exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2023-01-10

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.

tags | exploit, php
advisories | CVE-2023-22851
SHA-256 | 1b6698ff49dd75e5444eb0fdffd03d9806fd9c813b8e9255172cc30fc8eee07c
Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.

tags | exploit, php
advisories | CVE-2023-22580
SHA-256 | 2ec6d4c5f2c778a5cba091671d5430e465c12ac9843c5cd81c7a60ef025d78c5
Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.

tags | exploit, php
advisories | CVE-2023-22853
SHA-256 | 78cc87727c56dfa65396d9be9770b8f57ca776f333384898c9697700f5975390
Ubuntu Security Notice USN-5797-1
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-42852, CVE-2022-46698
SHA-256 | 7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cd
Red Hat Security Advisory 2023-0032-01
Posted Jan 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0032-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.47. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-41912
SHA-256 | daa2754ceaac8944d0a42b75beaf1f01a6bcfac7f98839827dae2c54edbb97e6
Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2023-22852
SHA-256 | e6e385bd593b19e51fd23dc7a81743ae9a7caac91f486e077758222133af8248
Red Hat Security Advisory 2023-0050-01
Posted Jan 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0050-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-0235, CVE-2022-24999, CVE-2022-3517, CVE-2022-43548
SHA-256 | e708c38bc4b436ac8b0802b7f52b3094989a8a194c55f4ff13f1c929fc808c60
Ubuntu Security Notice USN-5796-1
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5796-1 - It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-38223
SHA-256 | fb2509db5276c7a38c4ef42d1e8b9433e8888d4644fe4c183980aac1d032ff8a
Ubuntu Security Notice USN-5793-2
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541, CVE-2022-3543, CVE-2022-3586, CVE-2022-3623, CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977, CVE-2022-40307, CVE-2022-4095, CVE-2022-41849
SHA-256 | d675040336f5a36e7ca116ff8ee729cb2ab25769ff6dae5749e51445e04f8c2c
Ubuntu Security Notice USN-5795-1
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5795-1 - It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-44792
SHA-256 | 0741476be6836dce086f20e9dbc11bdf75d111ced13d3c63b3bf2ded6b3f0b45
Zeek 5.0.5
Posted Jan 10, 2023
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Updated broker to version 2.3.6. This broker release fixes some failures when building against Python 3.11 and above.
tags | tool, intrusion detection
systems | unix
SHA-256 | 3efed010ab2dcf623667d13b485dfec6d28f2b65f97e4c9f0f9192c37ace88d1
Red Hat Security Advisory 2023-0045-01
Posted Jan 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

tags | advisory, remote, vulnerability
systems | linux, redhat
advisories | CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344
SHA-256 | b44be7a01e0df67bebb6e2b5ce2713b93f0eca8b9d150b1fda8acef44bd4e455
Linux 4.10 Use-After-Free
Posted Jan 10, 2023
Authored by Jann Horn, Google Security Research

Linux kernel version 4.10 suffers from a use-after-free vulnerability in __do_semtimedop() due to a lockless check outside the RCU section.

tags | exploit, kernel
systems | linux
SHA-256 | 07d8df8e54828f8f33482f1bf22aa6ffd633c656b7301bc40395e4379d31e449
Arm Mali CSF KBASE_REG_NO_USER_FREE Unsafe Use Use-After-Free
Posted Jan 10, 2023
Authored by Jann Horn, Google Security Research

The Mali driver tries to use the KBASE_REG_NO_USER_FREE flag to ensure that the memory region referenced by kbase_csf_tiler_heap::buf_desc_reg cannot be freed by userspace. However, this flag is only a single bit, and there can be multiple tiler heaps referencing the same memory region. This can lead to a use-after-free condition.

tags | exploit
advisories | CVE-2022-42716
SHA-256 | b873567924105769f827e9318b7b58298191410905a58cc3d3192c6ce29f3225
Red Hat Security Advisory 2023-0049-01
Posted Jan 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2601, CVE-2022-3775
SHA-256 | 2377c5382397f065a27fdb3c92a810b7992fc1b52d07c5f0debe622436aacac6
Online Food Ordering System 2.0 SQL Injection
Posted Jan 10, 2023
Authored by Anil Kiziltan

Online Food Ordering System version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1d35b5b1674043865582f25f8d1af5d3f5725506d1959e78aa1e8df7a88e0377
Online Food Ordering System 2.0 Shell Upload
Posted Jan 10, 2023
Authored by Hakan Sonay

Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 79d4531d706ef446604fb8038c79402773af79beb3b81e0c9574ec534b5d9ec8
Ubuntu Security Notice USN-5782-3
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-46871, CVE-2022-46872, CVE-2022-46873, CVE-2022-46874, CVE-2022-46877, CVE-2022-46879
SHA-256 | b30a2968ea71adaa4d74717a784dc2aa83b0f4ff631d0b31a605118d8157a40a
WordPress Mega Main Menu 2.2.2 Information Disclosure
Posted Jan 10, 2023
Authored by indoushka

WordPress Mega Main Menu plugin version 2.2.2 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 611ee83f3e3b4b25a5eba1ba5bd25f1ba6a048366cd458523b3dad00ac825c8c
Ubuntu Security Notice USN-5792-2
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5792-2 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-0171, CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303, CVE-2022-3586, CVE-2022-3646, CVE-2022-3649, CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-4095, CVE-2022-43750
SHA-256 | 61a76824088434d45265841359f97a71f6e3346100e4081fc6a5ddb1b292354e
Ubuntu Security Notice USN-5791-2
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5791-2 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.

tags | advisory, remote, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303, CVE-2022-3586, CVE-2022-3646, CVE-2022-39842, CVE-2022-40307, CVE-2022-4095, CVE-2022-43750
SHA-256 | af31e2f0f32d49436b8b155fc82a87ba9e92d354b8a376c8215264292ec1c748
WordPress Slider Revolution 4.6.5 Shell Upload
Posted Jan 10, 2023
Authored by indoushka

WordPress Slider Revolution plugin version 4.6.5 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 4e8cadbe4d270676c58df50959e60ad62c48e787dbed667844e8a8eda46f121a
Red Hat Security Advisory 2023-0046-01
Posted Jan 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344
SHA-256 | 0c26fecadd9ad673ce37c61040f50966727b4724075c12f9e1247d78890d1945
Red Hat Security Advisory 2023-0047-01
Posted Jan 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0047-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-2601, CVE-2022-3775
SHA-256 | 797b99b6b5682620937372edc788a6a551da3f50db4959d64adea28bfab8dd5c
Deprixa Pro CMS 3.2.5 Insecure Settings
Posted Jan 10, 2023
Authored by indoushka

Deprixa Pro CMS version 3.2.5 appears to leave a default administrative account in place post installation.

tags | exploit
SHA-256 | 405d87d7166d822e75aa9b595bce676f76b384fba841f7f3783124d8b26a1ce1
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close