exploit the possibilities

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-5428-1
Posted May 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5428-1 - Tobias Stoeckmann discovered that libXrandr incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-5423-2
Posted May 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5423-2 - USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues
Posted May 18, 2022
Authored by Ramuel Gall | Site wordfence.com

Jupiter Theme versions 6.10.1 and below as well as JupiterX Core plugin versions 2.0.7 and below suffer from privilege escalation and post deletion vulnerabilities. JupiterX Theme versions 2.0.6 and below as well as JupiterX Core versions 2.0.6 and below suffer from plugin deactivation and setting modification flaws. JupiterX Theme versions 2.0.6 and below as well as Jupiter Theme versions 6.10.1 and below suffer from path traversal and local file inclusion vulnerabilities. Jupiter Theme versions 6.10.1 and below suffer from an arbitrary plugin deletion vulnerability. JupiterX Core plugin versions 2.0.6 and below suffer from information disclosure, modification, and denial of service vulnerabilities.

tags | advisory, denial of service, arbitrary, local, vulnerability, file inclusion, info disclosure
Emby Media Server 4.7.0.60 Cross Site Scripting
Posted May 18, 2022
Authored by Yehia Elghaly

Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Ubuntu Security Notice USN-5427-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5427-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
Ubuntu Security Notice USN-5426-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5426-1 - Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, local
systems | linux, ubuntu
Ubuntu Security Notice USN-5425-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5425-1 - Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory
systems | linux, ubuntu
Lynis Auditing Tool 3.0.8
Posted May 17, 2022
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added MALW-3274, PKGS-7346, and PKGS-7395. Modifications have been made to AUTH-9408, FILE-7524, HTTP-6643, KRNL-5788, KRNL-5820, KRNL-5830, KRNL-5830, and PRNT-2308.
tags | tool, scanner
systems | unix
Apple Security Advisory 2022-05-16-8
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.

tags | advisory
systems | apple
Trojan-Ransom.Thanos MVID-2022-0607 Code Execution
Posted May 17, 2022
Authored by malvuln | Site malvuln.com

Thanos ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
Ubuntu Security Notice USN-5424-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5424-1 - It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.

tags | advisory, remote, sql injection
systems | linux, ubuntu
SDT-CW3B1 1.1.0 Command Injection
Posted May 17, 2022
Authored by Ahmed Alroky

SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

tags | exploit
Online Discussion Forum Site 1.0 SQL Injection
Posted May 17, 2022
Authored by Saud Alenazi

Online Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
Ubuntu Security Notice USN-5423-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5423-1 - Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
Showdoc 2.10.3 Cross Site Scripting
Posted May 17, 2022
Authored by Akshay Ravi

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization
Posted May 17, 2022
Authored by Daniil Sigalov, Maxim Malkov, Denis Mironov, Dmitry Pavlov, Alexey Smirnov

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

tags | exploit, arbitrary
Ubuntu Security Notice USN-5311-2
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5311-2 - USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for thisCVE by mistake. This update corrects the problem. It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
Apple Security Advisory 2022-05-16-7
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
Apple Security Advisory 2022-05-16-6
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
Apple Security Advisory 2022-05-16-5
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
T-Soft E-Commerce 4 SQL Injection
Posted May 17, 2022
Authored by Alperen Ergel

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
T-Soft E-Commerce 4 Cross Site Scripting
Posted May 17, 2022
Authored by Alperen Ergel

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
WordPress Tatsu Builder Remote Code Execution
Posted May 17, 2022
Authored by Vincent Michel | Site wordfence.com

WordPress Tatsu Builder plugin versions prior to 3.3.13 suffer from an unauthenticated remote code execution vulnerability.

tags | advisory, remote, code execution
Apple Security Advisory 2022-05-16-4
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
Apple Security Advisory 2022-05-16-3
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
View Older Files →

Recent News

News RSS Feed
FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In
Posted May 18, 2022

tags | headline, hacker, government, usa, fbi, nsa
Your Data Is Auctioned Off Up To 987 Times A Day, NGO Reports
Posted May 18, 2022

tags | headline, privacy, data loss
April VMware Bugs Abused To Deliver Mirai Malware, Exploit Log4Shell
Posted May 18, 2022

tags | headline, malware, flaw
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days
Posted May 18, 2022

tags | headline, hacker, malware, cyberwar, zero day
State Of Internet Crime In Q1 2022: Bot Traffic On The Rise, And More
Posted May 18, 2022

tags | headline, hacker, malware, cybercrime, data loss, botnet, fraud
Wizard Spider Hackers Hire Cold Callers To Scare Ransomware Victims Into Paying Up
Posted May 18, 2022

tags | headline, hacker, malware, cybercrime, fraud, cryptography
Sysrv-K Botnet Targets Windows, Linux
Posted May 17, 2022

tags | headline, microsoft, linux, botnet
FBI: Hackers Used Malicious PHP Code To Grab Credit Card Data
Posted May 17, 2022

tags | headline, hacker, government, bank, usa, cybercrime, fraud, fbi, backdoor
iPhones Vulnerable To Attack Even When Turned Off
Posted May 17, 2022

tags | headline, phone, flaw, apple
Don't Accidentally Hire A North Korean Hacker, FBI Warns
Posted May 17, 2022

tags | headline, hacker, government, cyberwar, spyware, korea, fbi, backdoor
View More News →

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close