This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user.
a890c277f9518d69ee5b632d253b7c12b7da15367479577605ce796496a2f670This archive contains all of the 82 exploits added to Packet Storm in February, 2023.
1aac08f0f83c7b542b7b390b5edbc859493c3d548148a11d7a05d5876ea81befRed Hat Security Advisory 2023-0899-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.53.
fc9ef1ae79ed9c3711cc3750e4b209a31eb742fbcff55654265a78a41ad02a5dDebian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.
449a42da9bb4b8caeb5d67f7cec2a182bd6252f94c98c628487a48466106f6b0Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.
d8134e53c73b5f2b98a54caf846a945da5e3e78dac7bf2d66525cf6b12579a76Ubuntu Security Notice 5900-1 - It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash.
4503c25c8985b1cadb953a8cf1e182195165a07bc046b1a1d324361c2f37498dUbuntu Security Notice 5638-4 - USN-5638-1 fixed several vulnerabilities in Expat. This update provides the corresponding update for Ubuntu 14.04 ESM. Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
e8573f45eee357d0e6e1aea46a23678438ed02db697e4eb77adc47dd2c099c25Red Hat Security Advisory 2023-1014-01 - An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby).
c4879e7392aa52c6dca6db166aa6b15431df175559308cee79acd01da94a7087Red Hat Security Advisory 2023-1017-01 - OpenStack Image Service provides discovery,registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images.
80ab0faeedfbdf327d8426f0871c22b67707bc75bf6dd21d8bbbced6ad1b1c92Red Hat Security Advisory 2023-1008-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
fba873bf08142b1734ce101270b4bfda6391348b5715d496bfb89c99f2fc2fa0Red Hat Security Advisory 2023-1013-01 - An update for openstack-swift is now available for Red Hat OpenStack Platform 17.0 (Wallaby).
b4523a9e064e03dd889b768dc71d965d0d8f13043a46a4878969d3dc412e49f7Red Hat Security Advisory 2023-0890-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.5. Issues addressed include denial of service and out of bounds read vulnerabilities.
64053042b8e50f28dccf721063ca374b26f0c2a595d5acc89d839263971e7e3eRed Hat Security Advisory 2023-1018-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Issues addressed include a remote shell upload vulnerability.
6cabeb616cc86e2cbaf9eeff580fc77e5c814243da7ceecee78741afbe444047Red Hat Security Advisory 2023-1016-01 - Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage.
bd3dd8c54d58013ab73540538eb2f9d5ac4338d7f6081ac715b81cd621b545dcRed Hat Security Advisory 2023-1015-01 - OpenStack Compute is open source software designed to provision and manage large networks of virtual machines,creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors.
93c5f30cf15b3fc63477f6581b0e8f07cb77caaec261a9c23601b89802364699Ubuntu Security Notice 5903-1 - It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service.
a0a282a6f042353c2982180a586d4f786bba17c14f0faf45bda948394888a9e8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed