exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2022-11-30

perfSONAR 4.4.5 Cross Site Request Forgery
Posted Nov 30, 2022
Authored by Ryan Moore | Site github.com

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.

tags | exploit, csrf
advisories | CVE-2022-41413
SHA-256 | 44092efeff9a22718267fc8ee3d1add5f9f7c1bd035ed2fb94ece0d6baf60239
perfSONAR 4.4.4 Open Proxy / Relay
Posted Nov 30, 2022
Authored by Ryan Moore | Site github.com

perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to exfiltrate or enumerate data from internal web servers. This vulnerability was patched in perfSONAR version 4.4.5. Versions 4.x through 4.4.4 are affected. There is a whitelisting function that will mitigate, but is disabled by default.

tags | exploit, web, cgi
advisories | CVE-2022-41412
SHA-256 | 57258cc3a50359f248bba303d6a0892af6f77e5cbd93340c72b5018222e14550
Clam AntiVirus Toolkit 1.0.0
Posted Nov 30, 2022
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS release.

Changes: Major changes include support for decrypting read-only OLE2-based XLS files that are encrypted with the default password and an overhaul of the implementation of the all-match feature. Many other updates included.
tags | tool, virus
systems | unix
SHA-256 | bda39bb856902e6dd6077ea313a3eb8beccd487e0082a95917877f2b299cd86e
Suricata IDPE 6.0.9
Posted Nov 30, 2022
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 4 security issues addressed, 15 bugs addressed, one feature, and a few tasks completed.
tags | tool, intrusion detection
systems | unix
SHA-256 | 3225edcbd0277545b7128df7b71652e6816f3b4978347d2f4fe297d55ed070e8
Microsoft Exchange ProxyNotShell Remote Code Execution
Posted Nov 30, 2022
Authored by Soroush Dalili, Spencer McIntyre, Orange Tsai, Rich Warren, Piotr B, DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q | Site metasploit.com

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.

tags | exploit, vulnerability, code execution
advisories | CVE-2022-41040, CVE-2022-41082
SHA-256 | 52e94b2539eeb923ed6dfcf33bf21788d037db18208e166670e34916d20844dd
Intel Data Center Manager 4.1.1.45749 Authentication Bypass / Spoofing
Posted Nov 30, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Intel Data Center Manager versions 4.1.1.45749 and below suffer from an authentication bypass vulnerability via spoofing.

tags | advisory, spoof, bypass
advisories | CVE-2022-33942
SHA-256 | c994d19000e263ed1c33f5352902d080b70eb355d42bec09d1cf2d70a522e3e4
OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
Posted Nov 30, 2022
Authored by Martin Heiland

OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2022-31469, CVE-2022-37307, CVE-2022-37308, CVE-2022-37309, CVE-2022-37310, CVE-2022-37311, CVE-2022-37312, CVE-2022-37313
SHA-256 | ba6b2cbc7f4a93851df3e4965e0195411ca754b70e55778fee524c5fadf9d260
Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
Posted Nov 30, 2022
Authored by T. Weber | Site cyberdanube.com

Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability.

tags | exploit, remote
advisories | CVE-2022-40282
SHA-256 | 902fa02d042cb42bf90b944d2600703447b836b6f9b4d286e2b0bca32793a471
Ubuntu Security Notice USN-5718-2
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5718-2 - USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-44638
SHA-256 | 4fba7d2d1a4b1cbe7d2158569a85a80fe0aab7b0d5ae40c1ce0fde655445548f
Ubuntu Security Notice USN-5750-1
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5750-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-4209
SHA-256 | 8d0498e3d4da525ac2ff53dd05fc680ea245f6b6c501a2220f966f7b34f7cdc8
Ubuntu Security Notice USN-5749-1
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5749-1 - Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-7697
SHA-256 | 4790f5bdf916ab62a3e0d244f0d0f5c665eb2ed06a3b65db68e6c26314ef453f
Ubuntu Security Notice USN-5728-3
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-20422, CVE-2022-2153, CVE-2022-2978, CVE-2022-29901, CVE-2022-3028, CVE-2022-3625, CVE-2022-3635, CVE-2022-39188, CVE-2022-40768, CVE-2022-41222, CVE-2022-42703, CVE-2022-42719
SHA-256 | ebafaab2d5db4b2842460331e69fe77801e170fb619cc3bd4e090cd8f02623de
Red Hat Security Advisory 2022-8669-01
Posted Nov 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 651abd4e04c6352dc73f17a724eab23338024825bf52c55e2d72fa513898d97e
Red Hat Security Advisory 2022-8679-01
Posted Nov 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8679-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-25058
SHA-256 | 44319230a7031b0ae2beadd5bdc28f949e6758804cab4b17984ada9f3597470c
Red Hat Security Advisory 2022-8673-01
Posted Nov 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8673-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-1158
SHA-256 | 97f3e50f702e5fe7cf05a0f316152fa8ad06cc0c499a2e5468a7b1c73ccba840
Red Hat Security Advisory 2022-8680-01
Posted Nov 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8680-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-2850
SHA-256 | c220eab95e2af8d1ee487903c3b78ffa3023b0e9770403994f85980302585792
Ubuntu Security Notice USN-5745-2
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5745-2 - USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | f6ac20e439d8d241d992c88ebb7f2f3eb0fba751ce497dfb7bfa0c5cc3142049
Ubuntu Security Notice USN-5748-1
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5748-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-39377
SHA-256 | 05fabde1cb6cfea55f277c3be3e27829f8f1a26de0cc437db0a779377dc8a475
Red Hat Security Advisory 2022-8686-01
Posted Nov 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8686-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-1158
SHA-256 | b8332406dcf5e7e427a7e164a3f092852ecc429438c292708f9ab5a8d3453c6f
Red Hat Security Advisory 2022-8685-01
Posted Nov 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8685-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a memory leak vulnerability.

tags | advisory, kernel, memory leak
systems | linux, redhat
advisories | CVE-2022-1158
SHA-256 | 343e5f92325dabc1c46200ae21744f2debc8776499f887f7d57d72fc355492b5
Ubuntu Security Notice USN-5689-2
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5689-2 - USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification.

tags | advisory, remote, perl
systems | linux, ubuntu
advisories | CVE-2020-16156
SHA-256 | 9c5f64f6ea6b671dac5426645ac570bc296b6ea28163623f578cc062704d0782
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close