what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-6896-1
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6896-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
Debian Security Advisory 5729-1
Posted Jul 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
Ubuntu Security Notice USN-6895-1
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6895-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
Ubuntu Security Notice USN-6864-3
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6864-3 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. A security issue was discovered in the Linux kernel. An attacker could possibly use it to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-6885-2
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. Orange Tsai discovered that the Apache HTTP Server incorrectly handled certain response headers. A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attacks. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.

tags | advisory, remote, web, denial of service, local, vulnerability, protocol
systems | linux, ubuntu
Ubuntu Security Notice USN-6893-1
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-6894-1
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6894-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
Ubuntu Security Notice USN-6888-2
Posted Jul 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6888-2 - USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
Red Hat Security Advisory 2024-4522-03
Posted Jul 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4522-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Red Hat Security Advisory 2024-4520-03
Posted Jul 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4520-03 - The Migration Toolkit for Containers 1.7.16 is now available. Issues addressed include a memory exhaustion vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-4329-03
Posted Jul 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4329-03 - Red Hat OpenShift Container Platform release 4.14.32 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
Wireshark Analyzer 4.2.6
Posted Jul 11, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: The releases notes do not show any updates but hey, new version!
tags | tool, sniffer, protocol
systems | windows, unix
Atlassian Confluence Administrator Code Macro Remote Code Execution
Posted Jul 11, 2024
Authored by W01fh4cker, remmons-r7, Huong Kieu, Ankita Sawlani | Site metasploit.com

This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.

tags | exploit, remote, arbitrary, code execution
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.

tags | exploit, xss
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.

tags | exploit, xss
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp

tags | exploit, xss
LumisXP 16.1.x Hardcoded Credentials / IDOR
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.

tags | exploit
Debian Security Advisory 5728-1
Posted Jul 11, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5728-1 - Phillip Szelat discovered that Exim, a mail transport agent, does not properly parse a multiline RFC 2231 header filename, allowing a remote attacker to bypass a $mime_filename based extension-blocking protection mechanism.

tags | advisory, remote
systems | linux, debian
Debian Security Advisory 5727-1
Posted Jul 11, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5727-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

tags | advisory, web, arbitrary
systems | linux, debian
WordPress Poll Maker 5.3.2 SQL Injection
Posted Jul 11, 2024
Authored by tmrswrr

WordPress Poll Maker plugin version 5.3.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Ubuntu Security Notice USN-6891-1
Posted Jul 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

tags | advisory, remote, denial of service, arbitrary, python
systems | linux, ubuntu
Ubuntu Security Notice USN-6892-1
Posted Jul 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6892-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
Ubuntu Security Notice USN-6868-2
Posted Jul 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6868-2 - Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-6866-3
Posted Jul 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6866-3 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
ESET NOD32 Antivirus 17.2.7.0 Unquoted Service Path
Posted Jul 11, 2024
Authored by Milad Karimi

ESET NOD32 Antivirus version 17.2.7.0 suffers from an unquoted service path vulnerability.

tags | exploit
View Older Files →

Recent News

News RSS Feed
Computer Company Breaks Quantum Supremacy Record Set By Google
Posted Jul 12, 2024

tags | headline, google
OpenSSH Bug Leaves RHEL And RHELatives Vulnerable
Posted Jul 12, 2024

tags | headline, hacker, flaw, backdoor, cryptography
China's APT41 Crew Adds A Stealthy Malware Loader And Fresh Backdoor To Its Toolbox
Posted Jul 12, 2024

tags | headline, hacker, government, malware, china, cyberwar, backdoor
GitLab Patches Second Critical Pipeline Vulnerability In Last Month
Posted Jul 12, 2024

tags | headline, flaw, patch
Introducing A New Vulnerability Class: False File Immutability
Posted Jul 11, 2024

tags | headline, microsoft, flaw
State, Local Governments Facing Deluge Of Phishing Attacks
Posted Jul 11, 2024

tags | headline, hacker, government, cybercrime, fraud, phish
Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It
Posted Jul 11, 2024

tags | headline, hacker, microsoft, flaw, patch
Japanese Space Agency Spotted Zero-Day Attacks While Cleaning Up Attack On M365
Posted Jul 11, 2024

tags | headline, hacker, microsoft, space, data loss, flaw, japan
VMware Patches Critical SQL Injection Flaw In Aria Automation
Posted Jul 11, 2024

tags | headline, database, flaw, patch
Palo Alto Networks Addresses BlastRADIUS Vulnerability
Posted Jul 11, 2024

tags | headline, flaw, patch
View More News →

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close