or equal to 1.9.13_p2 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2023-27320, CVE-2023-28486, CVE-2023-28487
SHA-256 | b940b3b516fd26ec5cc5512a463203093e3dfccdc1c85bd20bb756f9fa018e43
Gentoo Linux Security Advisory 202309-11
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-11 - Multiple vulnerabilities have been found in libsndfile, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.1.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-3246, CVE-2021-4156
SHA-256 | 61d3be875284b445f1c277826c77b90685e675313e19da3b45afa72eacb5788e
Gentoo Linux Security Advisory 202309-10
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-10 - A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code Versions greater than or equal to 3.4.0 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2022-20001
SHA-256 | 572a7590ab409c9281cc1134af84314a58fce56fff13669b0c5444acd01a34e6
Gentoo Linux Security Advisory 202309-09
Posted Sep 29, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-9 - Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in root privilege escalation. Versions greater than or equal to 2.0.5_rc2 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2018-16877, CVE-2018-16878, CVE-2019-3885, CVE-2020-25654
SHA-256 | 83230435490a2f87299de357c01862d8ce15a18f158d7d5d9815b00668d7dd10
Debian Security Advisory 5507-1
Posted Sep 29, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.

tags | advisory, java, web, vulnerability
systems | linux, debian
advisories | CVE-2023-26048, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
SHA-256 | add9ce48f70949f251aaf9dc376f273010c354d922fa240e65e58d7f6bb3685a
Red Hat Security Advisory 2023-5405-01
Posted Sep 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-40284
SHA-256 | 61b9ae5f5834076931830deb713732d45ab5e8855b2ea683c9d5440e98b32ee8
Debian Security Advisory 5506-1
Posted Sep 29, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2023-5169, CVE-2023-5171, CVE-2023-5176
SHA-256 | 18b459d841c3090b650f653a600f68d9946039a5cb0783b9ed0a8872fac2f6d6
Microsoft Windows Kernel Refcount Overflow / Use-After-Free
Posted Sep 29, 2023
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel does not reset security cache during self-healing, leading to refcount overflow and use-after-free conditions.

tags | exploit, overflow, kernel
systems | windows
advisories | CVE-2023-38139
SHA-256 | 4eb4fd48ea37a8b3e89dd2a59229350611f16a4367ff0dcf43fef634da02c00c
Red Hat Security Advisory 2023-5396-01
Posted Sep 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5396-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-45047, CVE-2023-34462, CVE-2023-35116, CVE-2023-35887, CVE-2023-3628, CVE-2023-3629, CVE-2023-5236
SHA-256 | 5388c15c1be8ba9a9c861d5cffb8e69e29258e619854a33049b6445639365da7
Ubuntu Security Notice USN-6369-2
Posted Sep 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6369-2 - USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-4863
SHA-256 | 51f6c3cc4ed211708061f694136a6cc8e3fd0a845d39646066ba11d561f3053f
Red Hat Security Advisory 2023-5379-01
Posted Sep 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5379-01 - Network Observability 1.4.0. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-2602, CVE-2023-2603, CVE-2023-26115, CVE-2023-28321, CVE-2023-28322, CVE-2023-28484, CVE-2023-29469
SHA-256 | 2d6fbc492e175e1c827d748108c91f9a5fc1a72f3a137ab6a7f8546bc8427c43
Ubuntu Security Notice USN-6400-1
Posted Sep 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6400-1 - It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information.

tags | advisory, cryptography, python
systems | linux, ubuntu
advisories | CVE-2022-48566
SHA-256 | 78f05f302971fdd61c41b154c5089eddceaa4838a9b6ffba2b409c27fe5f9ad4
Red Hat Security Advisory 2023-5376-01
Posted Sep 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-24540, CVE-2023-2602, CVE-2023-2603, CVE-2023-26115, CVE-2023-30630, CVE-2023-34969, CVE-2023-3899
SHA-256 | b218685d6f71f604db3b6476bca35e7a3a832105b68b5274ac7e5ac4ed22b616
Microsoft Error Reporting Local Privilege Elevation
Posted Sep 27, 2023
Authored by bwatters-r7, Filip Dragovic, Octoberfest7 | Site metasploit.com

This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary executable as SYSTEM. If the current user is a local admin, the system will attempt impersonation and the exploit will fail.

tags | exploit, arbitrary, local
systems | windows
advisories | CVE-2023-36874
SHA-256 | a872f68c00626fe384e850bbe5b416e5a094fcbf5639c9f1deb5248fc85413ca
Everlasting ROBOT: The Marvin Attack
Posted Sep 27, 2023
Authored by Hubert Kario | Site people.redhat.com

Whitepaper called Everlasting ROBOT: the Marvin Attack. In this paper, the author shows that Bleichenbacher-style attacks on RSA decryption are not only still possible, but also that vulnerable implementations are common. The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key.

tags | paper
SHA-256 | 11fd5f5eb17765f91bb0b2d7fe6530d7a6e1e20781250cc9cc5e701006d329c9
Ubuntu Security Notice USN-6399-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6399-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2023-40175
SHA-256 | 95522cf54b015802183133101cb54cb3a750d70263f84472aaa0bb06bd499190
Ubuntu Security Notice USN-6398-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6398-1 - It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes.

tags | advisory, remote, web, overflow, local
systems | linux, ubuntu
advisories | CVE-2022-26505, CVE-2023-33476
SHA-256 | e6b9c23be1704ff9683c7ec1e7ebad7ae3586cc6f747aba35595f86f21361f68
Ubuntu Security Notice USN-6387-2
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6387-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-40283, CVE-2023-4128
SHA-256 | f996b052a5d8a42382af173d99592c385d1379e5d06dd710df420741bae776f9
Ubuntu Security Notice USN-6397-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-2002, CVE-2023-20593, CVE-2023-21255, CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776
SHA-256 | d13a796719bdfb63b4fcf139769434d3580bd60dc34168be371834a19bf9ba32
Ubuntu Security Notice USN-6396-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6396-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.

tags | advisory, x86, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-40982, CVE-2023-3212, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128
SHA-256 | 04f83418015d33b3205d491de8dc8ecd62f2ec112f80bc56af999e0c615748fa
Red Hat Security Advisory 2023-5353-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5353-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include an out of bounds write vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804
SHA-256 | c67c9e25c41c667cdd202f6279b38de5026dd196c6d6df73efb86391089e0220
Page 1 of 17
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close