exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2022-05-31

MyBB Admin Control Remote Code Execution
Posted May 31, 2022
Authored by Christophe de la Fuente, Altelus, Cillian Collins | Site metasploit.com

This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a new setting, injecting the payload in the vulnerable field, and triggers its execution with a second request. Finally, it takes care of cleaning up and removes the setting. Note that authentication is required for this exploit to work and the account must have rights to add or update settings (typically, the myBB administrator role).

tags | exploit, arbitrary, php
advisories | CVE-2022-24734
SHA-256 | b59589e32d8e76fd8a874fc6ea8f9b40d067ee43017c9072165e2a8ca889d7de
Ubuntu Security Notice USN-5454-1
Posted May 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5454-1 - Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-8842, CVE-2022-26691
SHA-256 | a249405b5165a2372ebd7fe96d1ea75f86c214212f1fdb4f65cd57f2f2386409
Red Hat Security Advisory 2022-4824-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4824-01 - Fapolicyd implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-1117
SHA-256 | 63f46eb34147998a70eee563433b103d5b44d940adefab4f8053c0cbb6a7f417
Red Hat Security Advisory 2022-4814-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2020-0404, CVE-2020-13974, CVE-2020-19131, CVE-2020-27820, CVE-2020-35492, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634, CVE-2021-3669, CVE-2021-37159, CVE-2021-3737, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-3807, CVE-2021-39293, CVE-2021-4002
SHA-256 | de3fa8ee040cf6c28c1affa37a50086f48d77a4fce95eaf6d26445098ef47a20
Red Hat Security Advisory 2022-4818-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4818-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46658, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667, CVE-2022-27385
SHA-256 | 0ab816c0409818c434abf2a05a67d1962bc7a39d504eccbe13d907a00d8000f6
Red Hat Security Advisory 2022-4808-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4808-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon. It supports on-demand disk buffering, reliable syslog over TCP, SSL, TLS and RELP, writing to databases, email alerting, fully configurable output formats, the ability to filter on any part of the syslog message, on-the-wire message compression, and the ability to convert text files to syslog. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | 68173f6ada716e1aea998606f5823f010cefd5e6a1390ad47852b4863f5f9e4a
Red Hat Security Advisory 2022-2281-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2281-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.705.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2022-1271, CVE-2022-1677, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21698, CVE-2022-29036, CVE-2022-29046, CVE-2022-29599
SHA-256 | dcbf14fb19ab25d7f2d075610b14da178e9c1cebabd792bb117f04a6ed6e7627
Red Hat Security Advisory 2022-4835-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4835-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-20322, CVE-2021-4037, CVE-2022-27666
SHA-256 | 95e6988a22aa68f0965fe8c0ed0beb190a989b46f0cb37acca9c9c1cbf977f6e
Red Hat Security Advisory 2022-4807-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4807-01 - PostgreSQL is an advanced object-relational database management system.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1552
SHA-256 | 1524b4c65ae52a34aba64e454679b7f54723c6a0a1f56a84917242dede9728c9
Red Hat Security Advisory 2022-4816-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4816-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1227, CVE-2022-27649, CVE-2022-27651
SHA-256 | 9fa88e188095882b2a08b4bee02c459a7526543f826e9e99ebc12455fe29ab6b
Red Hat Security Advisory 2022-4829-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4829-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-20322, CVE-2021-4037, CVE-2022-27666
SHA-256 | ad0fd43064be22bb37ddd07867ae9d80aa8c4098cb6cb7b6d692807f50259921
Red Hat Security Advisory 2022-4809-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4809-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2022-27666
SHA-256 | 6c9fa73b99bf34dd383cf4aa43127c6c10d0793e5572f9b761e720b73cfb583f
Red Hat Security Advisory 2022-4834-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4834-01 - Expat is a C library for parsing XML documents. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-23852
SHA-256 | a92e3678495a4091a54c3b74932f7bb9617ab5fca4675c0b227fffa974d7d3fc
Red Hat Security Advisory 2022-2280-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2280-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-21698, CVE-2022-29036, CVE-2022-29046
SHA-256 | 2aaf580732c87ac7f6d5949297f4c4b4678bfd74c475f94aed437aad9388280d
Ubuntu Security Notice USN-5446-2
Posted May 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5446-2 - USN-5446-1 fixed a vulnerability in dpkg. This update provides the corresponding update for Ubuntu 16.04 ESM. Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-1664
SHA-256 | 09e0a2a5f3f508ae625251c9b9a3fed6af290d242230a27742b820979dde90ea
Red Hat Security Advisory 2022-4798-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4798-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-29599
SHA-256 | 1309389c0ebcfedcfe0cf3e2036ef5cec3b385ffa6c7f63fb2ee62b0c52e20f8
Microsoft Office MSDT Follina Proof Of Concept
Posted May 31, 2022
Authored by JMousqueton | Site github.com

Proof of concept for the remote code execution vulnerability in MSDT known as Follina.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-30190
SHA-256 | 53ac1f74816b206d64cdb03e581a54d26e7aad446de7be2e6ecd1af77d47ebc2
Ubuntu Security Notice USN-5453-1
Posted May 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5453-1 - It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-27406
SHA-256 | 56883280f88cec7accde50a1ed1210ebfcb156e7c5b2de7b72e48c1a713cb1be
Red Hat Security Advisory 2022-4805-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4805-01 - PostgreSQL is an advanced object-relational database management system.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1552
SHA-256 | 19e113c062e6d076e82801a44fc7c5a93c5bae4f5e50097cfe260fcc563d2a5f
Red Hat Security Advisory 2022-4771-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4771-01 - PostgreSQL is an advanced object-relational database management system.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1552
SHA-256 | f7bcaff63d1c0119178a96096d52f878afa95365ed319f815c8210aee497b542
Microsoft Follina Proof Of Concept
Posted May 31, 2022
Authored by onecloudemoji | Site github.com

Proof of concept exploit for the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability dubbed Follina.

tags | exploit, remote, code execution, proof of concept
systems | windows
advisories | CVE-2022-30190
SHA-256 | 21dda01f8e88aa4687f62848057799f68aeaf508af81b73f3368b5656c8f92fe
Red Hat Security Advisory 2022-4795-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4795-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | 85c6d5e5f18689658a3feba8334a5ca9f5ee4025d096c7ff8ad2c06bf04ba9df
Red Hat Security Advisory 2022-4803-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4803-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | caa995502c0716dd3e0b4c8882ef4649db32bbd054c2d5347d136d6f14f1019c
Red Hat Security Advisory 2022-4797-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4797-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-29599
SHA-256 | 9c64a3ea568a1fafef9d50e3f7ba25a5f9bf6596c3a4390eccf7feae5c3823f0
Fast Food Ordering System 1.0 Cross Site Scripting
Posted May 31, 2022
Authored by Ashish Kumar

Fast Food Ordering System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f7e3bfe2b6055902c2854c036cbb8c36e7bf630d5e1d2ceaaf2629e5cb4d4c8d
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close