exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 489 RSS Feed

Files Date: 2024-03-01 to 2024-03-31

xz/liblzma Backdoored
Posted Mar 29, 2024
Authored by Andres Freund

It has been discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Included in this archive are not only the advisory but additional data and a testing script to see if you're affected.

tags | advisory
advisories | CVE-2024-3094
SHA-256 | 24e782ee2711640bef44e50dae3e4bd40c2ec8ddbbf87dbc1461e7d4aa22e1db
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
Posted Mar 29, 2024
Authored by Charles FOL, Dylan Pindur, h00die-gr3y, Misterxid | Site metasploit.com

This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.

tags | exploit, remote, overflow, code execution, python
advisories | CVE-2022-26318
SHA-256 | 1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91
Debian Security Advisory 5649-1
Posted Mar 29, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.

tags | advisory
systems | linux, debian
advisories | CVE-2024-3094
SHA-256 | a36f16841d48439de0dca87969734d17803a93009098f4ca6fe3dd1c574bdc99
Debian Security Advisory 5648-1
Posted Mar 29, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-2625, CVE-2024-2626, CVE-2024-2627, CVE-2024-2628, CVE-2024-2629, CVE-2024-2630, CVE-2024-2631, CVE-2024-2883, CVE-2024-2885, CVE-2024-2886, CVE-2024-2887
SHA-256 | d045fe2df3a7b0da1744ec322c6841faa9dc1ec5194d51870e6e7ca36abd50d6
Soholaunch 4.9.4 r44 Shell Upload
Posted Mar 29, 2024
Authored by tmrswrr

Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02
Ubuntu Security Notice USN-6707-4
Posted Mar 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2024-1085, CVE-2024-1086
SHA-256 | 1e54ff144f57b2bd5a30a36e13436904969117b6a92329a52019596e2864df7a
Ubuntu Security Notice USN-6704-4
Posted Mar 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-23000, CVE-2023-32247, CVE-2024-1085, CVE-2024-1086, CVE-2024-24855
SHA-256 | 4c20532debf7fe54f300253a8836c32c86a73b576ba2f48d948c642e26473036
FoF Pretty Mail 1.1.2 Local File Inclusion
Posted Mar 29, 2024
Authored by Chokri Hammedi

The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 1dbbfbdf1a7bf4060fdff75fb8aff1ab0bc5375217ca00dc2d7c0cf611ab7316
FoF Pretty Mail 1.1.2 Server-Side Template Injection
Posted Mar 29, 2024
Authored by Chokri Hammedi

The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a server-side template injection vulnerability.

tags | exploit
SHA-256 | 256571d01cca1bc252f84933681faf1ff9f922f6835db1ae3b7bc099a7571ea6
FoF Pretty Mail 1.1.2 Command Injection
Posted Mar 29, 2024
Authored by Chokri Hammedi

The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a command injection vulnerability.

tags | exploit
SHA-256 | 7685501581e9f699e06c56b0eddcfccbd5e014e303d78ffd724d6a188077faa5
Intel PowerGadget 3.6 Local Privilege Escalation
Posted Mar 29, 2024
Authored by Julian Horoszkiewicz

Intel PowerGadget version 3.6 suffers from a local privilege escalation vulnerability.

tags | advisory, local
SHA-256 | 7c432edb9faa64203476b212e783bee97c24deb2ea70d71ff8bea318abd872fe
Red Hat Security Advisory 2024-1570-03
Posted Mar 29, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1570-03 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-25210
SHA-256 | fc473960b45c7dead718a19c5497a2d2cefaf2ace8dddbdd11c7ab3b3f104830
Ubuntu Security Notice USN-6715-1
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6715-1 - It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-1013
SHA-256 | 90500728052033e5941baa0debec66d17de2cf01ce56e1158e2523b231aff382
Ubuntu Security Notice USN-6719-1
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6719-1 - Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2024-28085
SHA-256 | ca6568bf9c3d47e1fa51be307d45564e306e622e9860f212c34d8a91f5a5e9de
Wireshark Analyzer 4.2.4
Posted Mar 28, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: pcap and pcapng have been updated.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 46bd0f4474337144b30816fb2d8f14e72a26d0391f24fe0b7b619acdcdad8c0c
Event Management 1.0 SQL Injection
Posted Mar 28, 2024
Authored by SoSPiro

Event Management version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5135d01cd318616d2a8b1711363d2378d7b2686ffcd1083f2936d0248e4164fd
util-linux wall Escape Sequence Injection
Posted Mar 28, 2024
Authored by Skyler Ferrante

The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.

tags | exploit, arbitrary
systems | linux, debian, ubuntu, centos
advisories | CVE-2024-28085
SHA-256 | c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077
IWCC 2024 Call For Papers
Posted Mar 28, 2024
Site ares-conference.eu

The 13th International Workshop on Cyber Crime, or IWCC, 2024 call for papers has been announced. It will take place July 30th through August 2nd, 2024 in Vienna, Austria.

tags | paper, conference
SHA-256 | 1733e3ae10dcafe0a95572942e32ff6c6d0ff3ba67769c57dd88c93c006e53e6
Circontrol Raption Buffer Overflow / Command Injection
Posted Mar 28, 2024
Authored by Dariusz Gonda, Abert Spruyt, Alex Salvetti

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.

tags | exploit, web, overflow, root
advisories | CVE-2020-8006, CVE-2020-8007
SHA-256 | 2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0
FusionPBX Session Fixation
Posted Mar 28, 2024
Authored by Yogesh Bhandage

FusionPBX suffers from a session fixation vulnerability.

tags | exploit
SHA-256 | 80babf076c9e7398fb72180f2da01bce706e004dd86503ce23c6645034cb5d21
Apple Security Advisory 03-25-2024-1
Posted Mar 28, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 03-25-2024-1 - Safari 17.4.1 addresses code execution and out of bounds write vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2024-1580
SHA-256 | f471ba7362f0f2b90319b73a7dc453ffcc58fe3527cb6cd08febf40e4748b5be
Red Hat Security Advisory 2024-1557-03
Posted Mar 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1557-03 - An update is now available for Red Hat OpenShift Builds 1.0. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | d29131168c6739c5f0e4cc9ca1fc6e36a8598723c0d447439443d07a778f5f03
Red Hat Security Advisory 2024-1555-03
Posted Mar 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1555-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-21404
SHA-256 | d54151bacb05204bba9e5815332d0b2dc57e10762149b6a53a140110b66a0156
Red Hat Security Advisory 2024-1554-03
Posted Mar 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1554-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-21404
SHA-256 | 83824ae558a589ad40270cf3400f18a45b628d62f041edcab023885a5dd3d023
Dell Security Management Server Privilege Escalation
Posted Mar 28, 2024
Authored by Amirhossein Bahramizadeh

Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2023-32479
SHA-256 | 265530e02c210729e3640de0f5f23192ea5b21cae936f5ed87be61a93898f695
Page 1 of 20
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close