exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-6730-1
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6730-1 - It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code.

tags | advisory, arbitrary, shell
systems | linux, ubuntu
Debian Security Advisory 5656-1
Posted Apr 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5656-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path
Posted Apr 12, 2024
Authored by Joseph Kwabena Fiagbor

Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability.

tags | exploit
Ubuntu Security Notice USN-6729-1
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

tags | advisory, remote, web
systems | linux, ubuntu
Ray OS 2.6.3 Command Injection
Posted Apr 12, 2024
Authored by Fire_Wolf

The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.

tags | exploit, arbitrary, shell, root
Ubuntu Security Notice USN-6727-2
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
WordPress Playlist For Youtube 1.32 Cross Site Scripting
Posted Apr 12, 2024
Authored by Erdemstar

WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MinIO Privilege Escalation
Posted Apr 12, 2024
Authored by Jenson Zhao

MinIO versions prior to 2024-01-31T20-20-33Z suffer from a privilege escalation vulnerability.

tags | exploit
Red Hat Security Advisory 2024-1795-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1795-03 - VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-1789-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1789-03 - An update for bind is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-1787-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1787-03 - An update for squid is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2024-1786-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1786-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
Red Hat Security Advisory 2024-1785-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1785-03 - An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-1784-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1784-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
TOR Virtual Network Tunneling Tool 0.4.8.11
Posted Apr 11, 2024
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is a minor release mostly to upgrade the fallbackdir list. Worth noting also that directory authority running this version will now automatically reject relays running the end of life 0.4.7.x version.
tags | tool, remote, local, peer2peer
systems | unix
Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure
Posted Apr 11, 2024
Authored by Clement Cruchet

An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full rights and privileges.

tags | exploit
Ubuntu Security Notice USN-6727-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.

tags | advisory, remote
systems | linux, ubuntu
OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue
Posted Apr 11, 2024
Authored by Martin Heiland

OX App Suite version 7.10.6 suffers from cross site scripting and deserialization vulnerabilities.

tags | advisory, vulnerability, xss
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect
Posted Apr 11, 2024
Authored by Andrey Stoykov

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
Ubuntu Security Notice USN-6728-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
Posted Apr 11, 2024
Authored by Georgios Tsimpidas, Frey

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.

tags | exploit, remote, php, file upload
Red Hat Security Advisory 2024-1781-03
Posted Apr 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1781-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-1780-03
Posted Apr 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1780-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2024-1752-03
Posted Apr 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1752-03 - An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
View Older Files →

Recent News

News RSS Feed
LockBit Copycat DarkVault Spurs Rebranding Rumor
Posted Apr 12, 2024

tags | headline, hacker, malware, cybercrime, fraud, cryptography
French Issue Alerte Rouge After Local Govs Knocked Offline By Cyberattack
Posted Apr 12, 2024

tags | headline, government, denial of service, france
Apple Drops Term State-Sponsored Attacks From Its Threat Notification Policy
Posted Apr 11, 2024

tags | headline, government, privacy, phone, india, cyberwar, spyware, apple
Google Cloud Unveils New AI-Powered Security Capabilities
Posted Apr 11, 2024

tags | headline, botnet, google
Fortinet Patches FortiClientLinux Critical RCE Vulnerability
Posted Apr 11, 2024

tags | headline, flaw, patch
Global Taxi Software Vendor Exposes Details Of Nearly 300K Across UK And Ireland
Posted Apr 11, 2024

tags | headline, privacy, britain, data loss, ireland
Ukrainian Hackers Launch Cyberattacks On Moscow Sewage System
Posted Apr 11, 2024

tags | headline, hacker, government, russia, cyberwar, scada, ukraine
Speed Of AI Development Is Outpacing Risk Assessment
Posted Apr 10, 2024

tags | headline, flaw, science
Peter Higgs, Father Of The God Particle, Dies At 94
Posted Apr 10, 2024

tags | headline, data loss, science
DOJ Data On 340,000 Individuals Stolen
Posted Apr 10, 2024

tags | headline, hacker, government, privacy, usa, data loss, identity theft
View More News →

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close