what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2023-03-16

Microsoft Outlook CVE-2023-23397 Proof Of Concept
Posted Mar 16, 2023
Authored by sqrtZeroKnowledge | Site github.com

Proof of concept code for a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2023-23397
SHA-256 | 82650f1794c39715f1ff003f78302ace745bb32d6a7b8594b0d5025474d9963b
Ubuntu Security Notice USN-5954-1
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5954-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-25750, CVE-2023-25751, CVE-2023-25752, CVE-2023-28160, CVE-2023-28161, CVE-2023-28162, CVE-2023-28164, CVE-2023-28177
SHA-256 | 9a904798e7771b7468e2663f1514597410be79efd31e38ffa22747567f7a3706
Red Hat Security Advisory 2023-1278-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1278-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 84ce34082ecf15b501d3f5dd5b16dc64a671e600f50f733f68297abfc0d89c00
Debian Security Advisory 5374-1
Posted Mar 16, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5374-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

tags | advisory, web, arbitrary, spoof
systems | linux, debian
advisories | CVE-2023-25751, CVE-2023-25752, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176
SHA-256 | ef900a452c188015da475ec656d55f96626688e7c22638f3904a9534481df7d1
Ubuntu Security Notice USN-5958-1
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.

tags | advisory, denial of service
systems | linux, apple, ubuntu
advisories | CVE-2022-3109, CVE-2022-3341, CVE-2022-3964, CVE-2022-3965
SHA-256 | b710f29c60cd37296fe80fdbacdb69f11d2246bd09c99140cec31c3ea61c73c5
Red Hat Security Advisory 2023-1277-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1277-01 - An update for openstack-swift is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47950
SHA-256 | 36644484a5a040c57b80a6074bb74fb811251c415a5cef71c761b1ad092101d5
OpenSSH 9.3p1
Posted Mar 16, 2023
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This release contains fixes for a security problem and a memory safety problem. The memory safety problem is not believed to be exploitable.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8
Bitbucket Environment Variable Remote Command Injection
Posted Mar 16, 2023
Authored by Shelby Pace, Y4er, Ry0taK | Site metasploit.com

For various versions of Bitbucket, there is an authenticated command injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as the atlbitbucket user by injecting the GIT_EXTERNAL_DIFF environment variable, a null character as a delimiter, and arbitrary code into a user's user name. The value (payload) of the GIT_EXTERNAL_DIFF environment variable will be run once the Bitbucket application is coerced into generating a diff. This Metasploit module requires at least admin credentials, as admins and above only have the option to change their user name.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-43781
SHA-256 | 2e6c2f7e0c503ac745181fc0724f59c7184beaea61b5d14bb0460c6ed729952c
Ubuntu Security Notice USN-5957-1
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5957-1 - Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | cisco, linux, ubuntu
advisories | CVE-2018-19105, CVE-2021-21900, CVE-2021-45341, CVE-2021-45343
SHA-256 | 35b7c93aae7d5f74307e9f519fbae61a8f696262b1f794b5aa9bd13b6f828db7
Red Hat Security Advisory 2023-1275-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1275-01 - An update for etcd is now available for Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-1705, CVE-2022-27664, CVE-2022-2880, CVE-2022-30629, CVE-2022-30630, CVE-2022-30632, CVE-2022-30635, CVE-2022-3064, CVE-2022-32148, CVE-2022-32189, CVE-2022-41715, CVE-2022-41717
SHA-256 | d066674ef76779d85d203477eb3b6fa620ffdcbf7da90af5ab48dfdcfd299f79
Ubuntu Security Notice USN-5956-1
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.

tags | advisory, arbitrary, shell, php, xss
systems | linux, ubuntu
advisories | CVE-2016-10033, CVE-2017-11503, CVE-2017-5223, CVE-2018-19296, CVE-2020-13625, CVE-2021-3603
SHA-256 | 222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053c
Ubuntu Security Notice USN-5956-2
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5956-2 - USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.

tags | advisory, arbitrary, shell, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-11503, CVE-2017-5223, CVE-2018-19296, CVE-2020-13625, CVE-2021-3603
SHA-256 | 80b3365b80c510d9ed0f8f67ed3b629ab7b2e844952fb217a7a549d591be9150
Ubuntu Security Notice USN-5855-2
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5855-2 - USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-44267
SHA-256 | 58d142057396cfff41f3cfe91792056150a83a0fbb85ec3df97fe31bcfa39599
Red Hat Security Advisory 2023-1281-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.

tags | advisory, remote, shell, python
systems | linux, redhat
advisories | CVE-2023-25577
SHA-256 | 987d8f013217b57d1857239f6881cfb726cc3c00c621957b53627dccfc7f4cd9
Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure
Posted Mar 16, 2023
Authored by Emad Al-Mousa

Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security problem.

tags | exploit
SHA-256 | 220eab344c9585b4ceae5580fc752834a0002dfd5cc1a78c95445e4b2af32787
Ubuntu Security Notice USN-5955-1
Posted Mar 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5955-1 - It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2022-48339
SHA-256 | 3e5afaf10660a14b4806e0904ed1caa4be875fa6f629208eb6a34f05e9c17b4b
Red Hat Security Advisory 2023-1280-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1280-01 - OpenStack Image Service provides discovery, registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 89e295e70434f59184fd0ddbd0e9497e8e195386dd84f491494e3d2d339783d6
XNU NFSSVC Root Check Bypass / Use-After-Free
Posted Mar 16, 2023
Authored by Google Security Research, nedwill

XNU NFSSVC suffers from root check bypass and use-after-free vulnerabilities due to insufficient locking in upcall worker threads.

tags | exploit, root, vulnerability
advisories | CVE-2023-23514
SHA-256 | dd5db6e40185f5ad1603a814730e94b92ca2cfb3086268f82937050b80986d44
Red Hat Security Advisory 2023-1252-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1252-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0767
SHA-256 | 7548f82ad1f400310a720ee4ef5fe58596bafca33572d7237bb20bbb6ceab239
Red Hat Security Advisory 2023-1251-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1251-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-3564, CVE-2022-4378
SHA-256 | 847addabd4c70200f55c5357a7517feb7e01f2770c95653cbeaf703093cb2031
Red Hat Security Advisory 2023-1279-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1279-01 - Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 1db5fa931e1b684f03db27c5a19241aad360cc9acaf7c54b3d3d28af04b2cc4d
Red Hat Security Advisory 2023-1276-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1276-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41717
SHA-256 | a16eb2a2847860a00ae42648bc936fd6cb73f65f58c813756e77b17e14c0ccd2
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close