exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2022-05-04

SAP NetWeaver Java Denial Of Service
Posted May 4, 2022
Authored by Gaston Traberg | Site onapsis.com

SAP NetWeaver JAVA suffers from a denial of service vulnerability.

tags | advisory, java, denial of service
advisories | CVE-2021-33670
SHA-256 | 4632f9be44ccaa2efca82c98f86d41ea94dd06ef2c9411c43995ace0d230acca
SAP Web Dispatcher HTTP Request Smuggling
Posted May 4, 2022
Authored by Yvan Genuer, Martin Doyhenard | Site onapsis.com

SAP Web Dispatcher suffers from an HTTP request smuggling vulnerability.

tags | exploit, web
advisories | CVE-2021-38162
SHA-256 | 13d3e2b23a840dab61234f2b6d3787259a7efde984a35e90339e0cdc4c879d9a
Red Planet Laundry Management System 1.0 SQL Injection
Posted May 4, 2022
Authored by nu11secur1ty

Red Planet Laundry Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fb9ca577051e583a14d2a46cbefa9a6c1b563f29cdf20a68500709adaf8dd589
Ubuntu Security Notice USN-5395-2
Posted May 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5395-2 - USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
SHA-256 | 58fe6e09901d65da7bbfb1aa330e18a95af76b41553f7b19884769fb5ddd04cf
Red Hat Security Advisory 2022-1703-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1703-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | 230ff02f7936f3f77f79f17fd25cd6d07f6a93173fe70e7f6a333b5528de873f
Ubuntu Security Notice USN-5401-1
Posted May 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5401-1 - Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An attacker could use this issue to cause DPDK to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that DPDK incorrectly handled inflight type messages. An attacker could possibly use this issue to cause DPDK to consume resources, leading to a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3839, CVE-2022-0669
SHA-256 | 0c60a1f895a3ce054f03d56b5bce1371c5b1df054e25a3d1589b048b89fe829f
Ubuntu Security Notice USN-5402-1
Posted May 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5402-1 - Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote attacker could possibly use this issue to spoof certain response signing certificates. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, remote, arbitrary, local, spoof
systems | linux, ubuntu
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
SHA-256 | 9f908328ff337686f5d5cffc66667d81dbd3b4ce35629e2bd3050e7444f1fd8b
Red Hat Security Advisory 2022-1701-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1701-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | aad502cd0feac0eb4e5d7ac124154faa33a8c8a8cfbfa5268f1045d39c7ebc86
Red Hat Security Advisory 2022-1708-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1708-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-27023, CVE-2021-27025
SHA-256 | e1b34880dffb776e78d1e49efd19ad513c2b6f025d948204677d58d0bfa6da1e
Red Hat Security Advisory 2022-1705-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1705-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | aa9f0f924bdac14b1c47f73b18e83ecb26fffb9f2b986c0081a7680af70c15d1
Red Hat Security Advisory 2022-1709-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1709-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 serves as a replacement for Red Hat Single Sign-On 7.5.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a privilege escalation vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-1245
SHA-256 | 79f5afdb9bcc7fcd0cf132f14b43aa98963346c428221f07fd67a2e6419c195f
Red Hat Security Advisory 2022-1622-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1622-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.57.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-8647, CVE-2020-8649, CVE-2022-0435, CVE-2022-0711, CVE-2022-0778, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-24407, CVE-2022-24769, CVE-2022-25173, CVE-2022-25174, CVE-2022-25175, CVE-2022-25176, CVE-2022-25177, CVE-2022-25178, CVE-2022-25179, CVE-2022-25180, CVE-2022-25181, CVE-2022-25182, CVE-2022-25183, CVE-2022-25184, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | c6bbb6c8c7f4807bed808b409a1979c9c7ff636de3be398e6d437bf3aaece474
Red Hat Security Advisory 2022-1702-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1702-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | 3982174c71d30f0db5bb7f7d3ef83158b4804bc28a358964575e2dbcaddd5772
Red Hat Security Advisory 2022-1704-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1704-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | bce6087615565bbf4671d8ed8038a00992d0a52f6a2637888b47f4b8d7a4e9ae
