exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
TestSSL 3.0.9
Posted Jun 14, 2024
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Fixed bash 5 issue when encountering a short server key extension. Fixed HTML issue when using bash 5. CAA DNS records are now not being queried when nodns is set. MongoDB identification fix. Sanity check when user has broken umask to avoid runtime errors. Fixed for newer grep versions. 8 additional updates.
tags | tool, scanner, protocol, bash
systems | unix
Ubuntu Security Notice USN-6834-1
Posted Jun 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6834-1 - It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-6833-1
Posted Jun 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6833-1 - Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this issue to consume resources, leading to a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
Ubuntu Security Notice USN-6832-1
Posted Jun 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6832-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.

tags | advisory, denial of service
systems | linux, ubuntu
Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting
Posted Jun 14, 2024
Authored by Sajibe Kanti

Premium Support Tickets For WHMCS version 1.2.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Red Hat Security Advisory 2024-3929-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3929-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-3927-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3927-03 - A new container image for Red Hat Ceph Storage 7.1 is now available in the Red Hat Ecosystem Catalog.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-3926-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3926-03 - An update for expat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Red Hat Security Advisory 2024-3920-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3920-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a password leak vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-3919-03
Posted Jun 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3919-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and spoofing vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, redhat
AEGON LIFE 1.0 Cross Site Scripting
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
AEGON LIFE 1.0 Remote Code Execution
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
AEGON LIFE 1.0 SQL Injection
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
PHP Remote Code Execution
Posted Jun 14, 2024
Authored by Yesith Alvarez

PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
Telerik Report Server Authentication Bypass / Remote Code Execution
Posted Jun 13, 2024
Authored by unknown, Soroush Dalili, Spencer McIntyre, SinSinology | Site metasploit.com

This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with administrative privileges. The USERNAME datastore option can be used to authenticate with an existing account to prevent the creation of a new one. The deserialization flaw works by uploading a specially crafted report that when loaded will execute an OS command as NT AUTHORITY\SYSTEM. The module will automatically delete the created report but not the account because users are unable to delete themselves.

tags | exploit, remote, code execution, bypass
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
Posted Jun 13, 2024
Authored by sfewer-r7, Arseniy Sharoglazov | Site metasploit.com

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work against version 2.4.0 RC7 and 2.3m. The Rejetto HTTP File Server (HFS) version 2.x is no longer supported by the maintainers and no patch is available. Users are recommended to upgrade to newer supported versions.

tags | exploit, remote, web
Cacti Import Packages Remote Code Execution
Posted Jun 13, 2024
Authored by EgiX, Christophe de la Fuente | Site metasploit.com

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.

tags | exploit, remote, web, arbitrary, php, code execution
Lost And Found Information System 1.0 Cross Site Scripting
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
Lost And Found Information System 1.0 SQL Injection
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from an unauthenticated blind boolean-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Lost And Found Information System 1.0 SQL Injection
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from an unauthenticated blind time-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Lost And Found Information System 1.0 Cross Site Scripting
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
Debian Security Advisory 5709-1
Posted Jun 13, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5709-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.

tags | advisory, web, arbitrary
systems | linux, debian
Ubuntu Security Notice USN-6829-1
Posted Jun 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6829-1 - It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
Ubuntu Security Notice USN-6819-3
Posted Jun 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6819-3 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

tags | advisory, remote, denial of service, kernel, tcp, protocol
systems | linux, ubuntu
Ubuntu Security Notice USN-6831-1
Posted Jun 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6831-1 - It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
View Older Files →

Recent News

News RSS Feed
Black Basta Exploits Patched Windows Privilege Escalation Bug
Posted Jun 13, 2024

tags | headline, malware, microsoft, flaw
Kaspersky Researchers Punch Holes In Biometrics Hardware Security
Posted Jun 13, 2024

tags | headline, russia, flaw
Prevalence And Impact Of Password Exposure Vulns In ICS/OT
Posted Jun 13, 2024

tags | headline, flaw, password
Apple Patches Possibly The First Ever Spatial Computing Hack
Posted Jun 13, 2024

tags | headline, flaw, patch, apple
White House Report Dishes Deet On All 11 Major Government Breaches From 2023
Posted Jun 13, 2024

tags | headline, hacker, government, usa, data loss, flaw
Microsoft President To Testify Over Security Lapses
Posted Jun 13, 2024

tags | headline, hacker, government, microsoft, usa, data loss, flaw
Ransomware Group Exploits PHP Vulnerability Days After Disclosure
Posted Jun 12, 2024

tags | headline, hacker, cybercrime, flaw, cryptography
Let's Kick Off The Summer With A Pwn-Me-By-Wifi Bug In Microsoft Windows
Posted Jun 12, 2024

tags | headline, microsoft, wireless, flaw
China State Hackers Infected 20,000 Fortinet VPNs
Posted Jun 12, 2024

tags | headline, hacker, government, china, flaw, cyberwar, spyware, cryptography
23andMe Investigated Over Hack That Hit 7M Users
Posted Jun 12, 2024

tags | headline, hacker, government, privacy, canada, britain, data loss
View More News →

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close