exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2023-03-23

Monitorr 1.7.6m / 1.7.7d Remote Code Execution
Posted Mar 23, 2023
Authored by h00die-gr3y, Lyhins Lab | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileges can exploit this vulnerability and it results in access to the underlying operating system with the same privileges under which the web services run (typically user www-data). Monitorr versions 1.7.6m, 1.7.7d, and below are affected.

tags | exploit, remote, web, arbitrary, php, code execution, file upload
advisories | CVE-2020-28871
SHA-256 | 6c6d18b94bdb35bfe9807add78ec876cdeda11ffafe62ef4078fdeb348b08a51
Posted Mar 23, 2023
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Server DEB package now targets Ubuntu 22.04 LTS. Agents are now Python 3.9-based (server deb package is Python 3.10-based). MySQL-based datastore performance considerably improved. UIv2 supports majority of flows and hunts. Third-party dependencies updated. A lot of minor bugfixes and improvements.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 83e33c64fdc4893402f4ce0e2cef221124b1c93f94e74a895f84c68e147491aa
Ubuntu Security Notice USN-5966-1
Posted Mar 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5966-1 - Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges.

tags | advisory, local, root, info disclosure
systems | linux, ubuntu
advisories | CVE-2022-37703, CVE-2022-37704, CVE-2022-37705
SHA-256 | 2580ab51db5f3bf0e05ef50995b026255510f6945bca4387cdd8ab8d58501893
Ubuntu Security Notice USN-5942-2
Posted Mar 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-25690
SHA-256 | 76128062e398a94f338e5b5896b18ac1f06e0038b125a0094a7badc90b9226a6
Ubuntu Security Notice USN-5967-1
Posted Mar 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5967-1 - It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-15256
SHA-256 | 2993d2e387cb87fefed35c3230b0a173c446c341dd5d84571e0af3e54fa222e4
WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS
Posted Mar 23, 2023
Authored by Marco Wotschka | Site wordfence.com

WordPress plugins Watu Quiz versions 3.3.9 and below, GN Publisher versions 1.5.5 and below, and Japanized For WooCommerce versions 2.5.4 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-0942, CVE-2023-0968, CVE-2023-1080
SHA-256 | aaa6840492b9bd30ed66ef5caa947815162272a3785e8dc84ec1435f67a96153
Page 1 of 1

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By