exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31,406 RSS Feed

Remote Files

Ubuntu Security Notice USN-6729-1
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
SHA-256 | b6b856a665b8ccd0c761b17ac9d0990bb16f01e11f4e9c76e440d6681ef8b0fd
Ubuntu Security Notice USN-6727-2
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
SHA-256 | 98f7aae4d30d1b37976aae71c2f8f3d1c09fb49865d4abec3139169342e9663a
TOR Virtual Network Tunneling Tool 0.4.8.11
Posted Apr 11, 2024
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is a minor release mostly to upgrade the fallbackdir list. Worth noting also that directory authority running this version will now automatically reject relays running the end of life 0.4.7.x version.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 8f2bdf90e63380781235aa7d604e159570f283ecee674670873d8bb7052c8e07
Ubuntu Security Notice USN-6727-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
SHA-256 | 2c691be3dfb8ed61396b4eb86ac7b035f8344a516e272f6ffb13c26ac0186bd9
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67
Ubuntu Security Notice USN-6728-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | c9a980c32c2ef96069eee9285fdd53c5aa4c12d940c776810cbfff41a398c101
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
Posted Apr 11, 2024
Authored by Georgios Tsimpidas, Frey

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.

tags | exploit, remote, php, file upload
advisories | CVE-2024-31777
SHA-256 | 87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747
Joomla SP Page Builder 5.2.7 SQL Injection
Posted Apr 10, 2024
Authored by indoushka

Joomla SP Page Builder component version 5.2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c0a01ac21e54ef967a8efc4d6257dd13af0264821d06c9c02f3fc743f377f9f1
Ubuntu Security Notice USN-6726-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6726-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52444, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52454, CVE-2023-52470, CVE-2023-52612, CVE-2024-0607, CVE-2024-23851
SHA-256 | 9d8567a66a05e4472fe61be7f8a7bdb51155d4ee0ca5cf5cf863b32e3467a029
Ubuntu Security Notice USN-6725-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6725-1 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-1194, CVE-2023-32254, CVE-2023-32258, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431, CVE-2023-3867, CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52442, CVE-2023-52444
SHA-256 | 8d6d30178b2854c30f04f5326a65af3d2a2ce39d0ff00d49cba1cfec2df9734b
Ubuntu Security Notice USN-6723-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6723-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-50387, CVE-2023-50868
SHA-256 | 6e047bb3283e58c0f8d840f22e9c0053696975f6a4992368ea7aec56ce6a4cc7
Flightio.com SQL Injection
Posted Apr 9, 2024
Authored by E1.Coders

Flightio.com suffers from a remote SQL injection vulnerability. The researchers reporting this claimed the site has not responded to their reports so we are posting this to add visibility to the issue.

tags | exploit, remote, sql injection
SHA-256 | 287e946136487edac1a8bcbedb409990ac26461ab1f6840438934159773b37da
Daily Expense Manager 1.0 SQL Injection
Posted Apr 8, 2024
Authored by Stefan Hesselman

Daily Expense Manager version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3036d5c35514225ac7efd5fae884b642a5c6e16478440cce60456af20f3c8957
Open Source Medicine Ordering System 1.0 SQL Injection
Posted Apr 8, 2024
Authored by Onur Karasalihoglu

Open Source Medicine Ordering System version 1.0 suffers from a remote SQL Injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ddcd59d819ea5c59b6d5493517cad43c4bfefe50707cf9b222d8705aea3e670b
ZenML Remote Privilege Escalation
Posted Apr 8, 2024
Authored by David Botelho Mariano | Site github.com

ZenML allows for remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. This is the proof of concept exploit. All ZenML versions below 0.46.7 are vulnerable, with the exception being patched versions 0.44.4, 0.43.1, and 0.42.2.

tags | exploit, remote, proof of concept
advisories | CVE-2024-25723
SHA-256 | 3c2c8e3882d5e4c0257dbb5b27f3d5dfe82d1a0ce0a5f485af9c54a883d48594
Invision Community 4.7.16 Remote Code Execution
Posted Apr 8, 2024
Authored by EgiX | Site karmainsecurity.com

Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.

tags | exploit, remote, php, code execution
advisories | CVE-2024-30162
SHA-256 | 79e57c6d95c397c23ce4c4203e72406e2900a93befed691fbc0ae540ed7a9cf4
Invision Community 4.7.15 SQL Injection
Posted Apr 8, 2024
Authored by EgiX | Site karmainsecurity.com

Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2024-30163
SHA-256 | f3e99d07ab1ab0d469a1a39ceb456ac6dc86fdcbd9071ad8690ce38ecca5a7ff
UP-RESULT 0.1 2024 SQL Injection
Posted Apr 8, 2024
Authored by nu11secur1ty

UP-RESULT version 0.1 2024 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4add65ea93ae55c77a16552103ce0483201e157f530ea8a0e1e38f32c5d69671
DerbyNet 9.0 print/render/racer.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30923
SHA-256 | c59f5b4f5d044eb7838a408a25e1ddb8966666ed55c708660903f015ccf7e1b5
DerbyNet 9.0 print/render/award.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30922
SHA-256 | 635f60dcea426f833c149bf378a0e8ce1585c3548641f81eb1702cf39c8c50de
DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30928
SHA-256 | 4d58e0287f76d2e5689e86c7f6907829d0e768e9a60e0f2ac317c9153ee4e3b6
Human Resource Management System 2024 1.0 SQL Injection
Posted Apr 5, 2024
Authored by nu11secur1ty

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 94d4f83975f87861e5de23afeddf375d89516755bb5f7b64deb215523821ad76
Gibbon School Platform 26.0.00 Remote Code Execution
Posted Apr 5, 2024
Authored by h00die-gr3y, Islam Rzayev, Fikrat Guliev, Ali Maharramli | Site metasploit.com

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-24725
SHA-256 | 2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9
User Registration And Login And User Management System 3.2 SQL Injection
Posted Apr 4, 2024
Authored by Yusuf DinC

User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | d7b9220fd1f8abc396db42df756fbc5a76abf3925bf5357e6721975e8781e9cb
WordPress Membership For WooCommerce Shell Upload
Posted Apr 4, 2024
Authored by Milad Karimi

WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 02cf8f42362fb411dc46a34c050893842dde9be08183674517277a5f694702c4
Page 1 of 1,257
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close