what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2022-09-29

Ubuntu Security Notice USN-5647-1
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33655, CVE-2022-1729, CVE-2022-2503, CVE-2022-32296, CVE-2022-36946
SHA-256 | f646132213ac5199fd0835b743af47740f9030b83556dc9ad35a5af5da00ade0
Ubuntu Security Notice USN-5615-2
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5615-2 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-35525
SHA-256 | ee761ef6e19d379bce5560d3dfb6533fa06c67a12017651e03a872648746a6fb
Red Hat Security Advisory 2022-6741-01
Posted Sep 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-1729
SHA-256 | 058d93ee15c69d7a7c5f8f0f0aece4f72c2f05b24cb23c11dc1b8bae327307e0
qdPM 9.1 Authenticated Shell Upload
Posted Sep 29, 2022
Authored by Rishal Dwivedi, Leon Trappett, Giacomo Casoni | Site metasploit.com

A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

tags | exploit, remote, php, code execution
advisories | CVE-2015-3884, CVE-2020-7246
SHA-256 | 41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371
TestSSL 3.0.8
Posted Sep 29, 2022
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Major update of client simulation. Update of certificate stores. About a dozen bug fixes and various other updates.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 22c5dc6dfc7500db94b6f8a48775f72b5149d0a372b8552ed7666016ee79edf0
Joomla AdsManager 3.2.0 SQL Injection
Posted Sep 29, 2022
Authored by CraCkEr

Joomla AdsManager extension version 3.2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d94efabfad9904e592ec82124c03316f4ce8b774ae57879750a98a1445884262
Bus Pass Management System 1.0 Cross Site Scripting
Posted Sep 29, 2022
Authored by Ali Alipour

Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 54b5f2852b454991cb45a80382823090c9ab28550870d5b5a1a6ae83964d87e3
Ubuntu Security Notice USN-5646-1
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5646-1 - Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-7945
SHA-256 | 46c4a791137670f7e5bdbac84f1b17ad4b368c2214d2709f79e8c9bd7c67e379
SIPPTS 3.2
Posted Sep 29, 2022
Authored by Pepelux | Site github.com

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Python script and it allows us to check the security of a VoIP server using SIP protocol, over UDP, TCP and TLS protocols.

Changes: Many parameter additions. A few modules added. Various other bug fixes and improvements.
tags | tool, udp, telephony, tcp, protocol, python
systems | unix
SHA-256 | 3ede5028958a1effbe95fce1926ba0492f4dc037dcfa74011730bc24129aa41b
Ubuntu Security Notice USN-5645-1
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5645-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23214, CVE-2021-32027
SHA-256 | fa94546c58f17991b5a646049ec8ec30cd923dd7fcf8ea2301f30eeeb7d86f13
Online Examination System 1.0 SQL Injection
Posted Sep 29, 2022
Authored by Yousef Alraddadi

Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | dba8c93e85cd1df6195d39d4a331df0a884b158c86b28ffa00bd3dea43e7b6ba
Joomla EDocman 1.23.3 Cross Site Scripting
Posted Sep 29, 2022
Authored by CraCkEr

Joomla EDocman extension version 1.23.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7b56a9d176668a085432fd6441efba2f1cb355a86dd6f94e9c5fcdce3437fd1e
Online Examination System 1.0 Cross Site Scripting
Posted Sep 29, 2022
Authored by Yousef Alraddadi

Online Examination System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2cedda0df4347ed510cf540f0c12e96dc76e73743d9ba1ef37fba000b2d31b53
monomorph MD5-Monomorphic Shellcode Packer
Posted Sep 29, 2022
Authored by Retr0id | Site github.com

This tool packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401. Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5.

tags | tool, x86, shellcode
systems | linux, unix
SHA-256 | 1401bc41094d6c399524f490182dedc77295916d73ec25d4c7ea3751f754d6cc
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close