what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2022-10-10

Verbatim Store 'n' Go Secure Portable SSD Behavior Violation
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual.

tags | advisory
advisories | CVE-2022-28386
SHA-256 | 08145b3fed5af98f2c1a58867fcffc5c6a963943711eed8b147ca33d079c84b8
Verbatim Store 'n' Go Secure Portable SSD Missing Trust
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16).

tags | advisory
advisories | CVE-2022-28383
SHA-256 | d39be10e67c9b627d81d5563e3043fc1643ed064d12773022e54946e4d13c40c
Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 94cc2f212c629f6d55adb277c12c057ade203121d15ef2c833dae91f93644f56
cryptmount Filesystem Manager 6.1.0
Posted Oct 10, 2022
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Improved udev settling schedule and filesystem syncs. Added partial support for compiling against libgcrypt-1.7. Improved waiting schedule for inter-process status locks. Improved stability of tests against legacy cryptsetup. Revised installation instructions and top-level README.
tags | tool, kernel, encryption
systems | linux, unix
SHA-256 | cb09812e715283fd816089d6cd20936b59f7d295e366511d1becfd7600a8fda9
Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that it uses an insecure design which allows for offline brute-force attacks against the passcode.

tags | advisory
advisories | CVE-2022-28384
SHA-256 | 1eec8f74130bb65d97f78635534eca25e6988ba281f9bc35cc664431829d03d5
Linux munmap() Race Condition / Use-After-Free
Posted Oct 10, 2022
Authored by Jann Horn, Google Security Research

Linux has an issue with munmap() racing with pagemap_read() that leads to a page use-after-free vulnerability.

tags | exploit
systems | linux
SHA-256 | 6e43fff37a6d90cd02b391b72b480aba2d74433d269f96e0cefcf585c8e51dd3
Ubuntu Security Notice USN-5663-1
Posted Oct 10, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5663-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2022-2505, CVE-2022-3033, CVE-2022-36059, CVE-2022-38472, CVE-2022-38473, CVE-2022-38478
SHA-256 | 5d417882b893554479d243c67bc2323a3771d183d3f6e6c7e569dc66402ce42b
Ubuntu Security Notice USN-5371-3
Posted Oct 10, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5371-3 - USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains.

tags | advisory, remote, web, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2020-11724, CVE-2020-36309, CVE-2021-3618
SHA-256 | 172bbfa6d06525617f861427837c834d50db4e0869fba08cb19ab97e37f938d0
Online Shopping System Advanced 1.0 SQL Injection
Posted Oct 10, 2022
Authored by nu11secur1ty

Online Shopping System Advanced version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 414cc67f4209b57356f9ca16624a2e64af6e26d684e648648322df2fd6099299
WordPress eCommerce Product Catalog 3.0.70 Cross Site Scripting
Posted Oct 10, 2022
Authored by CraCkEr

WordPress eCommerce Product Catalog plugin version 3.0.70 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ff0d4cb24a195001f9420d783d0f4dbe60d91a2f4bb3d79cf0528ac2abf2e381
WordPress / Joomla JReviews 4.1.5 Cross Site Scripting
Posted Oct 10, 2022
Authored by CraCkEr

WordPress / Joomla JReviews extension version 4.1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5f56ff53ac01d00b3e875810f6f2f7c40afb167fad4d546dc4eaf52c382b8db3
Joomla Vik Rent Car 1.14 Cross Site Scripting
Posted Oct 10, 2022
Authored by CraCkEr

Joomla Vik Rent Car extension version 1.14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 91a94dd5d7c69c603cbfeff6f381e9f35e53cab8a5aedb4c5ff433b9f93cd5a7
Web Based Student Clearance 1.0 Shell Upload
Posted Oct 10, 2022
Authored by Akash Pandey

Web Based Student Clearance version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, web, shell
advisories | CVE-2022-3436
SHA-256 | ac7df912113c209e4aa92b944d9b94db3f34c974d4195900b8a821b928f931f6
Crealogix EBICS Cross Site Scripting
Posted Oct 10, 2022
Authored by Tobias Ospelt | Site pentagrid.ch

During a penetration test of an Electronic Banking Internet Communication Standard (EBICS) environment, Pentagrid observed a cross site scripting vulnerability in the EBICS banking implementation developed by CREALOGIX AG and used by many banks.

tags | exploit, xss
SHA-256 | 8e15b109c84728b0304ea4b1b455ab2f70b32bdf220df264c8ce537fcfab3838
Zentao Project Management System 17.0 Remote Code Execution
Posted Oct 10, 2022
Authored by mister0xf

Zentao Project Management System version 17.0 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 6068601aabffdd4fabb666c2f1c6f5b6a98c2cfa8a37e38ec60bd46de8f8505d
macOS 12.3.1 Local Root
Posted Oct 10, 2022
Authored by zhuowei | Site worthdoingbadly.com

This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.

tags | exploit, root, proof of concept
advisories | CVE-2022-26763, CVE-2022-26766
SHA-256 | 42264f6011010d1ea9305f22c2f23628b9337624b236c163e1a40b0e1273560f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close