exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2022-11-02

Apache CouchDB Erlang Remote Code Execution
Posted Nov 2, 2022
Authored by 1F98D, jheysel-r7, Konstantin Burov, _sadshade, Milton Valencia | Site metasploit.com

In Apache CouchDB versions prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.

tags | exploit
advisories | CVE-2022-24706
SHA-256 | adaa831a27cc8a7dbc13e63bb293d887542dcd7e9b4a0d6eb85acf4fc9076b08
FLIR AX8 1.46.16 Remote Command Injection
Posted Nov 2, 2022
Authored by Samy Younsi, Thomas Knudsen, h00die-gr3y | Site metasploit.com

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.

tags | exploit, remote, web, arbitrary, shell, root, php
advisories | CVE-2022-37061
SHA-256 | a321cd3e8960e684cbab1cd82bb0f9be0cda474af87c57e7f89fa9aaa83b6bca
Webmin 1.984 File Manager Remote Code Execution
Posted Nov 2, 2022
Authored by jheysel-r7, faisalfs10x | Site metasploit.com

In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve remote code execution via a crafted .cgi file by chaining those functionalities in the file manager.

tags | exploit, remote, cgi, code execution
advisories | CVE-2022-0824
SHA-256 | 174516108c4d106859887c676523c5bd94d8fe133ba6657e421890c8d9f7ef89
Gentoo Linux Security Advisory 202211-01
Posted Nov 2, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-1 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution. Versions less than 3.0.7:0/3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-3602, CVE-2022-3786
SHA-256 | 74d9846dab1725376e2239dab259af2da8c355857e141540172199e96d2976b6
Ubuntu Security Notice USN-5711-1
Posted Nov 2, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5711-1 - Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this issue to gain privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40284
SHA-256 | 6d670091217e7f88628a5e2be6dd0c6e1073f07d1ab53fec1fe07b6defed33c1
Red Hat Security Advisory 2022-7272-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7272-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.0 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a privilege escalation vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2022-23181
SHA-256 | 6c6c505d60f52445629706945b0b08f06ae4a58dcdd27abfe80c2be11b5f2239
Red Hat Security Advisory 2022-7201-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-0494, CVE-2022-1353, CVE-2022-23816, CVE-2022-23825, CVE-2022-2509, CVE-2022-2588, CVE-2022-26945, CVE-2022-29900, CVE-2022-29901, CVE-2022-30321, CVE-2022-30322, CVE-2022-30323
SHA-256 | 6d28e160aebd967897f3d87e1e5bfd567b29c6dba8e6d1fe4a5120cd1a1c659b
Red Hat Security Advisory 2022-7211-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-45485, CVE-2021-45486, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-2588, CVE-2022-26945, CVE-2022-30321, CVE-2022-30322
SHA-256 | e190dd91ec852a7fb925014508ba13321f8451feb95178d8f609dfb0a51bb354
Red Hat Security Advisory 2022-7273-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7273-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.0 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include denial of service and privilege escalation vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-22696, CVE-2021-30468, CVE-2022-23181
SHA-256 | 372bd5289fb3eff1614c97fef118c148bfceb93b5f0b9c7b7e028157f6a808f1
Red Hat Security Advisory 2022-7288-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7288-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2022-3602, CVE-2022-3786
SHA-256 | 36d6bbb8281f96a5020fa36bd696fd4ed5fe25f026bc665c147dc884b4c5aeff
Red Hat Security Advisory 2022-7276-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-0494, CVE-2022-1353, CVE-2022-2238, CVE-2022-23816, CVE-2022-23825, CVE-2022-2509, CVE-2022-25858, CVE-2022-2588, CVE-2022-29900, CVE-2022-29901, CVE-2022-31129, CVE-2022-34903
SHA-256 | 7ac9e1c7f562a5f00c685c3f4a883358404bdb691f54031e1c202dfc1880d591
Debian Security Advisory 5268-1
Posted Nov 2, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5268-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
SHA-256 | 50af788a28aab4ff9936b86184a48130d2ca0cb2ed24243d5b927f1daf11b2eb
Red Hat Security Advisory 2022-7280-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7280-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-2588
SHA-256 | 855dd406eec561c7a3ad00a377233e59d65c7a7c1d88c2a0827e04de09178637
Red Hat Security Advisory 2022-7283-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7283-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-3515
SHA-256 | 76df613332271ff55b8453c1012ab613b8aaa6c7edd41f011991288bf8f363a4
Red Hat Security Advisory 2022-7279-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7279-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-2588
SHA-256 | 84e2c88498f71271b95c9bfd652545a70ab121e7a14a34a611d340d2e04771d4
OpenSSL Toolkit 3.0.7
Posted Nov 2, 2022
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

Changes: Added RIPEMD160 to the default provider. Fixed regressions introduced in 3.0.6 version. Fixed two buffer overflows in punycode decoding functions.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2022-3602, CVE-2022-3786
SHA-256 | 83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e
OpenSSL Toolkit 1.1.1s
Posted Nov 2, 2022
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the certificate data to be signed before signing the certificate.
tags | tool, encryption, protocol
systems | unix
SHA-256 | c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close