exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
VMware vCenter vScalation Privilege Escalation
Posted Dec 6, 2022
Authored by h00die, Yuval Lazar | Site metasploit.com

This Metasploit module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was successfully tested against VMware VirtualCenter 6.5.0 build-7070488. Vulnerable versions should include vCenter 7.0 before U2c, vCenter 6.7 before U3o, and vCenter 6.5 before U3q.

tags | exploit, java, root
GNUnet P2P Framework 0.19.0
Posted Dec 6, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Added function to compute channel name for notifications. Improved platform-specific includes in builds. Large refactor in order to restore some sanity with respect to private defines used in headers. Various other updates.
tags | tool, web, udp, tcp, peer2peer
systems | unix
Faraday 4.3.0
Posted Dec 6, 2022
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Updated the associated command when an agent execution returns empty. Added cvss3 scope field to vulnerability schema. Added cvss2/3 and cwe to export_csv. Improved command object creation in bulk create. Fixed open and closed stats in ws filter endpoint. Added error command status in every validation of reports upload process. Added BulkDelete with filters. Changed filter logic on numeric fields.
tags | tool, rootkit
systems | unix
Evernote Web Clipper Same-Origin Policy Bypass
Posted Dec 6, 2022
Authored by Tavis Ormandy, Google Security Research

Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post.

tags | advisory, web, bypass
Ubuntu Security Notice USN-5764-1
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
Ubuntu Security Notice USN-5761-2
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5761-2 - USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.

tags | advisory, root
systems | linux, ubuntu
Red Hat Security Advisory 2022-8799-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8799-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2022-8806-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8806-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

tags | advisory, kernel
systems | linux, redhat
Red Hat Security Advisory 2022-8809-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8809-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
Red Hat Security Advisory 2022-8800-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8800-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2022-8812-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2022-8792-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8792-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
Red Hat Security Advisory 2022-8790-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8790-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
Red Hat Security Advisory 2022-8791-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8791-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
Red Hat Security Advisory 2022-8793-01
Posted Dec 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8793-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.

tags | advisory, java, denial of service
systems | linux, redhat
Ubuntu Security Notice USN-5762-1
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5762-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-5761-1
Posted Dec 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5761-1 - Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.

tags | advisory, root
systems | linux, ubuntu
Senayan Library Management System 9.5.1 SQL Injection
Posted Dec 6, 2022
Authored by nu11secur1ty

Senayan Library Management System version 9.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Drupal H5P Module 2.0.0 Zip Slip Traversal
Posted Dec 5, 2022
Authored by EgiX | Site karmainsecurity.com

Drupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.

tags | exploit, file inclusion
systems | windows
Ubuntu Security Notice USN-5760-2
Posted Dec 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5760-2 - USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash.

tags | advisory, vulnerability
systems | linux, ubuntu
Ubuntu Security Notice USN-5760-1
Posted Dec 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5760-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-5759-1
Posted Dec 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5759-1 - It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.10. It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Debian Security Advisory 5295-1
Posted Dec 5, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5295-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
Debian Security Advisory 5294-1
Posted Dec 5, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5294-1 - Jhead, a tool for manipulating EXIF data embedded in JPEG images, allowed attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50, -autorot or -ce option. In addition a buffer overflow error in exif.c has been addressed which could lead to a denial of service (application crash).

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
Debian Security Advisory 5293-1
Posted Dec 5, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
View Older Files →

Recent News

News RSS Feed
Four Suspects Cuffed, Face Extradition Over Tax Refund Scam Plot
Posted Dec 6, 2022

tags | headline, hacker, government, usa, cybercrime, fraud
CommonSpirit Confirms Network Accessed A Week Before Ransomware Attack
Posted Dec 6, 2022

tags | headline, hacker, privacy, data loss
Explainer: ChatGPT - What Is OpenAI's Chatbot And What Is It Used For?
Posted Dec 6, 2022

tags | headline, botnet, science
FBI Warning: This Ransomware Gang Has Hit Over 100 Targets And Made More Than $60 Million
Posted Dec 5, 2022

tags | headline, government, malware, usa, cybercrime, fraud, fbi, cryptography
AI Bot ChatGPT Stuns Academics With Essay Writing Skills / Usability
Posted Dec 5, 2022

tags | headline, botnet, science
Rackspace Customers Rage As Email Outage Continues
Posted Dec 5, 2022

tags | headline, email, denial of service
Journalist Sues NSO After Being Hacked By Pegasus Spyware
Posted Dec 5, 2022

tags | headline, privacy, malware, phone, fraud, israel, spyware
US Air Force Reveals The B-21 Raider Stealth Bomber
Posted Dec 3, 2022

tags | headline, government, usa, military
Rackspace Rocked By Security Incident
Posted Dec 3, 2022

tags | headline, hacker, email, denial of service
Darknet Markets Generate Millions In Revenue Selling Stolen Personal Data
Posted Dec 3, 2022

tags | headline, hacker, privacy, cybercrime, data loss, fraud
View More News →

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close