what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2023-03-14

Apache Tomcat Privilege Escalation
Posted Mar 14, 2023
Authored by h00die, Dawid Golunski | Site metasploit.com

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation. With this weak permission, you are able to inject commands into the systemd-tmpfiles service to write a cron job to execute a payload. systemd-tmpfiles is executed by default on boot on RedHat-based systems through systemd-tmpfiles-setup.service. Depending on the system in use, the execution of systemd-tmpfiles could also be triggered by other services, cronjobs, startup scripts etc. This module was tested against Tomcat 7.0.54-3 on Fedora 21.

tags | exploit
systems | linux, redhat, fedora
advisories | CVE-2016-5425
SHA-256 | 903a0ee785179782b1e32acadddf0c0d236bad5fe9aa7a732795ae129d42f00e
I2P 2.2.0
Posted Mar 14, 2023
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: This release includes a changes across the NetDB, Floodfill, and Peer-Selection components which improve the ability of the router to survive DDOS attacks. This release also adds replay protection to the Streaming subsystem, which prevents an attacker who can capture an encrypted packet from being able to re-use it by sending it to unintended recipients.
tags | tool
systems | unix
SHA-256 | e4ba06a6e2935a17990f057a72b8d79e452a2556a6cefe5012d5dd63466feebf
Red Hat Security Advisory 2023-1159-01
Posted Mar 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1159-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.31.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238
SHA-256 | 2dca6150c173ec6d76fffb4bc75ca3abe51c4cee90513b34f455bdb39c912b59
Ubuntu Security Notice USN-5949-1
Posted Mar 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5949-1 - It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-0928, CVE-2023-0929, CVE-2023-0931, CVE-2023-0933, CVE-2023-1215, CVE-2023-1220, CVE-2023-1222, CVE-2023-1226, CVE-2023-1229, CVE-2023-1235, CVE-2023-1236
SHA-256 | 3df9bbcf1785396ee227923d5d9a83d0d2678e4aa22fb5ff6aeac64d77cfc01a
Ubuntu Security Notice USN-5948-1
Posted Mar 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5948-1 - It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23934, CVE-2023-25577
SHA-256 | 207d0bc3fb2eccfc91fe6aa3fafe7926b6b250363338d8de7dacdbc1a1962227
Red Hat Security Advisory 2023-1192-01
Posted Mar 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1192-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-2964, CVE-2022-41222
SHA-256 | 8ab72b27f69451b4e2a810710dd0f09eb4a09bfa699ec1a80d0feddd0155bc60
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close