what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2023-02-27

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root
Posted Feb 27, 2023
Authored by d1g

ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2023-26602
SHA-256 | a23c3b2021225bfb676a55bbdeafbcf1689dc045c5b50ecbfacebfc7ffe2014b
ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution
Posted Feb 27, 2023
Authored by d1g

ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh.

tags | exploit, remote, local, root, vulnerability, file inclusion
advisories | CVE-2023-26609
SHA-256 | 92decaa3308d461393dc637c13861ced7bcb4cd43a2c333235f9835ee562ecb9
Arm Mali CSF kbase_kcpu_command_queue Use-After-Free
Posted Feb 27, 2023
Authored by Jann Horn, Google Security Research

kbase_csf_kcpu_queue_enqueue() locks the kctx->csf.kcpu_queues, looks up a pointer from inside that structure, then drops the lock before continuing to use the kbase_kcpu_command_queue that was looked up. This is a classic use-after-free pattern, where the lookup of a pointer is protected but the protective lock is then released without first acquiring any other lock or reference to keep the referenced object alive.

tags | exploit
SHA-256 | 4fd61c0109d183f3b2a909d608ec4f7ebeb118f98b4d057a01a280c10f5a5339
Ubuntu Security Notice USN-5890-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5890-1 - Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-4337
SHA-256 | 632ff18e4ea88d5168bceca5ac0c2179a3affa3912b41a94689b768014af5532
Ubuntu Security Notice USN-5892-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5892-1 - It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-3479, CVE-2023-0767
SHA-256 | 08e1514e5eeec5f74d4365784fc07384f881ccfce7ae98e9d80175769c3a1622
Ubuntu Security Notice USN-5893-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-23529
SHA-256 | 39f3fda6f69b52e2205f43902470d0e182b4efbc8287c37b578e711226062258
Ubuntu Security Notice USN-5891-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5891-1 - Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested in parallel. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-23914, CVE-2023-23915, CVE-2023-23916
SHA-256 | d371bf8267eb19b51304352594e37658d2609e6b7c0e94b671100ea3cedb53be
Ubuntu Security Notice USN-5889-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5889-1 - It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting attack. This issue was only fixed in Ubuntu 16.04 ESM. It was discovered that ZoneMinder was not properly sanitizing stored user input later printed to the user in certain views. An attacker could possibly use this issue to perform a cross-site scripting attack. This issue was only fixed in Ubuntu 16.04 ESM.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2019-6777, CVE-2019-6991, CVE-2019-6992, CVE-2019-7325, CVE-2019-7326, CVE-2019-7329, CVE-2019-7331, CVE-2019-7332, CVE-2022-29806
SHA-256 | 6b120da55eab087c0cb072933998f2bda4b9791a794906828b299c06d119142d
Ubuntu Security Notice USN-5887-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5887-1 - Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-20032, CVE-2023-20052
SHA-256 | 30d0e5fa8fc60d8b3a9bade4aa193276d3da4ee86a87f963a16ee548f2905a89
Ubuntu Security Notice USN-5886-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5886-1 - Erik C. Bjorge discovered that some Intel Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel Xeon Processors used incorrect default permissions in some memory controller configurations when using Intel Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090
SHA-256 | 5e6f8a9b89dc2296c9a7a52d72eea7ce2c945e6fc8092669cef070563935da15
Red Hat Security Advisory 2023-0918-01
Posted Feb 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-46848, CVE-2022-1304, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22662, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293, CVE-2022-35737
SHA-256 | a4a0b61597e4539af186d0870a584294b79b29427a59239b69994540bab168ae
Ubuntu Security Notice USN-5885-1
Posted Feb 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5885-1 - Ronald Crane discovered integer overflow vulnerabilities in the Apache Portable Runtime that could potentially result in memory corruption. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code.

tags | advisory, remote, denial of service, overflow, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-24963
SHA-256 | 09ed22efc5f270093119425953b0c1273a45985966262768677be3e29ed5c327
Debian Security Advisory 5364-1
Posted Feb 27, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2022-25147
SHA-256 | 0fd080fc2d20d8613ace2e272ac779ee75f49f96590d76bbadc9811f312aedf2
Debian Security Advisory 5363-1
Posted Feb 27, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.

tags | advisory, denial of service, php
systems | linux, debian
advisories | CVE-2022-31631, CVE-2023-0567, CVE-2023-0568, CVE-2023-0662
SHA-256 | 7ae7c33c3e28b6f24a8453dc72dcd9277d8782ff1546367e81b1eee017a28724
pfBlockerNG 2.1.4_26 Remote Code Execution
Posted Feb 27, 2023
Authored by IHTeam

pfBlockerNG version 2.1.4_26 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2022-31814
SHA-256 | 4ac7bffe74c29e0dabbff18d552da8d3e73678fb8ed2b4a6a73be8d67499aebc
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close