This archive is a GhostRace proof of concept exploit exemplifying the concept of a speculative race condition in a step-by-step single-threaded fashion. Coccinelle scripts are used to scan the Linux kernel version 5.15.83 for Speculative Concurrent Use-After-Free (SCUAF) gadgets.
37e02a934f238521d1f775356b1e8c43d4c6a81948b9dad1162cc1387ca9c199Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.
86b50d4574919755d30f44ebc0972085ad39e9820171813614fe42cf0df9f937SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP.
bfc27f59ffa7a1d020eb1883e06f1b2a7891a0fff09f6afb7a4aef11cea69616Zope version 5.9 suffers from a command injection vulnerability in /utilities/mkwsgiinstance.py.
1849107b888555128ddb84f1932e592e1a6cec7bad8f090a967908069ab52d02CrushFTP versions prior to 11.1.0 suffers from a directory traversal vulnerability.
f6f0dfaaef61e480d92184b9e2c78f7ab875206b68a377d6f7d4d096b36e0e6bTrojanSpy.Win64.EMOTET.A malware suffers from a code execution vulnerability.
10debc35623c145b6f978baa8cb84aaa54c64d5d82a5c05ac187f8de64eca19fPlantronics Hub version 3.25.1 suffers from an arbitrary file read vulnerability.
c63a856ff1866ac2a5b1c7cca4db6ffecb90758e7c84070c8f4234cfa6c54caaBackdoor.Win32.AsyncRat malware suffers from a code execution vulnerability.
aae895a856dbb790f39f2815c8d74efe74839c99e7531212e21ea34299f56a3eApache mod_proxy_cluster suffers from a cross site scripting vulnerability.
fadf8a3fa5550a659387386713c6d034a845c647a4595a8ba20fbad136400e1fChryp version 2.5.2 suffers from a persistent cross site scripting vulnerability.
595f50a797273bc71e600e16b0c302e64f4c3bc6413b4e2f4eac3ca9d31edcdaLeafpub version 1.1.9 suffers from a persistent cross site scripting vulnerability.
a319d222989340e097fcceb563dd16ea12ab8f0c1bc6bc240ca39b4f7c8bcfb0Prison Management System Using PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e69f0a647f9409afaeb28fca9549b65a8f171f0f00a1d280a8d677cfdf0704eeThis Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such, if the file is overwritten with an arbitrary file, it will still auto-elevate. This module overwrites the /bin/loadkeys file with another executable.
0ba86964552be2e15d8dfa5aee3dc906633226221f56038c5adfd5023d1cef02Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities.
ef278eac34255b166212b8c3d391b9134c5e614f5beadcfc77d5664154f0a7dePanel.SmokeLoader malware suffers from a cross site scripting vulnerability.
bcc5e47df8b2d6bd47ac6d8b30cb4be97dade1f97e3d46af383c50831ef76904Esteghlal F.C.'s site suffers from a cross site scripting vulnerability.
27a3e849215cdeb3acce420536732c6bb9d4b0fd92ff4c0bea2720714ce42eceIn mmu_insert_pages_no_flush(), when a HUGE_HEAD page is mapped to a 2M aligned GPU address, this is done by creating an Address Translation Entry (ATE) at MIDGARD_MMU_LEVEL(2) (in other words, an ATE covering 2M of memory is created). This is wrong because it assumes that at least 2M of memory should be mapped. mmu_insert_pages_no_flush() can be called in cases where less than that should be mapped, for example when creating a short alias of a big native allocation. Later, when kbase_mmu_teardown_pgd_pages() tries to tear down this region, it will detect that unmapping a subsection of a 2M ATE is not possible and write a log message complaining about this, but then proceed as if everything was fine while leaving the ATE intact. This means the higher-level code will proceed to free the referenced physical memory while the ATE still points to it.
02b7002e9ef87f42111b8b994ec26a71eab28f5f71c23d3899c25a6cc7a85c92Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections.
f54e108c3e072e69c000f9759d386e86aae92493e17fbe4348a5bdd7b5278328RIOT versions 2024.01 and below suffers from multiple buffer overflows, ineffective size checks, and out-of-bounds memory access vulnerabilities.
43c245ca872e84173b6225084f324209f789f4e49b0b9c392d621feab1e1de58The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. Proof of concept included.
c2dc2010ee36581d568d891c24ac2a0dfd8b8a87de8de3d72f1072bb1e38964aPanel Amadey.d.c malware suffers from cross site scripting vulnerabilities.
56d2e699a952bda76c68e9e01f6c3048db2c4af020ac1ac6adda3f4b9c409042Clinic Queuing System version 1.0 suffers from a remote code execution vulnerability.
23c5d126d6744f4ca5ca7cb92f2a3a88c17df81ab9f24fd93329abb2706e0378iboss Secure Web Gateway versions prior to 10.2.0 suffer from a persistent cross site scripting vulnerability.
50b166bd6a6b50ebc0b7770cf33221a56eafab69e5b4987b101fcd6a8a6d1e49POMS PHP version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
6fbd9b24154b7a82bd33b970bc8f205aec51838beab9dfdcd8c402c4bc2fe213Kortex version 1.0 suffers from a remote SQL injection vulnerability.
a16f4013115276b1f531688e40762325affcbf56e829fa0b4b9a3e3651bbef0d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed