what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
ABB Cylon Aspect 3.07.02 user.properties Default Credentials
Posted Oct 11, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system.

tags | exploit, remote
ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution
Posted Oct 11, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.

tags | exploit, web, arbitrary, shell, php
ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control
Posted Oct 11, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.

tags | exploit, remote, php
Debian Security Advisory 5788-1
Posted Oct 11, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5788-1 - Damien Schaeffer discovered a use-after-free in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
Ubuntu Security Notice USN-7020-4
Posted Oct 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7020-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
Ubuntu Security Notice USN-7062-1
Posted Oct 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7062-1 - It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
Red Hat Security Advisory 2024-7994-03
Posted Oct 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7994-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.3 General Availability release images, bug fixes, and updated container images.

tags | advisory
systems | linux, redhat
TerraMaster TOS 4.2.29 Code Injection / Local File Inclusion
Posted Oct 11, 2024
Authored by indoushka

TerraMaster TOS version 4.2.29 suffers from a remote code injection vulnerability leveraging a local file inclusion vulnerability.

tags | exploit, remote, local, file inclusion
Red Hat Security Advisory 2024-7987-03
Posted Oct 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7987-03 - An update is now available for Red Hat Satellite 6.15 for RHEL 8. Issues addressed include HTTP request smuggling and null pointer vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
SolarView Compact 6.00 Code Injection
Posted Oct 11, 2024
Authored by indoushka

SolarView Compact version 6.00 suffers from a PHP code injection vulnerability.

tags | exploit, php
Openfire 4.8.0 Code Injection
Posted Oct 11, 2024
Authored by indoushka

Openfire version 4.8.0 suffers from authentication bypass and code injection vulnerabilities.

tags | exploit, vulnerability
Red Hat Security Advisory 2024-7977-03
Posted Oct 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7977-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
MagnusBilling 6.x Code Injection
Posted Oct 11, 2024
Authored by indoushka

MagnusBilling version 6.x suffers from a PHP code injection vulnerability.

tags | exploit, php
Kafka UI 0.7.1 Code Injection
Posted Oct 11, 2024
Authored by indoushka

Kafka UI version 0.7.1 suffers from a remote code injection vulnerability.

tags | exploit, remote
Red Hat Security Advisory 2024-7972-03
Posted Oct 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7972-03 - An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
GL.iNet 4.4.3 Code Injection
Posted Oct 11, 2024
Authored by indoushka

GL.iNet version 4.4.3 suffers from authentication bypass and code injection vulnerabilities.

tags | exploit, vulnerability
Gibbon School Platform 26.0.00 Code Injection
Posted Oct 11, 2024
Authored by indoushka

Gibbon School Platform version 26.0.00 suffers from a PHP code injection vulnerability.

tags | exploit, php
Craft CMS 4.4.14 Code Injection
Posted Oct 11, 2024
Authored by indoushka

Craft CMS version 4.4.14 suffers from a PHP code injection vulnerability.

tags | exploit, php
Chamilo 1.11.18 Code Injection
Posted Oct 11, 2024
Authored by indoushka

Chamilo version 1.11.18 suffers from a PHP code injection vulnerability.

tags | exploit, php
Artica Proxy 4.40 Code Injection
Posted Oct 11, 2024
Authored by indoushka

Artica Proxy version 4.40 suffers from a code injection vulnerability that provides a reverse shell.

tags | exploit, shell
XNU Insufficient Locking Use-After-Free
Posted Oct 11, 2024
Authored by Google Security Research, nedwill

XNU suffers from a race condition leading to a use-after-free between the NFSSVC_NFSD command and an upcall worker thread.

tags | advisory
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal
Posted Oct 10, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose sensitive system details, aiding in further attacks. The issue lies in the listFiles() function of the persistenceManagerAjax.php script, which calls PHP's readdir() function without proper input validation of the directory POST parameter.

tags | exploit, arbitrary, php, info disclosure
Palo Alto Networks GlobalProtect Local Privilege Escalation
Posted Oct 10, 2024
Authored by Johannes Greil, Michael Baer | Site sec-consult.com

Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.

tags | exploit, local
Wireshark Analyzer 4.4.1
Posted Oct 10, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Reload framing fixes. AppleTalk fix. Allows saving files with Qt 6.8. Donation page added. Update VELOS and rSeries platform identifiers for f5fileinfo. Various other updates and fixes.
tags | tool, sniffer, protocol
systems | windows, unix
Ubuntu Security Notice USN-7061-1
Posted Oct 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
View Older Files →

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close