what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 370 RSS Feed

Files Date: 2022-09-01 to 2022-09-30

Ubuntu Security Notice USN-5647-1
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33655, CVE-2022-1729, CVE-2022-2503, CVE-2022-32296, CVE-2022-36946
SHA-256 | f646132213ac5199fd0835b743af47740f9030b83556dc9ad35a5af5da00ade0
Ubuntu Security Notice USN-5615-2
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5615-2 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-35525
SHA-256 | ee761ef6e19d379bce5560d3dfb6533fa06c67a12017651e03a872648746a6fb
Red Hat Security Advisory 2022-6741-01
Posted Sep 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-1729
SHA-256 | 058d93ee15c69d7a7c5f8f0f0aece4f72c2f05b24cb23c11dc1b8bae327307e0
qdPM 9.1 Authenticated Shell Upload
Posted Sep 29, 2022
Authored by Rishal Dwivedi, Leon Trappett, Giacomo Casoni | Site metasploit.com

A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

tags | exploit, remote, php, code execution
advisories | CVE-2015-3884, CVE-2020-7246
SHA-256 | 41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371
TestSSL 3.0.8
Posted Sep 29, 2022
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Major update of client simulation. Update of certificate stores. About a dozen bug fixes and various other updates.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 22c5dc6dfc7500db94b6f8a48775f72b5149d0a372b8552ed7666016ee79edf0
Joomla AdsManager 3.2.0 SQL Injection
Posted Sep 29, 2022
Authored by CraCkEr

Joomla AdsManager extension version 3.2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d94efabfad9904e592ec82124c03316f4ce8b774ae57879750a98a1445884262
Bus Pass Management System 1.0 Cross Site Scripting
Posted Sep 29, 2022
Authored by Ali Alipour

Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 54b5f2852b454991cb45a80382823090c9ab28550870d5b5a1a6ae83964d87e3
Ubuntu Security Notice USN-5646-1
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5646-1 - Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-7945
SHA-256 | 46c4a791137670f7e5bdbac84f1b17ad4b368c2214d2709f79e8c9bd7c67e379
SIPPTS 3.2
Posted Sep 29, 2022
Authored by Pepelux | Site github.com

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Python script and it allows us to check the security of a VoIP server using SIP protocol, over UDP, TCP and TLS protocols.

Changes: Many parameter additions. A few modules added. Various other bug fixes and improvements.
tags | tool, udp, telephony, tcp, protocol, python
systems | unix
SHA-256 | 3ede5028958a1effbe95fce1926ba0492f4dc037dcfa74011730bc24129aa41b
Ubuntu Security Notice USN-5645-1
Posted Sep 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5645-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23214, CVE-2021-32027
SHA-256 | fa94546c58f17991b5a646049ec8ec30cd923dd7fcf8ea2301f30eeeb7d86f13
Online Examination System 1.0 SQL Injection
Posted Sep 29, 2022
Authored by Yousef Alraddadi

Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | dba8c93e85cd1df6195d39d4a331df0a884b158c86b28ffa00bd3dea43e7b6ba
Joomla EDocman 1.23.3 Cross Site Scripting
Posted Sep 29, 2022
Authored by CraCkEr

Joomla EDocman extension version 1.23.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7b56a9d176668a085432fd6441efba2f1cb355a86dd6f94e9c5fcdce3437fd1e
Online Examination System 1.0 Cross Site Scripting
Posted Sep 29, 2022
Authored by Yousef Alraddadi

Online Examination System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2cedda0df4347ed510cf540f0c12e96dc76e73743d9ba1ef37fba000b2d31b53
monomorph MD5-Monomorphic Shellcode Packer
Posted Sep 29, 2022
Authored by Retr0id | Site github.com

This tool packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401. Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5.

tags | tool, x86, shellcode
systems | linux, unix
SHA-256 | 1401bc41094d6c399524f490182dedc77295916d73ec25d4c7ea3751f754d6cc
Debian Security Advisory 5223-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5223-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-3050, CVE-2022-3051
SHA-256 | eaccf2c4f13785f27ea55d281296ec9a704251dbe2c16cc511b155f0d5dbc78f
Debian Security Advisory 5224-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5224-1 - Two vulnerabilities were discovered in poppler, a PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file or JBIG2 image is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2022-27337, CVE-2022-38784
SHA-256 | fff5c555e685acd923ce1cd2043a40d9c2db36d0eed0627070038e954e24e95c
Debian Security Advisory 5225-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5225-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2022-3075
SHA-256 | 98a8f68e6eeb765491847e5b3440d501a6818cac4dc84af5724f091a2bc33174
Debian Security Advisory 5226-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5226-1 - Two security issues were discovered in pcs, a corosync and pacemaker configuration tool.

tags | advisory
systems | linux, debian
advisories | CVE-2022-1049, CVE-2022-2735
SHA-256 | 6063675b6309f8ba39ab444e7fce5c743b477418ff598c15909fc9e571447b45
Debian Security Advisory 5227-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5227-1 - It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution. This can lead to a denial of service or even the execution of arbitrary code.

tags | advisory, java, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2022-25647
SHA-256 | b6af2512c97e2e986859b67b105cb3eb62cba8bf639bf250fd2d00129989f97f
Debian Security Advisory 5228-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5228-1 - Several vulnerabilities were discovered in gdk-pixbuf, the GDK Pixbuf library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2021-44648, CVE-2021-46829
SHA-256 | 2779b19645046756f046040b839f7910204298a4f8304bb68cd29482f89ab133
Debian Security Advisory 5229-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5229-1 - Two vulnerabilities were discovered in FreeCAD, a CAD/CAM program, which could result in the execution of arbitrary shell commands when opening a malformed file.

tags | advisory, arbitrary, shell, vulnerability
systems | linux, debian
advisories | CVE-2021-45844, CVE-2021-45845
SHA-256 | e221b714aa252c043fe261bba268b9bb76b8a4565c7895307eb7ff13412d67b8
Debian Security Advisory 5230-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5230-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2022-3195, CVE-2022-3196, CVE-2022-3197, CVE-2022-3198, CVE-2022-3199, CVE-2022-3200, CVE-2022-3201
SHA-256 | 8340f3ab3bae220f6698fed84dcfba3c97ba7964c3362899da056ede5c1f36ab
Debian Security Advisory 5231-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5231-1 - Several vulnerabilities were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2022-23096, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293
SHA-256 | ce4def7ac6b137a13c8cf721dd5db4140415515ed52baee6a0d76baf78234bf0
Debian Security Advisory 5232-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5232-1 - It was discovered that the wordexp() function of tinygltf, a library to load/save glTF (GL Transmission Format) files was susceptible to command execution when processing untrusted files.

tags | advisory
systems | linux, debian
advisories | CVE-2022-3008
SHA-256 | 6d3bf5420ed67b1fc16a49e517a64ee582d74c3582eaa12ad4ef5cb2c1800fce
Debian Security Advisory 5233-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5233-1 - Maher Azzouzi discovered that missing input sanitising in the Enlightenment window manager may result in local privilege escalation to root.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2022-37706
SHA-256 | 038bc6131b6fd2cfa407d7ba8198b1856f3aa45cd0d7b1b66c8e56e410074926
Page 1 of 15
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close