exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 339 RSS Feed

Files Date: 2022-10-01 to 2022-10-31

Zed Attack Proxy 2.12.0 Cross Platform Package
Posted Oct 28, 2022
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: This is a bug fix and enhancement release, which now requires a minimum of Java 11.
tags | tool, web, vulnerability
SHA-256 | 47c6b7a73e6192c7cd6b1ed15afa95205a501cdfca1be990dfbd340dec4f9a99
Ubuntu Security Notice USN-5705-1
Posted Oct 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5705-1 - Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. It was discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service.

tags | advisory, denial of service, info disclosure
systems | linux, ubuntu
advisories | CVE-2022-3570, CVE-2022-3598
SHA-256 | 0e0e0b478ae1ff232568c8d098dc7e94b9549adef2017da35830d5fbba1803f8
Debian Security Advisory 5262-1
Posted Oct 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5262-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932
SHA-256 | 8f15b0a0c9534aef31dc0a87051c8ada2ae71781c06dd0b6094be4c1470ff4f9
Ubuntu Security Notice USN-5706-1
Posted Oct 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5706-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-4159, CVE-2022-20369, CVE-2022-2318, CVE-2022-26365, CVE-2022-26373, CVE-2022-3176, CVE-2022-33740, CVE-2022-33742, CVE-2022-33744, CVE-2022-36879
SHA-256 | 7aaa31ceef76ec8bdfbe0b205ddec2f0fbf8452e3b09e76f3ff397adbff1ccef
Ubuntu Security Notice USN-5704-1
Posted Oct 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
SHA-256 | 3b7661dce0a387bad1abfb33d63f80542dfc66b02ee51a97fa6a98913cd1fcc3
Siemens APOGEE PXC / TALON TC Authentication Bypass
Posted Oct 28, 2022
Authored by RoseSecurity

APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers and TALON TC BACnet Automation Controllers. With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or channel to access hidden directories in the web server. All versions prior to 3.5 are affected.

tags | exploit, web, python
advisories | CVE-2017-9947
SHA-256 | 9cdea8ef198269714420f4181480f5f779bae0a4ceba444e0d250e3b4071220a
Red Hat Security Advisory 2022-7143-01
Posted Oct 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-33193, CVE-2021-36160, CVE-2021-39275, CVE-2021-41524, CVE-2021-44224, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852
SHA-256 | bf2ee19802cc5c27a2aa9448e79d3d3c92beaa03423df3702ac3e20dc59fe7e8
Red Hat Security Advisory 2022-7144-01
Posted Oct 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-33193, CVE-2021-36160, CVE-2021-39275, CVE-2021-41524, CVE-2021-44224, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852
SHA-256 | 5e09c50bbba41656cd9c5515ccf86fb9be862fbe6d5d82a630028a1a5bde28e5
Ubuntu Security Notice USN-5703-1
Posted Oct 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5703-1 - Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-1882, CVE-2022-26373, CVE-2022-3176, CVE-2022-36879, CVE-2022-39189
SHA-256 | 5b417b139db650f2b8fcd1898f6ce031817ce2b3bdc152c22adfa9c99b871850
Ubuntu Security Notice USN-5702-2
Posted Oct 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-32221
SHA-256 | a9ef99809fa6f3d4b4210466b534a091650ab38e6eb5b490d41b11d2d8763c83
Ubuntu Security Notice USN-5696-2
Posted Oct 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5696-2 - USN-5696-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.40 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-21589
SHA-256 | f0b240f677def9a74ad52ea52984a78515c6bd5f4b284409f71cca2b9875c940
Debian Security Advisory 5261-1
Posted Oct 27, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5261-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2022-3652, CVE-2022-3653, CVE-2022-3654, CVE-2022-3655, CVE-2022-3656, CVE-2022-3657, CVE-2022-3658, CVE-2022-3659, CVE-2022-3660, CVE-2022-3661
SHA-256 | fb62e0b11083a392fd6e63e6a0bc7e3e8840647b6a0494c1df81ebfbcf672e62
Ubuntu Security Notice USN-5702-1
Posted Oct 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916
SHA-256 | abce9130e44a5745556c40692b098b2f27521fb7fe9f2336f2ae1e79874e5e67
Ubuntu Security Notice USN-5701-1
Posted Oct 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5701-1 - Yeting Li discovered that Jinja2 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-28493
SHA-256 | b25bb522095d41adeeb7e265b7beb757aaa83ebfb5731d537f261b33b81cf1b7
GNUnet P2P Framework 0.18.0
Posted Oct 27, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This is a new major release. It breaks protocol compatibility with the 0.17.x versions.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | c2d877bd444b6b474a4140c01e576a8a707e272d5c9a2149a7f25c5de192d5da
Wireshark Analyzer 4.0.1
Posted Oct 27, 2022
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 15 bug fixes. The experimental display filter syntax for literals using angle brackets that was introduced in Wireshark 4.0.0 has been removed. Updated protocol support for ASN.1 PER, CFDP, Diameter, DirectPlay, F5 Ethernet Trailer, GTP, H.223, H.248, H.264, H.265, IEEE 802.11, IPv4, MBIM, O-RAN FH CUS, PFCP, RTCP, SCTP, SMB, TCP, and TRANSUM.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | b3b002f99d13bbf47f9ed3be7eb372cb0c2454bd0faea29a756819ce019ffdc2
Vagrant Synced Folder Vagrantfile Breakout
Posted Oct 27, 2022
Authored by Brendan Coles, HashiCorp | Site metasploit.com

