what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2023-10-13

PyTorch Model Server Registration / Deserialization Remote Code Execution
Posted Oct 13, 2023
Authored by Spencer McIntyre, Guy Kaplan, Swapneil Kumar Dash, Idan Levcovich, Gal Elbaz | Site metasploit.com

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the documentation suggests. The second vulnerability (CVE-2023-43654) allows attackers with access to the management interface to register MAR model files from arbitrary servers. The third vulnerability is that when an MAR file is loaded, it can contain a YAML configuration file that when deserialized by snakeyaml, can lead to loading an arbitrary Java class.

tags | exploit, java, remote, arbitrary, vulnerability, code execution
advisories | CVE-2022-1471, CVE-2023-43654
SHA-256 | 8f8eaa5fb149254fafc287442e21135c92b2e8d534cc824ab39c2e34d6b3afb6
Apache Superset 2.0.0 Remote Code Execution
Posted Oct 13, 2023
Authored by h00die, Spencer McIntyre, Naveen Sunkavally, paradoxis | Site metasploit.com

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user. From there the Superset database is mounted, and credentials are pulled. A dashboard is then created. Lastly a pickled python payload can be set for that dashboard within Superset's database which will trigger the remote code execution. An attempt to clean up ALL of the dashboard key values and reset them to their previous values happens during the cleanup phase.

tags | exploit, remote, web, code execution, python
advisories | CVE-2023-27524, CVE-2023-37941, CVE-2023-39265
SHA-256 | 0cf3211c0a88b94f22c56bd68535a69b15419a4e9c97ce50b1d180e75e44b6be
Debian Security Advisory 5522-2
Posted Oct 13, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5522-2 - The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.

tags | advisory, web
systems | linux, debian
advisories | CVE-2023-44487
SHA-256 | b17a58234680a0c5aafdce8c0723d0bcd3b37e52e58f503e9d474637684d07e9
Debian Security Advisory 5527-1
Posted Oct 13, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

tags | advisory, web, arbitrary, code execution
systems | linux, debian, apple
advisories | CVE-2023-39928, CVE-2023-41074, CVE-2023-41993
SHA-256 | d62707100da90e7c8560c32373576a042f7f047cdbc704242f9e1e1c250d8e49
Debian Security Advisory 5526-1
Posted Oct 13, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5526-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2023-5218, CVE-2023-5473, CVE-2023-5474, CVE-2023-5475, CVE-2023-5476, CVE-2023-5477, CVE-2023-5478, CVE-2023-5479, CVE-2023-5481, CVE-2023-5483, CVE-2023-5484, CVE-2023-5485, CVE-2023-5486, CVE-2023-5487
SHA-256 | 46cb308795f98ff9a9e444ff6b114afd63592578e7be19a637bbd471ef7fa013
Ubuntu Security Notice USN-6430-1
Posted Oct 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6430-1 - It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly managed memory in avienc.c, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash.

tags | advisory, denial of service, overflow, memory leak
systems | linux, ubuntu
advisories | CVE-2020-22024, CVE-2020-22039, CVE-2020-22040, CVE-2020-22043, CVE-2020-22051, CVE-2021-28429
SHA-256 | a9bea8d9dd97428bdd2ea53fcb4eb96bd03d9a8ab7cb54d086ba322153be089b
Zed Attack Proxy 2.14.0 Cross Platform Package
Posted Oct 13, 2023
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: This is a bug fix and enhancement release.
tags | tool, web, vulnerability
SHA-256 | 8bc475c2f1976446e2ec37b9bacaeed0a1281185988e689a24187b9c60aa57dd
WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution
Posted Oct 13, 2023
Authored by James Golovich, Rafie Muhammad, WhiteCyberSec, Marc Montpas, Edouard L, s5s, JB Audras, Jorge Costa, raouf_maklouf, mascara7784 | Site wordfence.com

WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.

tags | exploit, denial of service, arbitrary, vulnerability, code execution, xss
SHA-256 | 2747a0842119425378a1378f7692a4eca0ef390a27497cfbb5b9ecd9e53c5e9f
Red Hat Security Advisory 2023-5693-01
Posted Oct 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5693-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements, and bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-14041
SHA-256 | 5e334ae5cb85d19e4502e2bc3385953e429ad7cb7b4a7d84e357ef357f9d9e7d
Red Hat Security Advisory 2023-5691-01
Posted Oct 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5691-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-3341
SHA-256 | ef0fccfa13f0088c8c7983b6384bc122d539eeec962b4c7c6f446bebe2021f98
Red Hat Security Advisory 2023-5690-01
Posted Oct 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5690-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-3341
SHA-256 | db57c7cd9d1e1aef9441327061772b925a649c708263740e311af85b1caaee97
Red Hat Security Advisory 2023-5689-01
Posted Oct 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5689-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-3341
SHA-256 | 9f89b632a4ba1ce9ee66daefae3bbd565e3b847365e39bd7efcbb103eec4bde1
Red Hat Security Advisory 2023-5684-01
Posted Oct 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5684-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-32081
SHA-256 | 90de0004fabd733584101d437339e92fa20c8e5c47a7a65727e7f4b3dc0dea28
Red Hat Security Advisory 2023-5683-01
Posted Oct 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5683-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-32081
SHA-256 | aa0cc3c92d4a0914111a9b44403ed2e95627f4e3f73acdb3afed7adfc50f9bde
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close