Red Hat Security Advisory 2022-1712-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1712-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 on RHEL 8 serves as a security patch for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a privilege escalation vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-1245
SHA-256 | aa792fb01f5da492d5013bdcc3ab246a6de690b5285abe31adaa4d6fafd69ddd
Red Hat Security Advisory 2022-1711-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1711-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 on RHEL 7 serves as a security patch for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a privilege escalation vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-1245
SHA-256 | 91b07833db9016ac32090462252eeb393f506eccde76fd372a59df62abb448ca
Ubuntu Security Notice USN-5400-2
Posted May 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5400-2 - USN-5400-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-21417, CVE-2022-21454
SHA-256 | aa67ee1390075ee2c2ef4117f3225361db8c27f250f5f174a46605ab20e0d51c
Clam AntiVirus Toolkit 0.105.0
Posted May 4, 2022
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Starting with ClamAV v0.105, the Rust toolchain is required to compile ClamAV. Increased the default limits for file-size and scan-size. Added image fuzzy hash subsignatures for logical signatures. Updated the LLVM bytecode runtime support so that it can use LLVM versions 8 through 12 and removed support for earlier LLVM versions. Added a GenerateMetadataJson option to ClamD. Various other updates.
tags | tool, virus
systems | unix
SHA-256 | 270203a54c458049db54fcd93683ff5b2db19151f363c48e82cecefdde2b35d4
Ubuntu Security Notice USN-5390-2
Posted May 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5390-2 - David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-1015, CVE-2022-1016, CVE-2022-26490
SHA-256 | 360e866dc51e067344a3c2f5e702ffdd692299bf8bc29ec6c987ef25420ab7d1
Red Hat Security Advisory 2022-1681-01
Posted May 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1681-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.4 General Availability release images. This update provides security fixes, bug fixes, and updates container images. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23555, CVE-2021-4028, CVE-2021-4115, CVE-2021-43565, CVE-2022-0155, CVE-2022-0235, CVE-2022-0536, CVE-2022-0613, CVE-2022-1154, CVE-2022-1271, CVE-2022-1365, CVE-2022-21803, CVE-2022-24450, CVE-2022-24723, CVE-2022-24771, CVE-2022-24772, CVE-2022-24773, CVE-2022-24785, CVE-2022-25636
SHA-256 | 1bee26055b1d06a4bc9715b98ed40f38564faecb40aaae8083d0ca2eed4c2283
Ransom.WannaCry MVID-2022-0582 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

WannaCry ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL to execute our own code in order to control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products, the malware vulnerability does the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 75c864ef881d1530855d950ce35620da320dafb0cebe2d176ad34757f23f3194
REvil.Ransom MVID-2022-0581 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

REvil ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code in order to control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signature or third-party products as the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 07f3d9e3cb24992e24316fe7f8e41fc64fee499196a59b0f4d1594fec2186777
Ransom.Conti MVID-2022-0580 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code to control and terminate the malware pre-encryption. The exploit dll will check if the current directory is "C:\Windows\System32". If not, we grab our process ID and terminate. We do not need to rely on hash signature or third-party products, the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 9cc7ba098e7d73f1ba5a406536afb6daff209000bfc578d3f4921cd931a7e23f
Conti.Ransom MVID-2022-0579 Code Execution
Posted May 4, 2022
Authored by malvuln | Site malvuln.com

Conti ransomware looks for and loads a DLL named "wow64log.dll" in Windows\System32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). Our Conti.Ransom exploit DLL must export the "InterlockedExchange" function or it fails with an error. We do not need to rely on hash signature or third-party products, the malware vulnerability will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | aa9ce885d596135e2fe0d53ecbaf0150134e9b1069abbd9201051712bdcaffad
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close