exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 74 RSS Feed

Files Date: 2024-01-31

XenForo 2.2.13 ArchiveImport.php Zip Slip
Posted Jan 31, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.

tags | exploit, php
SHA-256 | 5deccbdac2cfe207ec995833b611569397b53b3acedb61fbd211edfe7bb16b0d
Gentoo Linux Security Advisory 202401-34
Posted Jan 31, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-2312, CVE-2023-2929, CVE-2023-2930, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-2937, CVE-2023-2938, CVE-2023-2939, CVE-2023-2940, CVE-2023-2941
SHA-256 | 7972c2b3410fb4ff7bc260ff0dcbf543f3953812125be87b697341fdd176fb86
Gentoo Linux Security Advisory 202401-33
Posted Jan 31, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-32359, CVE-2023-35074, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41983, CVE-2023-41993, CVE-2023-42852, CVE-2023-42890
SHA-256 | aa36ce21418779dc73ee4b50c45088af85854e82235821b227c27d737eef992f
TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 allows an unauthorized user to change passwords.

tags | exploit
SHA-256 | 1a66ae97399735bad2659eadafe4e686cf03efee1ac0274553f2b7dbf758023d
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations.

tags | exploit
SHA-256 | 83533dbc84d20eb18eca133e9837ec480db912786b98b95f7685d6c1337c524c
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.

tags | exploit, web
SHA-256 | 4ca01a27bd0ca6409f7d71dc7c9c036577b1fa85f80f0723476544a5ed69de48
TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.

tags | exploit, remote, web, root, code execution
SHA-256 | 46341d10fda6afba8c75a394bb4b32d1f7ec8fe113f6eab57560a1e8d79ab38a
glibc syslog() Heap-Based Buffer Overflow
Posted Jan 31, 2024
Authored by Qualys Security Advisory

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).

tags | exploit, advisory, overflow
advisories | CVE-2023-6246
SHA-256 | 848273d3a06e2a275e111a84edea6cdd3e2e29de8b47a4efd45b2d0d9c53c768
undefinedglibc qsort() Out-Of-Bounds Read / Writeundefined
Posted Jan 31, 2024
Authored by Qualys Security Advisory

Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check. To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsort()). They have not tried to find such a vulnerable program in the real world. All glibc versions from at least September 1992 (glibc 1.04) to the current release (glibc 2.38) are affected, but the glibc's developers have independently discovered and patched this memory corruption in the master branch.

tags | exploit, advisory
advisories | CVE-2023-6246
SHA-256 | f022f88e03996ad79c15bbc5396c143469581fda50195569cb1d3981ecc6fad8
Debian Security Advisory 5611-1
Posted Jan 31, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2023-6246, CVE-2023-6779, CVE-2023-6780
SHA-256 | b706fe5111adeb5e4961a0c6b856dd95656c158ab3611e3f050084786321653f
Gentoo Linux Security Advisory 202401-32
Posted Jan 31, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-32 - Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. Versions greater than or equal to 3.2.0 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2020-36129, CVE-2020-36130, CVE-2020-36131, CVE-2020-36133, CVE-2020-36134, CVE-2020-36135, CVE-2021-30473, CVE-2021-30474, CVE-2021-30475
SHA-256 | a52cd36be2d1302497da4fc21f25b35c4aacc7187ee873bcd2b79d101c6ef6dc
Trojan.Win32 BankShot MVID-2024-0669 Buffer Overflow
Posted Jan 31, 2024
Authored by malvuln | Site malvuln.com

Trojan.Win32 BankShot malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow, trojan
systems | windows
SHA-256 | 2b3c4192b5308c166c2374b9f23ce4208ceaa4819ae053e8b33695622996db4a
Ubuntu Security Notice USN-6591-2
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6591-2 - USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-51764
SHA-256 | 4babe964a075f29aecde00f0223d7790a3f252d1959a3b8d3883b4b8fdb53043
War-FTPD 1.65 Denial Of Service
Posted Jan 31, 2024
Authored by Fernando Mengali

War-FTPD version 1.65 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 22f39f8f63064cd1849310c3eac793882db81d3f683dc43c7173eddde1a39ef0
Solar FTP Server 2.1.1 Denial Of Service
Posted Jan 31, 2024
Authored by Fernando Mengali

Solar FTP Server version 2.1.1 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 9a8b87b9f674b48dc76c06c221a62e6cfd9cba97b7de68aeba315327728d8965
Gentoo Linux Security Advisory 202401-31
Posted Jan 31, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-31 - Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation. Versions greater than or equal to 1.6.14 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2021-32760, CVE-2021-41103, CVE-2022-23471, CVE-2022-23648, CVE-2022-24769, CVE-2022-31030
SHA-256 | 340e890e584a72be161ce1a3ca689044b98f4c14c7bc18bb98943aa01d4f4ea1
Gentoo Linux Security Advisory 202401-30
Posted Jan 31, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-30 - Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution. Versions greater than or equal to 21.1.11 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-5367, CVE-2023-5380, CVE-2023-6377, CVE-2023-6478, CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409, CVE-2024-21885, CVE-2024-21886
SHA-256 | 545eafd3a0b182303f26482ca1690edf1334c8c351327115bef40159e3e46634
Ubuntu Security Notice USN-6609-2
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6609-2 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 90e5bb44984356d7a386775f103d92a062be991ce97239a371424c2e4b094982
Ubuntu Security Notice USN-6617-1
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6617-1 - It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-21594, CVE-2020-21598, CVE-2020-21599, CVE-2020-21600, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21606
SHA-256 | 9e3e8cbd9c3a3debf8e66f4b40678f8bde1c3f0e39247249c77cb21c1b7d84c0
Mirth Connect 4.4.0 Remote Command Execution
Posted Jan 31, 2024
Authored by r00t, Spencer McIntyre, Naveen Sunkavally | Site metasploit.com

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was patched in Mirth Connect version 4.4.1. This Metasploit module has been tested on versions 4.1.1, 4.3.0 and 4.4.0.

tags | exploit, web
advisories | CVE-2023-37679, CVE-2023-43208
SHA-256 | c858fd93ded0a54a221c8cbb76027c1a54979c692f2f5ec5173f8b90a63ff30f
Ubuntu Security Notice USN-6618-1
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6618-1 - It was discovered that Pillow incorrectly handled certain long text arguments. An attacker could possibly use this issue to cause Pillow to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Duarte Santos discovered that Pillow incorrectly handled the environment parameter to PIL.ImageMath.eval. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-44271, CVE-2023-50447
SHA-256 | 6448149912590caa887d2ebc19423b952b66138a002ef70624bb7db6564df7f6
Ubuntu Security Notice USN-6587-3
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6587-3 - USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409, CVE-2024-21885, CVE-2024-21886
SHA-256 | b4b93cec425e2cc7f4d786e873efc8d2eb7ef34f9060a322512d712a2d7cef3d
Ubuntu Security Notice USN-6616-1
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6616-1 - It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-2953
SHA-256 | 58feec907b4e16ef949d9778289eb726ad1bb84fbd2113fcdc82d8e1f2846cca
Ubuntu Security Notice USN-6615-1
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6615-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.36 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2024-20960, CVE-2024-20964, CVE-2024-20969, CVE-2024-20973, CVE-2024-20978, CVE-2024-20984
SHA-256 | bd770e0968e25cce6026743b39dc98126dd79d99593c23336f6af6d650a7c809
OpenSSL Toolkit 3.2.1
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The latest stable version is the 3.2 series supported until 23rd November 2025.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close