exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-5526-2
Posted Aug 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5526-2 - USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
Red Hat Security Advisory 2022-6079-01
Posted Aug 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6079-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2022-6073-01
Posted Aug 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6073-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2022-6075-01
Posted Aug 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6075-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2022-6078-01
Posted Aug 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6078-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
Hacking Zyxel IP Cameras To Get A Root Shell
Posted Aug 17, 2022
Authored by Eric Urban | Site hydrogen18.com

This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.

tags | paper, shell, root
Ubuntu Security Notice USN-5569-1
Posted Aug 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5569-1 - Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked.

tags | advisory, remote
systems | linux, ubuntu
Race Against The Sandbox
Posted Aug 16, 2022
Authored by The Abyss Labs | Site theabysslabs.github.io

Whitepaper called Race Against the Sandbox - Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.

tags | exploit, paper, root
TypeORM 0.3.7 Information Disclosure
Posted Aug 16, 2022
Authored by Andrii Kostenko

TypeORM version 0.3.7 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
TOR Virtual Network Tunneling Tool 0.4.7.10
Posted Aug 15, 2022
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This version updates the geoip cache that they generate from IPFire location database to use the August 9th, 2022 one. Everyone MUST update to this latest release else circuit path selection and relay metrics are badly affected.
tags | tool, remote, local, peer2peer
systems | unix
Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation
Posted Aug 15, 2022
Authored by James Forshaw, Google Security Research

On Windows, when registered to use a public key for computer authentication, the certificate is stored in a user accessible registry key leading to elevation of privilege.

tags | exploit, registry
systems | windows
Win32.Ransom.BlueSky MVID-2022-0632 Code Execution
Posted Aug 15, 2022
Authored by malvuln | Site malvuln.com

The BlueSky Win32.Ransom.BlueSky ransomware looks for and executes arbitrary DLLs in its current working directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our own process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit, arbitrary
systems | windows, 32
Inout RealEstate 2.1.2 SQL Injection
Posted Aug 15, 2022
Authored by CraCkEr

Inout RealEstate version 2.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Inout SiteSearch 2.0.1 Cross Site Scripting
Posted Aug 15, 2022
Authored by CraCkEr

Inout SiteSearch version 2.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure
Posted Aug 15, 2022
Authored by Sohel Yousef

Gigaland NFT Marketplace version 1.9 suffers from remote shell upload and ETH private key disclosure vulnerabilities.

tags | exploit, remote, shell, vulnerability, info disclosure
Ubuntu Security Notice USN-5568-1
Posted Aug 15, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
Red Hat Security Advisory 2022-6061-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Red Hat Security Advisory 2022-6065-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6065-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2022-6062-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6062-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2022-6066-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Red Hat Security Advisory 2022-6057-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6057-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2022-6058-01
Posted Aug 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.

tags | advisory
systems | linux, redhat
Gentoo Linux Security Advisory 202208-31
Posted Aug 15, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-31 - Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Versions less than 1.16.3 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
Gentoo Linux Security Advisory 202208-30
Posted Aug 15, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-30 - Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service. Versions less than 2.38 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
Gentoo Linux Security Advisory 202208-29
Posted Aug 15, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-29 - Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service. Versions less than 1.13.6 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
View Older Files →

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close