what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2023-03-14

Apache Tomcat Privilege Escalation
Posted Mar 14, 2023
Authored by h00die, Dawid Golunski | Site metasploit.com

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation. With this weak permission, you are able to inject commands into the systemd-tmpfiles service to write a cron job to execute a payload. systemd-tmpfiles is executed by default on boot on RedHat-based systems through systemd-tmpfiles-setup.service. Depending on the system in use, the execution of systemd-tmpfiles could also be triggered by other services, cronjobs, startup scripts etc. This module was tested against Tomcat 7.0.54-3 on Fedora 21.

tags | exploit
systems | linux, redhat, fedora
advisories | CVE-2016-5425
SHA-256 | 903a0ee785179782b1e32acadddf0c0d236bad5fe9aa7a732795ae129d42f00e
I2P 2.2.0
Posted Mar 14, 2023
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: This release includes a changes across the NetDB, Floodfill, and Peer-Selection components which improve the ability of the router to survive DDOS attacks. This release also adds replay protection to the Streaming subsystem, which prevents an attacker who can capture an encrypted packet from being able to re-use it by sending it to unintended recipients.
tags | tool
systems | unix
SHA-256 | e4ba06a6e2935a17990f057a72b8d79e452a2556a6cefe5012d5dd63466feebf
Red Hat Security Advisory 2023-1159-01
Posted Mar 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1159-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.31.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238
SHA-256 | 2dca6150c173ec6d76fffb4bc75ca3abe51c4cee90513b34f455bdb39c912b59
Ubuntu Security Notice USN-5949-1
Posted Mar 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5949-1 - It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-0928, CVE-2023-0929, CVE-2023-0931, CVE-2023-0933, CVE-2023-1215, CVE-2023-1220, CVE-2023-1222, CVE-2023-1226, CVE-2023-1229, CVE-2023-1235, CVE-2023-1236
SHA-256 | 3df9bbcf1785396ee227923d5d9a83d0d2678e4aa22fb5ff6aeac64d77cfc01a
Ubuntu Security Notice USN-5948-1
Posted Mar 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5948-1 - It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23934, CVE-2023-25577
SHA-256 | 207d0bc3fb2eccfc91fe6aa3fafe7926b6b250363338d8de7dacdbc1a1962227
Red Hat Security Advisory 2023-1192-01
Posted Mar 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1192-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-2964, CVE-2022-41222
SHA-256 | 8ab72b27f69451b4e2a810710dd0f09eb4a09bfa699ec1a80d0feddd0155bc60
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close