what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password
Posted Jun 25, 2024
Authored by Daniel Hirschberger | Site sec-consult.com

Faronics WINSelect versions prior to 8.30.xx.903 suffer from having hardcoded credentials, storing unhashed passwords, and configuration file modification vulnerabilities.

tags | exploit, vulnerability
Debian Security Advisory 5715-2
Posted Jun 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5715-2 - The update for composer released as DSA 5715 introduced a regression in the handling of git feature branches. Updated composer packages are now available to address this issue.

tags | advisory
systems | linux, debian
Ubuntu Security Notice USN-6844-1
Posted Jun 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6844-1 - Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.

tags | advisory, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-6846-1
Posted Jun 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6846-1 - It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that Ansible incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a Template Injection.

tags | advisory, remote
systems | linux, ubuntu
Ubuntu Security Notice USN-6845-1
Posted Jun 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6845-1 - It was discovered that Hibernate incorrectly handled certain inputs with unsanitized literals. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
Netis MW5360 Remote Command Execution
Posted Jun 24, 2024
Authored by h00die-gr3y, Adhikara13 | Site metasploit.com

The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the authorization header, leading to the vulnerability. All router firmware versions up to V1.0.1.3442 are vulnerable. Attackers can inject a command in the password parameter, encoded in base64, to exploit the command injection vulnerability. When exploited, this can lead to unauthorized command execution, potentially allowing the attacker to take control of the router.

tags | exploit, web
Edu-Sharing Arbitrary File Upload
Posted Jun 24, 2024
Authored by Kai Zimmermann | Site sec-consult.com

Edu-Sharing suffers from an arbitrary file upload vulnerability. Versions below 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 are affected.

tags | exploit, arbitrary, file upload
Gentoo Linux Security Advisory 202406-05
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-5 - Multiple vulnerabilities have been discovered in JHead, the worst of which may lead to arbitrary code execution. Versions greater than or equal to 3.08 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
Gentoo Linux Security Advisory 202406-04
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-4 - A vulnerability has been discovered in LZ4, which can lead to memory corruption. Versions greater than or equal to 1.9.3-r1 are affected.

tags | advisory
systems | linux, gentoo
Flatboard 3.2 Cross Site Scripting
Posted Jun 24, 2024
Authored by tmrswrr

Flatboard version 3.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
Gentoo Linux Security Advisory 202406-03
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-3 - A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code. Versions greater than or equal to 6.6.3.1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection
Posted Jun 24, 2024
Authored by bRpsd

Carbon Forum version 5.9.0 suffers from access control, cross site request forgery, file upload, outdated library, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload, csrf
jSQL Injection 0.100
Posted Jun 24, 2024
Authored by ron190 | Site github.com

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

Changes: Added vulnerability report. Handled incorrect domain authority. I18n improvement and cleaning. Upgraded dependencies version.
tags | tool, scanner, sql injection
systems | linux, unix
Gentoo Linux Security Advisory 202406-02
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-2 - A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape. Versions greater than or equal to 1.14.6 are affected.

tags | advisory
systems | linux, gentoo
Gentoo Linux Security Advisory 202406-01
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-1 - A vulnerability has been discovered in GLib, which can lead to privilege escalation. Versions greater than or equal to 2.78.6 are affected.

tags | advisory
systems | linux, gentoo
Student Attendance Management System 1.0 SQL Injection
Posted Jun 24, 2024
Authored by nu11secur1ty

Student Attendance Management System version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
Red Hat Security Advisory 2024-4058-03
Posted Jun 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4058-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2024-4057-03
Posted Jun 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4057-03 - Release of OpenShift Serverless Logic 1.33.0. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
Red Hat Security Advisory 2024-4054-03
Posted Jun 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4054-03 - An update for python-gunicorn is now available for Red Hat OpenStack Platform 16.2. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, python
systems | linux, redhat
Red Hat Security Advisory 2024-4053-03
Posted Jun 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4053-03 - An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
Red Hat Security Advisory 2024-4052-03
Posted Jun 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4052-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-4051-03
Posted Jun 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4051-03 - An update for pki-core is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
Red Hat Security Advisory 2024-4050-03
Posted Jun 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4050-03 - An update for libreswan is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery
Posted Jun 24, 2024
Authored by Jakob Pachmann, Fabian Funder | Site sba-research.org

Paradox IP150 Internet Module version 1.40.00 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
Red Hat Security Advisory 2024-4036-03
Posted Jun 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4036-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
View Older Files →

Recent News

News RSS Feed
Julian Assange Pleads Guilty, Goes Home
Posted Jun 25, 2024

tags | headline, hacker, government, usa, britain, australia, data loss, military
Zip Slip Meets Artifactory: A Bug Bounty Story
Posted Jun 24, 2024

tags | headline, hacker, flaw
Snowflake Breach Snowballs With More Victims
Posted Jun 24, 2024

tags | headline, hacker, data loss
Cyber Attack Compromised Indonesian Datacenter, Ransom Sought
Posted Jun 24, 2024

tags | headline, hacker, malware, cybercrime, fraud, cryptography, indonesia
CDK Global Begins To Restore Systems After Cyber Attack Hits Thousands Of Retailers
Posted Jun 24, 2024

tags | headline, hacker, privacy, cybercrime, denial of service, data loss
Levi's And More Affected In Pants Dropping Week Of Data Breaches
Posted Jun 24, 2024

tags | headline, hacker, privacy, data loss
Car Dealerships Disrupted As CDK Hack Worsens
Posted Jun 21, 2024

tags | headline, hacker, privacy, data loss
President Biden Bans Kaspersky Antivirus Software Over Russia Ties
Posted Jun 21, 2024

tags | headline, government, malware, usa, russia, cyberwar, spyware
Sweden Claims Russia Has Been Borking Nordic Satellites
Posted Jun 21, 2024

tags | headline, government, russia, space, cyberwar, sweden
Coding Error In Forgotten API Blamed For Massive Data Breach
Posted Jun 21, 2024

tags | headline, flaw
View More News →

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close