exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2022-09-19

Ubuntu Security Notice USN-5617-1
Posted Sep 19, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5617-1 - It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-0543, CVE-2020-11739, CVE-2020-11742, CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601
SHA-256 | 650005c21b26b7970b9035b36b8dca3aa7d9fbba307cbcf7d4eded34c754cfb8
Ubuntu Security Notice USN-5613-2
Posted Sep 19, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5613-2 - USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression. It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2022-0943, CVE-2022-1154, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
SHA-256 | 002c02114fee54074c33b853c60e7bab399be235d6002d18845e35b96a8f5d54
VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload
Posted Sep 19, 2022
Authored by Edd13Mora

VIAVIWEB Wallpaper Admin suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 2adfb8f70f50742a66bf5ad5b7a1bccff06637cf13ee52a9534547c07ead30ed
Ubuntu Security Notice USN-5616-1
Posted Sep 19, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5616-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33061, CVE-2022-1729, CVE-2022-1852, CVE-2022-1943, CVE-2022-1973, CVE-2022-2503, CVE-2022-2873, CVE-2022-2959
SHA-256 | 480c1cb29e7c2e73e7609ec70dbc18c52181780c5a281e11ecbd77c9689870c2
SoX 14.4.2 Division-By-Zero / Denial Of Service
Posted Sep 19, 2022
Authored by LiquidWorm | Site zeroscience.mk

SoX versions 14.4.2 and below suffer from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

tags | exploit, denial of service
SHA-256 | de24687825a9cff7e5ad1404c4b0d0dc865d45066f152f4d7a7a508384aca180
Red Hat Security Advisory 2022-6551-01
Posted Sep 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1012, CVE-2022-2132, CVE-2022-2526, CVE-2022-2588, CVE-2022-29154, CVE-2022-32250
SHA-256 | b6b288369992a125e61cf713243fbc771ddaa180c88cffe38888b1fae6e5a6e9
PhotoSync 4.7 Local File Inclusion
Posted Sep 19, 2022
Authored by Chokri Hammedi

PhotoSync version 4.7 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f5e6b3cd183e91afacf647b3547160e0d93026087e059f1843c8761cd5e32985
Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion
Posted Sep 19, 2022
Authored by Chokri Hammedi

Owlfiles File Manager version 12.0.1 suffers from local file inclusion and path traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 5e1df728b64bebf1797218fca034b9eeed532e773c31131307d679d65b406b40
Red Hat Security Advisory 2022-6541-01
Posted Sep 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6541-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | 31e06af192874dd30d3a85b7cb09c29d3a3dcfb884ab079d8e1ed05690b96675
OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection
Posted Sep 19, 2022
Authored by Saud Alenazi

OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4463bea9399b42e27cadceb696475f29a869f99cd0cfa6c5ded3a40898daf09c
WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting
Posted Sep 19, 2022
Authored by Mariam Tariq

WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dd8e52981b226511a35efc2482778941e5de97075699192860753ae706085694
Genesys PureConnect Cross Site Scripting
Posted Sep 19, 2022
Authored by Jake Murphy

Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-37775
SHA-256 | 2232d00fcafe4584b543e46f696b904d45b43d8ecf53a41949a52a39eaffc149
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close