exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2023-02-01

Packet Storm New Exploits For January, 2023
Posted Feb 1, 2023
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 130 exploits added to Packet Storm in January, 2023.

tags | exploit
SHA-256 | ea59f7d618d1f8fe8f750faa31ef909e70fc61e5274fef5dd74a9c65027bb7bf
io_uring Same Type Object Reuse Privilege Escalation
Posted Feb 1, 2023
Authored by h00die, Mathias Krause, Ryota Shiga | Site metasploit.com

This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

tags | exploit, shell, kernel, root
systems | linux, ubuntu
advisories | CVE-2022-1043
SHA-256 | ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088
vmwgfx Driver File Descriptor Handling Privilege Escalation
Posted Feb 1, 2023
Authored by h00die, Mathias Krause | Site metasploit.com

If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2022-22942
SHA-256 | 6360a81de99a383330c5955ece5414f2f3b254143f1a5b9246e669769aa929fc
Ubuntu Security Notice USN-5838-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5838-1 - It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-35014, CVE-2022-35018, CVE-2022-35020
SHA-256 | 51d4e5a2e0a6df65689e8d7a335a40c36fc5a84df4a2489eebba63551dc26c38
Ubuntu Security Notice USN-5837-2
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5837-2 - USN-5837-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23969
SHA-256 | 1258c9d42c34f23238ae4659494b2ab12495cb166903f1fc143f498b5d021672
Ubuntu Security Notice USN-5839-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-20001, CVE-2022-36760, CVE-2022-37436
SHA-256 | 51cd55c0a4d0ca801aadbd2957e3cf62a2298f81b93aff2b7cd8508a8614cf0c
Ubuntu Security Notice USN-5837-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5837-1 - Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23969
SHA-256 | ddc4a1a3b076b54a17094997d9f5e44de99e5a974a151c5539a5b7cf54af5773
Ubuntu Security Notice USN-4781-2
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4781-2 - USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10030, CVE-2017-15566, CVE-2018-10995, CVE-2018-7033, CVE-2019-6438, CVE-2020-12693, CVE-2020-27745, CVE-2020-27746, CVE-2021-31215
SHA-256 | 59515a2b771f58c345614b48a32221dcb6959e15bd4041dfd89c08c06148282c
eCommerce Marketplace Platform CMS 1.7 SQL Injection
Posted Feb 1, 2023
Authored by CraCkEr

eCommerce Marketplace Platform CMS version 1.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 69e687c4a0d9df1eff0262dabcd54301b07d5a417b4f40ef540a439dfe252659
eCommerce Marketplace Platform CMS 1.7 Cross Site Scripting
Posted Feb 1, 2023
Authored by CraCkEr

eCommerce Marketplace Platform CMS version 1.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dbb8c908b79f269effe2464df2de203b03719231d344c768a2cbef1efc7a7b05
Online Eyewear Shop 1.0 SQL Injection
Posted Feb 1, 2023
Authored by Muhammad Navaid Zafar Ansari

Online Eyewear Shop version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7f480978af7f6cb6c10b388d9b0672e6417dbf34177646251736adbbcb0f145e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close