This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.

tags | exploit, ruby
SHA-256 | 4aa68ef0141c22e4e2be0cd50c642945c2afd7a94ea98ee68a6375e6bd398e81
nfstream 6.5.3
Posted Oct 26, 2022
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: nDPI updated. Implemented max_nflows parameter. Minor example fixes.
tags | tool, python
systems | unix
SHA-256 | 53ba1723a56c77d936eed734e9d420bbb2e0c430ca907e2df09016bc29a0898c
Dinstar FXO Analog VoIP Gateway DAG2000-16O Cross Site Scripting
Posted Oct 26, 2022
Authored by Yehia Elghaly

Dinstar FXO Analog VoIP Gateway version DAG2000-16O suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 97eaa1028dd6a201c66d40bfa6162f161c2586c5696100d18bc50025c51b3882
ERP Sankhya 4.13.x Cross Site Scripting
Posted Oct 26, 2022
Authored by Lucas Alves Da Cunha

ERP Sankhya versions 4.13.x and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-42989
SHA-256 | 1744ed67564a520b1a5d65928e4721a6bdd822c0125cd9c31ecb715595b6e46a
Red Hat Security Advisory 2022-7209-01
Posted Oct 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7209-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-3515
SHA-256 | bc3b93079d3bdfe4fdfb28bd39c24a3e55f505c2b0ae0d2da3072c50fd5897ac
Ubuntu Security Notice USN-5700-1
Posted Oct 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
SHA-256 | 0616f23cc8d31e59366551307b7cb748d2fd1d2a034df03ec9337c439f4db07f
Ubuntu Security Notice USN-5688-2
Posted Oct 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5688-2 - USN-5688-1 fixed vulnerabilities in Libksba. This update provides the corresponding update for Ubuntu 22.10. It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3515
SHA-256 | bda7b480912742b853993e8f9ed6832b6dae891a7147611031f8b2ffc0a7fa9a
Ubuntu Security Notice USN-5699-1
Posted Oct 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5699-1 - Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. It was discovered that the GNU C Library nscd daemon incorrectly handled certain netgroup lookups. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3326, CVE-2021-35942
SHA-256 | 147855b038f48991c374fe1a00958b8946511505d650a498f3ae7dbf1c51de72
Red Hat Security Advisory 2022-7184-01
Posted Oct 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7184-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-39236, CVE-2022-39249, CVE-2022-39250, CVE-2022-39251, CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932
SHA-256 | 0d7d603f6c44dfcadbe648ff0a836c5ca0d974ec2fb028018760f82b1df3b205
Page 1 of 14
Back12345Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close