exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 209 RSS Feed

Files Date: 2024-06-01 to 2024-06-30

TestSSL 3.0.9
Posted Jun 14, 2024
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Fixed bash 5 issue when encountering a short server key extension. Fixed HTML issue when using bash 5. CAA DNS records are now not being queried when nodns is set. MongoDB identification fix. Sanity check when user has broken umask to avoid runtime errors. Fixed for newer grep versions. 8 additional updates.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 75ecbe4470e74f9ad17f4c4ac733be123b0f67d676ed24cc2b30adb41561e05f
Ubuntu Security Notice USN-6834-1
Posted Jun 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6834-1 - It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-42392, CVE-2022-23221
SHA-256 | a4f242b0016b3924ded04be334e612db695280fdeb8a7ba3643eaacc3a470aee
Ubuntu Security Notice USN-6833-1
Posted Jun 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6833-1 - Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this issue to consume resources, leading to a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2024-37535
SHA-256 | 8956f2acd76954b678bc58aa3f277e6a000b2244a7143ab50fb5939dc29ded84
Ubuntu Security Notice USN-6832-1
Posted Jun 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6832-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-31607, CVE-2023-31611, CVE-2023-31615, CVE-2023-31616, CVE-2023-31619, CVE-2023-31623
SHA-256 | 434f0a9b71e494daacdc7a83f0cb6d78373c1290c01dfa7008dc71d6637b953c
Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting
Posted Jun 14, 2024
Authored by Sajibe Kanti

Premium Support Tickets For WHMCS version 1.2.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0b98e620a6ee83502076b64abb1b54bea994147d96f0c0f880577b2df8b36393
Red Hat Security Advisory 2024-3929-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3929-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-50387
SHA-256 | 93f36d20c1e5ebbb9e533b0fd915fba35c52ef1823eae074c1d0d4315e22dfe2
Red Hat Security Advisory 2024-3927-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3927-03 - A new container image for Red Hat Ceph Storage 7.1 is now available in the Red Hat Ecosystem Catalog.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 2a34112f7e1e0cd7312b6bcfdaede6f66f1ddaa933d2c4670c126974da2d0af9
Red Hat Security Advisory 2024-3926-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3926-03 - An update for expat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-52425
SHA-256 | c428c22ea2eaf3f0c60ad9f14332f6e3ec99734d633db8d58912cbc537a46162
Red Hat Security Advisory 2024-3920-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3920-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a password leak vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-45857
SHA-256 | 9117dec50690aed76c7ff974632195c0142cc4d49fe07d3d77127e1d167877d4
Red Hat Security Advisory 2024-3919-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3919-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and spoofing vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2023-4639
SHA-256 | fabf9df085e55fbd0dcc97e28bc47009a9d5605b267929b713daa729f4a8542e
AEGON LIFE 1.0 Cross Site Scripting
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-36599
SHA-256 | 7eceb05ddd8cbd642dccde5405d50cae94f5207cbef2af0b913bb1a391ba70ac
AEGON LIFE 1.0 Remote Code Execution
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2024-36598
SHA-256 | 83c0b6f07fa2bbbfc9a1b6c65faabffb8275dcc2b2ae437176e0a02402bfdb89
AEGON LIFE 1.0 SQL Injection
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-36597
SHA-256 | 646d1cf7442ad77863005127a29e4531ed5bd8d4bad908c80a867f32a4734921
PHP Remote Code Execution
Posted Jun 14, 2024
Authored by Yesith Alvarez

PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2024-4577
SHA-256 | 6d8851066f1e1d5a5aa1172f697d6dfd3debd910db8f3f51cfdc80ab2a6cb6ae
Telerik Report Server Authentication Bypass / Remote Code Execution
Posted Jun 13, 2024
Authored by unknown, Soroush Dalili, Spencer McIntyre, SinSinology | Site metasploit.com

This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with administrative privileges. The USERNAME datastore option can be used to authenticate with an existing account to prevent the creation of a new one. The deserialization flaw works by uploading a specially crafted report that when loaded will execute an OS command as NT AUTHORITY\SYSTEM. The module will automatically delete the created report but not the account because users are unable to delete themselves.

tags | exploit, remote, code execution, bypass
advisories | CVE-2024-1800, CVE-2024-4358
SHA-256 | c8284cfa43ce5539a8a2a273491db985cf3ca1e11f9f79a70c88e33e5ddb8d98
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
Posted Jun 13, 2024
Authored by sfewer-r7, Arseniy Sharoglazov | Site metasploit.com

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work against version 2.4.0 RC7 and 2.3m. The Rejetto HTTP File Server (HFS) version 2.x is no longer supported by the maintainers and no patch is available. Users are recommended to upgrade to newer supported versions.

tags | exploit, remote, web
SHA-256 | 29d14f6071280a078aaa483b26d55eb3225942a4f52062387eda88f7c815b725
Cacti Import Packages Remote Code Execution
Posted Jun 13, 2024
Authored by EgiX, Christophe de la Fuente | Site metasploit.com

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2024-25641
SHA-256 | f1f588ee0ed499b26894cbffe269abc74a129bb2bc296920c54da9fcdb577639
Lost And Found Information System 1.0 Cross Site Scripting
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-37859
SHA-256 | 075bae0f3073aeafd6f4cb516ed784fe8d11ba07aa216df25c0eb9c8235cf759
Lost And Found Information System 1.0 SQL Injection
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from an unauthenticated blind boolean-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-37857
SHA-256 | 3796699636db1b0ff0332312ce70a691d39ad5fa4910b34b95ffd93614717ad6
Lost And Found Information System 1.0 SQL Injection
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from an unauthenticated blind time-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-37858
SHA-256 | 7aedced0fdccf4a2850ec7db755dae9b61e52dc3f3c4359c11d7d251b16756f9
Lost And Found Information System 1.0 Cross Site Scripting
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-37856
SHA-256 | df973d3074e051a08dcb9a9e07fa3df6582f74a0030c02786fb1aedfa590b1c4
Debian Security Advisory 5709-1
Posted Jun 13, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5709-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702
SHA-256 | c2910ec4cc30703a12d312a112edb843f49618f603c0a026191280e7dddfef3a
Ubuntu Security Notice USN-6829-1
Posted Jun 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6829-1 - It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-1515
SHA-256 | 295eac0df78706085e8ed5f199d42733e1de8406d48003ab1b0a3ffc2478fd48
Ubuntu Security Notice USN-6819-3
Posted Jun 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6819-3 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

tags | advisory, remote, denial of service, kernel, tcp, protocol
systems | linux, ubuntu
advisories | CVE-2023-52443, CVE-2023-52444, CVE-2023-52447, CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52455, CVE-2023-52457, CVE-2023-52462, CVE-2023-52463, CVE-2023-52465, CVE-2023-52467, CVE-2023-52469, CVE-2023-52472
SHA-256 | 0776ecd3ecb1bfa0399486a67208c24d784625998b8a8fcde961179d780df009
Ubuntu Security Notice USN-6831-1
Posted Jun 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6831-1 - It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2021-47063, CVE-2024-0841, CVE-2024-26688, CVE-2024-26712, CVE-2024-26733, CVE-2024-26735, CVE-2024-26736, CVE-2024-26751, CVE-2024-26752, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26772, CVE-2024-26777
SHA-256 | 23e4ede8ceaec81814cdcf3c7e268f93d35ddcb8901d67e7269563744fed70e6
Page 1 of 9
Back12345Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close