exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-5743-1
Posted Nov 25, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5743-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential
Posted Nov 25, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.

tags | exploit
systems | windows
Ubuntu Security Notice USN-5742-1
Posted Nov 25, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5742-1 - It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw
Posted Nov 25, 2022
Authored by malvuln | Site malvuln.com

Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.

tags | exploit
systems | windows
Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL
Posted Nov 25, 2022
Authored by malvuln | Site malvuln.com

Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.

tags | exploit, trojan
systems | windows
Ubuntu Security Notice USN-5741-1
Posted Nov 25, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5741-1 - It was discovered that Exim incorrectly handled certain regular expressions. An attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Helmet Store Showroom 1.0 SQL Injection
Posted Nov 25, 2022
Authored by syad

Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Sanitization Management System 1.0 SQL Injection
Posted Nov 25, 2022
Authored by nu11secur1ty

Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Chrome blink::LocalFrameView::PerformLayout Use-After-Free
Posted Nov 25, 2022
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.

tags | exploit
XNU vm_object Use-After-Free
Posted Nov 25, 2022
Authored by Google Security Research, Ian Beer

XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.

tags | exploit
XNU Dangling PTE Entry
Posted Nov 25, 2022
Authored by Google Security Research, Ian Beer

XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.

tags | exploit
Falco 0.33.1
Posted Nov 24, 2022
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: Fixed container-gvisor and kubernetes-gvisor print options. Updated libs to 0.9.2, fixing potential CLBO on gVisor+Kubernetes and crash with eBPF when some CPUs are offline.
tags | tool, intrusion detection
systems | unix
F5 BIG-IP iControl Remote Command Execution
Posted Nov 24, 2022
Authored by Ron Bowes | Site metasploit.com

This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, root, code execution
Ubuntu Security Notice USN-5736-1
Posted Nov 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5736-1 - It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10.

tags | advisory, denial of service
systems | linux, ubuntu
Red Hat Security Advisory 2022-8535-01
Posted Nov 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Red Hat Security Advisory 2022-8534-01
Posted Nov 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8534-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Ubuntu Security Notice USN-5740-1
Posted Nov 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5740-1 - It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-5739-1
Posted Nov 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5739-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
Ubuntu Security Notice USN-5638-3
Posted Nov 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5638-3 - USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. This update also fixes a minor regression introduced in Ubuntu 18.04 LTS.

tags | advisory
systems | linux, ubuntu
Ecommerce 1.0 Cross Site Scripting / Open Redirect
Posted Nov 24, 2022
Authored by nu11secur1ty

Ecommerce version 1.0 suffers from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
Zeek 5.0.4
Posted Nov 23, 2022
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes security issues where a specially-crafted series of HTTP 0.9 packets can cause Zeek to spend large amounts of time processing the packets, a specially-crafted FTP packet can cause Zeek to spend large amounts of time processing the command, and a specially-crafted IPv6 packet can cause Zeek to overflow memory and potentially crash. Fixed a potential stall in Broker’s internal data pipeline.
tags | tool, intrusion detection
systems | unix
Packet Fence 12.1.0
Posted Nov 23, 2022
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: 4 new features, 13 enhancements, and 8 bug fixes.
tags | tool, remote
systems | unix
Ubuntu Security Notice USN-5737-1
Posted Nov 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5737-1 - It was discovered that APR-util did not properly handle memory when using SDBM database files. A local attacker with write access to the database can make a program or process using these functions crash, and cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
Red Hat Security Advisory 2022-8609-01
Posted Nov 23, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
Ubuntu Security Notice USN-5735-1
Posted Nov 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5735-1 - It was discovered that Sysstat did not properly check bounds when performing certain arithmetic operations on 32 bit systems. An attacker could possibly use this issue to cause a crash or arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, ubuntu
View Older Files →

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close