exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2022-11-15

Payara Platform Path Traversal
Posted Nov 15, 2022
Authored by Michael Baer | Site sec-consult.com

Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are affected.

tags | exploit
advisories | CVE-2022-45129
SHA-256 | f35265fad0192aaeb1ed6c97b115e0d9b17722861995b2534dfae5e60dcdf68c
BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection
Posted Nov 15, 2022
Authored by Daniel Hirschberger | Site sec-consult.com

BMC Remedy ITSM-Suite version 9.1.10 (20.02 in new versioning scheme) suffers from an html injection vulnerability.

tags | exploit
advisories | CVE-2022-26088
SHA-256 | ed89f3f49d37ea4299f6f6221ace6ef8292ada73199f9aac17bae7cf6165fad3
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
Posted Nov 15, 2022
Authored by Steffen Robertz | Site sec-consult.com

Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2022-44012, CVE-2022-44013, CVE-2022-44014, CVE-2022-44015, CVE-2022-44016, CVE-2022-44017
SHA-256 | 6eddce047a1f5ab31ff59fc32cdd934d9a0dbd6474090fe26968d79a7d77daf2
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
Posted Nov 15, 2022
Authored by Julien Ahrens | Site rcesecurity.com

WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2022-3747
SHA-256 | 651b396c90687b1931dfce7d1f9402a1dff09a912ce895903c27111b0634e43e
Cisco Secure Email Gateway Malware Detection Evasion
Posted Nov 15, 2022

Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with the gateway, to evade detection of malicious payloads by anti-virus components on the gateway. This exploit was successfully tested with a zip file containing the Eicar test virus and Cisco Secure Email Gateways with AsyncOS 14.2.0-620, 14.0.0-698, and others. An affected Email Client was Mozilla Thunderbird 91.11.0 (64-bit).

tags | exploit, remote, virus, bypass
systems | cisco
SHA-256 | a5931b58de930bd24c3bccaf43e04d89110ae41e6a2a05986fc0b34ab1d30ebd
VMware NSX Manager XStream Unauthenticated Remote Code Execution
Posted Nov 15, 2022
Authored by mr_me, Sina Kheirkhah, h00die-gr3y | Site metasploit.com

VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. VMware Cloud Foundation 3.x and more specific NSX Manager Data Center for vSphere up to and including version 6.4.13 are vulnerable to remote command injection. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges.

tags | exploit, remote, root, code execution
advisories | CVE-2021-39144
SHA-256 | e1f5fa59aee9a79145c46b8829a1543dbca23d36d00d330dacc1326a5f871b45
Apple Security Advisory 2022-11-09-2
Posted Nov 15, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-11-09-2 - macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-40303, CVE-2022-40304
SHA-256 | 10c454d0b0b5904ed0e2f71ab984574a625e84a942a9a8406aa6c1ec8f046856
Apple Security Advisory 2022-11-09-1
Posted Nov 15, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2022-40303, CVE-2022-40304
SHA-256 | 991b1f0f1c1f623df67f682fb82885b28002056c66e1c73a9fcc14f5d20a12ad
Red Hat Security Advisory 2022-7935-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7935-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1049
SHA-256 | cc0aa12c40cb5a80000d9ab40ebb705cb3f23d6f844beb20c4842f7e28aaa531
Red Hat Security Advisory 2022-8400-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8400-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Issues addressed include a denial of service vulnerability.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2021-46828
SHA-256 | 8ffea7ddbacb9e05bf5f1b5dfeb4d6dabf0bc57a1460c260a87b79213c4373d4
Red Hat Security Advisory 2022-8208-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8208-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a privilege escalation vulnerability.

tags | advisory, imap
systems | linux, redhat, unix
advisories | CVE-2022-30550
SHA-256 | 1c058e83ddb123ad31ada14507e1f3dd3a47def167186e8200331dc747993688
Red Hat Security Advisory 2022-7959-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7959-01 - guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more. Issues addressed include buffer overflow and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, registry, vulnerability
systems | linux, redhat
advisories | CVE-2022-2211
SHA-256 | 84f717188daaafb47b18fa949c32a7a99c52fdbbdf226cfa0825865958b6de45
Red Hat Security Advisory 2022-7933-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7933-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, denial of service, double free, information leakage, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-36516, CVE-2021-3640, CVE-2022-0168, CVE-2022-0617, CVE-2022-0854, CVE-2022-1016, CVE-2022-1048, CVE-2022-1184, CVE-2022-1280, CVE-2022-1353, CVE-2022-1679, CVE-2022-1852, CVE-2022-1998, CVE-2022-20368
SHA-256 | c7306cb3e2d21e76d1cf923d8e8152b52d296914c9dd94bd60e420cd01196ce6
Red Hat Security Advisory 2022-7979-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7979-01 - Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-23903
SHA-256 | 22d1d001579d77a3d5a16918a4320ec3b86c1fd3771f30edb7241b3b706c7999
Red Hat Security Advisory 2022-8418-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8418-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-28153
SHA-256 | 8fec0b38f3c3288c6e0cd068bcfe818e6deca15f822dd6ea666fe3941be33d88
Red Hat Security Advisory 2022-7970-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7970-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-22570
SHA-256 | d8a05ff671413be224620e6c3813884616e172849c5a949ff84c8878de53506a
Red Hat Security Advisory 2022-8340-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8340-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-27404, CVE-2022-27405, CVE-2022-27406
SHA-256 | a62b0bcbc3118e4e1c39e4a6ba01859c497de180ad18409afa694d20d7d0ca6e
Red Hat Security Advisory 2022-7967-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7967-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include buffer overflow, bypass, null pointer, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-3507, CVE-2021-3611, CVE-2021-3750, CVE-2021-4158
SHA-256 | e5b756fa88106520e91abca563e807d16bb838880fef65956bfd26e61dc8090a
Red Hat Security Advisory 2022-8385-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8385-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-25220
SHA-256 | 1ae66722e326f26ac06c449818fa0dddd506883c1732f07c68b27d8dfa23dbc5
Red Hat Security Advisory 2022-8067-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8067-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-22719, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813
SHA-256 | 2f618becfdbbdda2556b415befb2c2a04d6da08d80af82b7ba968654a528f6eb
Red Hat Security Advisory 2022-8057-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
systems | linux, redhat
advisories | CVE-2021-23648, CVE-2022-1705, CVE-2022-1962, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635
SHA-256 | 3ee16e49a8baf9378c63381be5115444e228ecd6a3b4ae465fcf1331c83fb783
Red Hat Security Advisory 2022-8011-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8011-01 - FriBidi is a library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-25308, CVE-2022-25309, CVE-2022-25310
SHA-256 | 611365771636e0a57fcd4477e5fc912632071f1d9be2b2a4e8916f43fe98048e
Red Hat Security Advisory 2022-8100-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8100-01 - SWTPM is a TPM emulator built on libtpms providing TPM functionality for QEMU VMs.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23645
SHA-256 | 0bf2ec16f7b64d8ee9b4c34227522989c39cae13fa7f85865105966b0239d198
Red Hat Security Advisory 2022-7978-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7978-01 - The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Issues addressed include buffer overflow and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-30067, CVE-2022-32990
SHA-256 | 0cad81a9b47443baa13c3b5e3f9bfec69f48f60f6c5914d4c05fd446d550e73b
Red Hat Security Advisory 2022-8197-01
Posted Nov 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8197-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a use-after-free vulnerability.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2021-21708, CVE-2022-31625
SHA-256 | dfa4ba3a8f5bac10045d7af5418b2b2f6dfbbfec6600496114ef424d62963e2a
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close