what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2022-03-31

Ubuntu Security Notice USN-5359-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5359-1 - Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-25032
SHA-256 | d86fd6c18100320089eb6c892b3934a7fd83a90dab64630caba832caecfe673f
Spring Cloud Function SpEL Injection
Posted Mar 31, 2022
Authored by Spencer McIntyre, m09u3r, hktalent | Site metasploit.com

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 server error and a JSON encoded message.

tags | exploit, remote, code execution
advisories | CVE-2022-22963
SHA-256 | 191fd2ef6dcf8a98bc701657de72fbfe2250e9ec9091b7372a38ea1abcff6241
Ubuntu Security Notice USN-5356-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5356-1 - Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-12594, CVE-2019-7165
SHA-256 | e3839ee571468680b81112957309e74a8af6ee0fa66b2e646caf9672ba1cf90f
IdeaRE RefTree Path Traversal
Posted Mar 31, 2022
Authored by Savino Sisco

IdeaRE RefTree versions prior to 2021.09.17 suffer from a path traversal vulnerability.

tags | exploit
advisories | CVE-2022-27248
SHA-256 | 6c01288d24fb06203fba1bbb4a1569c7c1519c40ba0e613d0c951377f72407e7
IdeaRE RefTree Shell Upload
Posted Mar 31, 2022
Authored by Savino Sisco

IdeaRE RefTree versions prior to 2021.09.17 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2022-27249
SHA-256 | 7a1f36a186daaabfb1cb5a35f53c2411f1ac4fc02655a8038cdac234c32dd9fd
Ubuntu Security Notice USN-5358-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5358-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-1055, CVE-2022-27666
SHA-256 | 6014beb1c2288fa564666e3a8cc2728d4f9100f4d4f9d8585a4f7e619cce7702
Chrome DeserializeFromMessage Validation Issue
Posted Mar 31, 2022
Authored by Google Security Research, Glazvunov

Chrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.

tags | exploit
advisories | CVE-2022-0797
SHA-256 | f016c2cc33607e475f4fb0feaf3b97c31f557eea1cb21d5c1b76fc4fa4ad9003
Ubuntu Security Notice USN-5357-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5357-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27666
SHA-256 | d5cfae3dd3a1ace57560baad4ec8506d71d870b74dea62b48667b6febe4c77db
Ubuntu Security Notice USN-5355-2
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5355-2 - USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-25032
SHA-256 | bd7bd9de57a4bed18909c272ff1654178c42449228d7c6020d29b7ecf83a4081
EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path
Posted Mar 31, 2022
Authored by Shahrukh Iqbal Mirza

EG Free AntiVirus version 2020 suffers from an unquoted service path vulnerability that can lead to privilege escalation.

tags | exploit
advisories | CVE-2021-46439
SHA-256 | f5afeadbe9a6dd42729251f44605027c495f8ca53f5077f1ef0566b30d207ffd
Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path
Posted Mar 31, 2022
Authored by Asim Sattar

Spoofer version 1.4.6 suffers from an unquoted service path vulnerability that can lead to privilege escalation.

tags | exploit
advisories | CVE-2021-46443
SHA-256 | 6e36f8ead3bb9754bebd29f1138b16de9f85c211a2321e246d8956e9be5fe982
Ubuntu Security Notice USN-5355-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5355-1 - Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-25032
SHA-256 | 23634ab2e48f0bdf4e10ce11f4dbd2b9a409a2e06ec401c9576d2434ceac9f05
Ubuntu Security Notice USN-5354-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5354-1 - It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use this issue to cause Twisted to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2022-21712, CVE-2022-21716
SHA-256 | 28a1644f437a131ccaec80f877806282a493d263fdc6b3e0fd3064a659d80b35
Medical Hub Directory Site 1.0 SQL Injection
Posted Mar 31, 2022
Authored by Hejap Zairy

Medical Hub Directory Site version 1.0 suffers from a remote blind SQL injection vulnerability. This research was submitted on the same day Packet Storm received similar findings from Saud Alenazi.

tags | exploit, remote, sql injection
SHA-256 | 485f05f134b2d3819d19208535bf09e2d66a1a262580141bc9a9964b00e68204
Message System 1.0 SQL Injection
Posted Mar 31, 2022
Authored by Hejap Zairy

Message System version 1.0 suffers from a remote SQL injection vulnerability that can lead to remote code execution.

tags | exploit, remote, code execution, sql injection
SHA-256 | f726216137cb25cc61ebd0212e3d991811ebe3e9be1b4d7c85db6f64b5cdf1be
Message System 1.0 Cross Site Scripting
Posted Mar 31, 2022
Authored by Hejap Zairy

Message System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4f43e6605407609b1bcdd1c5a3be22479cef1d68b174b04b20a647976713db71
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close