exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Zimbra UnRAR Path Traversal
Posted Aug 5, 2022
Authored by Ron Bowes, Simon Scannell | Site metasploit.com

This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on Zimbra Collaboration versions 9.0.0 Patch 24 and below and 8.8.15 Patch 31 and below provided that UnRAR versions 6.11 or below are installed.

tags | exploit, web, arbitrary
systems | linux
GNUnet P2P Framework 0.17.3
Posted Aug 5, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: DHT has various bugfixes in the protocol. Fixed HTTPS tests in transport. Documentation changes include a migration from texinfo to sphinx, a dropped dependency on texinfo, and an added dependency on sphinx.
tags | tool, web, udp, tcp, peer2peer
systems | unix
Ubuntu Security Notice USN-5548-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5548-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
Red Hat Security Advisory 2022-5905-01
Posted Aug 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5905-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include an out of bounds access vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2022-5909-01
Posted Aug 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2022-5908-01
Posted Aug 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
Ubuntu Security Notice USN-5551-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5551-1 - It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations.

tags | advisory, remote
systems | linux, ubuntu
Ubuntu Security Notice USN-5550-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5550-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-5549-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5549-1 - It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine.

tags | advisory
systems | linux, ubuntu
Ubuntu Security Notice USN-5546-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5546-1 - Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17.

tags | advisory, remote, denial of service
systems | linux, ubuntu
Ubuntu Security Notice USN-5546-2
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5546-2 - USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery
Posted Aug 5, 2022
Authored by Marco Wotschka | Site wordfence.com

WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution
Posted Aug 5, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bushtrommel.122 malware suffers from an unauthenticated remote command execution vulnerability.

tags | exploit, remote
systems | windows
Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass
Posted Aug 5, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bushtrommel.122 malware suffers from an authentication bypass vulnerability.

tags | exploit, bypass
systems | windows
Online Admission System 1.0 SQL Injection
Posted Aug 5, 2022
Authored by syad

Online Admission System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting
Posted Aug 5, 2022
Authored by yunaranyancat, saitamang, amd_syad

WordPress Testimonial Slider and Showcase plugin version 2.2.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
VMware Workspace ONE Access Privilege Escalation
Posted Aug 4, 2022
Authored by Spencer McIntyre | Site metasploit.com

VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a password.

tags | exploit, root
Chrome WebGL Uniform Integer Overflows
Posted Aug 4, 2022
Authored by Google Security Research, Mark Brand

The WebGL implementation for setting uniform values with an ArrayBuffer argument do not properly handle large buffer sizes. As WASM now allows allocating large ArrayBuffers, this can lead to buffer overflows when writing to the GPU command buffer.

tags | exploit, overflow
Gentoo Linux Security Advisory 202208-01
Posted Aug 4, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-1 - A vulnerability in lib3mf could lead to remote code execution. Versions less than 2.1.1 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
Gentoo Linux Security Advisory 202208-05
Posted Aug 4, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-5 - Multiple vulnerabilities have been found in Icinga Web 2, the worst of which could result in remote code execution. Versions less than 2.9.6 are affected.

tags | advisory, remote, web, vulnerability, code execution
systems | linux, gentoo
Gentoo Linux Security Advisory 202208-04
Posted Aug 4, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-4 - Multiple vulnerabilities in libmcpp could result in a denial of service condition. Versions less than 2.7.2_p5 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
Gentoo Linux Security Advisory 202208-03
Posted Aug 4, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-3 - A vulnerability in Babel could result in remote code execution. Versions less than 2.9.1 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
Gentoo Linux Security Advisory 202208-02
Posted Aug 4, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
Backdoor.Win32.Jokerdoor MVID-2022-0628 Buffer Overflow
Posted Aug 4, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
Red Hat Security Advisory 2022-5904-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5904-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, php
systems | linux, redhat
View Older Files →

Recent News

News RSS Feed
Chinese Government Website Defaced Welcoming Pelosi To Taiwan
Posted Aug 4, 2022

tags | headline, hacker, government, usa, china, cyberwar
Newly Launched Russian Spy Satellite Might Be Stalking A US Satellite
Posted Aug 4, 2022

tags | headline, government, usa, russia, cyberwar, spyware, military
VMWare Urges Users To Patch Critical Authentication Bypass Bug
Posted Aug 4, 2022

tags | headline, flaw, password, patch
North Korea-Backed Hackers Have A Clever Way To Read Your Gmail
Posted Aug 4, 2022

tags | headline, privacy, malware, email, google, korea, chrome
Ransomware Task Force Releases SMB Blueprint For Defense And Mitigation
Posted Aug 4, 2022

tags | headline, malware, cybercrime, fraud, cryptography
Tonight We're Gonna Log On Like It's 1979
Posted Aug 3, 2022

tags | headline, email, password, science
Hack Drains Over A Million Dollars From Solana Crypto Wallets
Posted Aug 3, 2022

tags | headline, hacker, cybercrime, data loss, fraud, cryptography
Nancy Pelosi Ties Chinese Cyber-Attacks To Need For Taiwan Visit
Posted Aug 3, 2022

tags | headline, hacker, government, usa, china, cyberwar
The Age Of Brain-Computer Interfaces Is On the Horizon
Posted Aug 3, 2022

tags | headline, science
Lawsuit Claims Facebook Scraping Data From Hospital Sites
Posted Aug 2, 2022

tags | headline, privacy, data loss, spyware, facebook, social
View More News →

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close