exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Debian Security Advisory 5339-1
Posted Feb 6, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5339-1 - Ikeda Soji reported that libhtml-stripscripts-perl, a Perl module for removing scripts from HTML, is prone to a regular expression denial of service, due to catastrophic backtracking for HTML content with specially crafted style attributes.

tags | advisory, denial of service, perl
systems | linux, debian
Apache Tomcat On Ubuntu Log Init Privilege Escalation
Posted Feb 6, 2023
Authored by h00die, Dawid Golunski | Site metasploit.com

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the tomcat user to root and fully compromise the target system.

tags | exploit, local, root
systems | linux, debian
Ubuntu Security Notice USN-5842-1
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5842-1 - Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Android Binder VMA Management Security Issues
Posted Feb 6, 2023
Authored by Jann Horn, Google Security Research

Android Binder VMA management suffers from multiple security issues.

tags | exploit
GNUnet P2P Framework 0.19.3
Posted Feb 6, 2023
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This is a bugfix release for gnunet 0.19.2. It now detects MySQL's strange, version-dependent my_bool type on configure. Added pkg-config definitions for gnunet messenger.
tags | tool, web, udp, tcp, peer2peer
systems | unix
Ubuntu Security Notice USN-5824-1
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5824-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Windows Kernel Registry Virtualization Memory Corruption
Posted Feb 6, 2023
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.

tags | exploit, kernel, registry
systems | windows
Ubuntu Security Notice USN-5825-2
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5825-2 - USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication.

tags | advisory, vulnerability
systems | linux, ubuntu
Ubuntu Security Notice USN-5816-2
Posted Feb 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5816-2 - USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
Lenovo Diagnostics Driver Memory Access
Posted Feb 3, 2023
Authored by jheysel-r7, alfarom256 | Site metasploit.com

This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes.

tags | exploit, arbitrary
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
Posted Feb 3, 2023
Authored by timwr, Ian Beer, Zhuowei Zhang | Site metasploit.com

Dirty Cow arbitrary file write local privilege escalation exploit for macOS.

tags | exploit, arbitrary, local
F5 Big-IP Create Administrative User
Posted Feb 3, 2023
Authored by Ron Bowes | Site metasploit.com

This Metasploit module creates a local user with a username/password and root-level privileges. Note that a root-level account is not required to do this, which makes it a privilege escalation issue. Note that this is pretty noisy, since it creates a user account and creates log files and such. Additionally, most (if not all) vulnerabilities in F5 grant root access anyways.

tags | exploit, local, root, vulnerability
Ubuntu Security Notice USN-5841-1
Posted Feb 3, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5841-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that LibTIFF was incorrectly accessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
Oracle Database 12.1.0.2 Spatial Component Privilege Escalation
Posted Feb 3, 2023
Authored by Emad Al-Mousa

Oracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component.

tags | exploit
Zeek 5.0.6
Posted Feb 2, 2023
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Three security issues and five additional bugs have been addressed.
tags | tool, intrusion detection
systems | unix
OpenSSH 9.2p1
Posted Feb 2, 2023
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This release contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable, but they report most network-reachable memory faults as security bugs.
tags | tool, encryption
systems | linux, unix, openbsd
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization
Posted Feb 2, 2023
Authored by Marco Wotschka, Ivan Kuzymchak | Site wordfence.com

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.

tags | advisory, vulnerability, code execution, xss, file inclusion, csrf
Ubuntu Security Notice USN-5840-1
Posted Feb 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5840-1 - It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, denial of service
systems | linux, ubuntu
Ubuntu Security Notice USN-5839-2
Posted Feb 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5839-2 - USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client.

tags | advisory, web
systems | linux, ubuntu
Debian Security Advisory 5338-1
Posted Feb 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5338-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Cinder, the OpenStack block storage system, may result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
Debian Security Advisory 5337-1
Posted Feb 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5337-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute (codenamed Nova) may result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
Debian Security Advisory 5336-1
Posted Feb 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5336-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitizing in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure.

tags | advisory, registry, info disclosure
systems | linux, debian
Debian Security Advisory 5335-1
Posted Feb 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

tags | advisory, java, denial of service, spoof, vulnerability
systems | linux, debian
Packet Storm New Exploits For January, 2023
Posted Feb 1, 2023
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 130 exploits added to Packet Storm in January, 2023.

tags | exploit
io_uring Same Type Object Reuse Privilege Escalation
Posted Feb 1, 2023
Authored by h00die, Mathias Krause, Ryota Shiga | Site metasploit.com

This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

tags | exploit, shell, kernel, root
systems | linux, ubuntu
View Older Files →

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close