exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 9,867 RSS Feed

Web Files

Ubuntu Security Notice USN-6729-1
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
SHA-256 | b6b856a665b8ccd0c761b17ac9d0990bb16f01e11f4e9c76e440d6681ef8b0fd
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67
CHAOS RAT 5.0.1 Remote Command Execution
Posted Apr 10, 2024
Authored by chebuya

CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.

tags | exploit, web, xss
advisories | CVE-2024-30850, CVE-2024-31839
SHA-256 | 343ca35b11570c993ed8818aa37a56638c474563d756a7ac0c8f9334b16b6ca5
Debian Security Advisory 5655-1
Posted Apr 5, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5655-1 - It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-2947
SHA-256 | 14093fabc69fd65851f3932ac6e03e2c4be92f356b14adae4a02493d9c0dbc94
Red Hat Security Advisory 2024-1640-03
Posted Apr 3, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1640-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, denial of service, local file inclusion, memory leak, and traversal vulnerabilities.

tags | advisory, web, denial of service, local, vulnerability, memory leak, file inclusion
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | 5b190861d8139026b2aa99a49f82761b3c5422f4d65ef64fa35be50eacf54b58
Red Hat Security Advisory 2024-1576-03
Posted Apr 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1576-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621
SHA-256 | b6e1698061c4887c5634a86dda77570a2587b1aebe8ea42dc4a4b6b3689def4c
Circontrol Raption Buffer Overflow / Command Injection
Posted Mar 28, 2024
Authored by Dariusz Gonda, Abert Spruyt, Alex Salvetti

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.

tags | exploit, web, overflow, root
advisories | CVE-2020-8006, CVE-2020-8007
SHA-256 | 2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0
Ubuntu Security Notice USN-6718-2
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6718-2 - USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2024-2398
SHA-256 | 254eb20ecc0dee862c1a54519635302b51b16e509db5e12799dbd97629205e05
Red Hat Security Advisory 2024-1536-03
Posted Mar 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1536-03 - An update is now available for Red Hat Satellite 6.14 for RHEL 8. Issues addressed include HTTP request smuggling and traversal vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2023-5189
SHA-256 | eb930194ee9cf88e226f35b810197dba620e4cc5d5aeb5b34c0d4e54a42ca89d
Sharepoint Dynamic Proxy Generator Remote Command Execution
Posted Mar 27, 2024
Authored by Jang, jheysel-r7 | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.

tags | exploit, remote, web, vulnerability
advisories | CVE-2023-24955, CVE-2023-29357
SHA-256 | 3b1724367c87a328eb0a2106c305037f2a413ec6310fe39613f91e443e4e1a9c
Artica Proxy Unauthenticated PHP Deserialization
Posted Mar 27, 2024
Authored by h00die-gr3y, Jaggar Henry | Site metasploit.com

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0
Ubuntu Security Notice USN-6718-1
Posted Mar 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

tags | advisory, remote, web, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2024-2004, CVE-2024-2398
SHA-256 | 626a0b8a1438ccde6a1826653d3285d7f2a9a3cd644e2dfcfff06f2bc14e0f9d
Debian Security Advisory 5646-1
Posted Mar 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5646-1 - Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection.

tags | advisory, web, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2023-39360, CVE-2023-39513, CVE-2023-49084, CVE-2023-49085, CVE-2023-49086, CVE-2023-49088, CVE-2023-50250, CVE-2023-50569
SHA-256 | d9158a48c8ed071329b9eb3eddd4e00641007c015236908127fc8e2d8c7008c6
Debian Security Advisory 5645-1
Posted Mar 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5645-1 - Manfred Paul discovered a flaw in the Mozilla Firefox web browser, allowing an attacker to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.

tags | advisory, web, arbitrary, javascript
systems | linux, debian
advisories | CVE-2024-29944
SHA-256 | 4f5d9a853e227dab14b126ce8536d5e0bccc071fc1e3eea740c201c1d75a9146
Debian Security Advisory 5643-1
Posted Mar 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5643-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2023-5388, CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616
SHA-256 | a448517a42a8f898647c5aa7c7b1e0258fff75928a056aa5b3eb6c5fe41ab76b
Red Hat Security Advisory 2024-1431-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1431-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621
SHA-256 | 042d689fc8cb50b8ece70559d244a1def7afed86f869acf6f24510d0752ca7e1
GNUnet P2P Framework 0.21.1
Posted Mar 19, 2024
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Communicator and connectivity bugfixes.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 2faf30a7c965ee27488aa615351736f44a121eeb9316eea19a0fa4904265c2c5
Red Hat Security Advisory 2024-1325-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1325-03 - Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat, windows
advisories | CVE-2023-5678
SHA-256 | 540b7b318053beca6c43ca6421f58215e773d779e7565d7f8f9ce37a4534795f
Red Hat Security Advisory 2024-1324-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1324-03 - An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-41080
SHA-256 | 14ca96f0778716067a0fd01e90283cd0c4b4c9ae95ab2ef80f68617412beec80
Red Hat Security Advisory 2024-1319-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1319-03 - Red Hat JBoss Web Server 5.7.8 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat, windows
advisories | CVE-2023-5678
SHA-256 | deeb75081668151356b5819e0c3c816565bd06d4cde4092321e55c63446fff67
Red Hat Security Advisory 2024-1318-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1318-03 - An update is now available for Red Hat JBoss Web Server 5.7.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-5678
SHA-256 | ccd1b28c9aee226c114d792746a7fab0634a491860a7089d7537686112c22c88
Red Hat Security Advisory 2024-1317-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1317-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include buffer overflow, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2023-5678
SHA-256 | f294fa960eaa587cdc822bf85f430e02ab8f0e2a474d3eea8a845e287ccba797
Red Hat Security Advisory 2024-1316-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1316-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include cross site scripting, information leakage, and out of bounds read vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2023-5678
SHA-256 | d3c2a05ee1dd54a907b571ffbc3225f134472eba748786b00d048f19d0a52a7f
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
Posted Mar 12, 2024
Authored by chebuya

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.

tags | exploit, web, javascript, xss
advisories | CVE-2024-28741
SHA-256 | e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1
TP-Link TL-WR740N Buffer Overflow / Denial Of Service
Posted Mar 11, 2024
Authored by Anish Feroz

There exists a buffer overflow vulnerability in the TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request.

tags | exploit, web, denial of service, overflow
SHA-256 | 1ffb14b7cc151eb147dfc888b64259bdf2c04d3a6a304b037e87c8e84424acb5
Page 1 of 395
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close