exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

Files Date: 2023-03-28

Debian Security Advisory 5379-1
Posted Mar 28, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5379-1 - Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.

tags | advisory
systems | linux, debian
advisories | CVE-2023-28686
SHA-256 | e7e91174b6b74ca65394c6ad4132a0a2f37244154e102da74fd77c04ecc1be22
Ubuntu Security Notice USN-5978-1
Posted Mar 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5978-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2196, CVE-2022-27672, CVE-2022-4382, CVE-2022-4842, CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1078, CVE-2023-1281, CVE-2023-23559, CVE-2023-26545
SHA-256 | 71cd680be098e8fe6428fa0aea346ac7a027ec8f5c40c0e9df401cd20a6cbc28
Global Socket 1.4.40
Posted Mar 28, 2023
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: Removed ugly SSL error during valid exit from shell.
tags | tool, tcp
systems | unix
SHA-256 | 628e139e7f12c2e5cac243778c3fe428c878aaf690e64cf650e0be14915eee1e
SolarWinds Information Service (SWIS) Remote Command Execution
Posted Mar 28, 2023
Authored by Spencer McIntyre, Piotr B, Justin Hong, Lucas Miller | Site metasploit.com

The SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITY\SYSTEM.

tags | exploit, remote, code execution
advisories | CVE-2022-38108
SHA-256 | fbc6c5c5be944eb52ce167a061f21875f137dc6101b3184bad8a0d10c9afd154
Apple Security Advisory 2023-03-27-9
Posted Mar 28, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2023-27965
SHA-256 | 657cab4136729775a3c8939a9b4f446a9226251ec4c278ca9dc08d87bc886934
Red Hat Security Advisory 2023-1486-01
Posted Mar 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, code execution, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, python, ruby
systems | linux, redhat
advisories | CVE-2022-24790, CVE-2022-30122, CVE-2022-30123, CVE-2022-31129, CVE-2022-31163
SHA-256 | 34681b3994f7696e63749c33f2b4943d1f3991726eb9aa72976cb927c1014ab6
rukovoditel 3.2.1 Cross Site Scripting
Posted Mar 28, 2023
Authored by nu11secur1ty

rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 898fcd6c42cf09cbd7ec5b6dc7da4c9a70126592c5acdb55261bfd7df9acfbaf
iBooking 1.0.8 Shell Upload
Posted Mar 28, 2023
Authored by d1z1n370, oPty

iBooking version 1.0.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1d1a7039b4955d7dc4e5a704e51e320587047865279cc2297bb299611ef05245
Red Hat Security Advisory 2023-1409-01
Posted Mar 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2023-0767
SHA-256 | ccbdea74072f5f91ca8ea4c3158780053cb6f9d1362b1546944f6471f738d613
Apple Security Advisory 2023-03-27-8
Posted Mar 28, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2023-27932, CVE-2023-27954
SHA-256 | 595dddff94c26025f6dd6b1051bf71d1e83c8332b4e3ba7dc292a7e139562d86
ReQlogic 11.3 Cross Site Scripting
Posted Mar 28, 2023
Authored by Okan Kurtulus

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-41441
SHA-256 | 5227ba88f59a5d4cccd1b7cd664927cd29c2794c9b0bb18836fe0f6ab3662551
Optergy Proton And Enterprise BMS 2.0.3a Command Injection
Posted Mar 28, 2023
Authored by h00die-gr3y, Gjoko Krstic | Site metasploit.com

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Console.jsp in the tools directory and gain full system access. Successful exploitation results in root command execution using sudo as user optergy.

tags | exploit, root
advisories | CVE-2019-7276
SHA-256 | 33babb5810832b13a94e71c123fd7427e2dfe9cd4f92a96b062b362c7592affd
Hashicorp Consul 1.0 Remote Command Execution
Posted Mar 28, 2023
Authored by GatoGamer1155, 0bfxgh0st

Hashicorp Consul version 1.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | cf1a6442030a5c5f6fd07b5a99052472a0dae35ed2b518c1ce2625d5f2fdf42b
Apple Security Advisory 2023-03-27-7
Posted Mar 28, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2023-23527, CVE-2023-23535, CVE-2023-23537, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27954, CVE-2023-27956, CVE-2023-27961, CVE-2023-27963
SHA-256 | b6879bb072dc3bcaf057025d49c0a283fb7726fa16d8a7f521acfcb3b1d18dd1
Apple Security Advisory 2023-03-27-6
Posted Mar 28, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2023-23527, CVE-2023-23528, CVE-2023-23535, CVE-2023-27928, CVE-2023-27929, CVE-2023-27931, CVE-2023-27932, CVE-2023-27933, CVE-2023-27937, CVE-2023-27942, CVE-2023-27954, CVE-2023-27956, CVE-2023-27969, CVE-2023-28181
SHA-256 | e42f83fe6b5a103a0898eab7c9362686f11ad4ddf7d70f2e5929f0e69061f91c
Moodle LMS 4.0 Cross Site Scripting
Posted Mar 28, 2023
Authored by Saud Alenazi

Moodle LMS version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e7721c0aa0560a87ed3a181e9975e3a660308037ece1716c759931eaf08ced82
Ubuntu Security Notice USN-5977-1
Posted Mar 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5977-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2196, CVE-2023-1032, CVE-2023-1281
SHA-256 | 99af519443a922498b72c03944c7ecee25171c7b6bce683a3cee5430e6cbb4b7
Tunnel Interface Driver Denial Of Service
Posted Mar 28, 2023
Authored by ExAllocatePool2

Tunnel Interface Driver suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | f7f2b8b68d017bf58a7d55306d242543aa84752d90337934f157a2539d4cadd4
Apple Security Advisory 2023-03-27-5
Posted Mar 28, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-26702, CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23527, CVE-2023-23534, CVE-2023-23535, CVE-2023-23537, CVE-2023-23540, CVE-2023-23542, CVE-2023-27928, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937
SHA-256 | d3cdaa1e0b2cb20a97257137b5dcffd5cb406a1e65cc4b68176609f11f239ba7
OPSWAT Metadefender Core 4.21.1 Privilege Escalation
Posted Mar 28, 2023
Authored by Ulascan Yildirim

OPSWAT Metadefender Core version 4.21.1 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2022-32272
SHA-256 | 67ed76b4c862c969209c71ff4568ff584d8233722adbde52ad8523f8fddff6cd
Label Studio 1.5.0 Server-Side Request Forgery
Posted Mar 28, 2023
Authored by DeveloperNinja

Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2022-36551
SHA-256 | 71c7c7e58dfd4fd19b14de8fbc71ae94220ca39129c624221250b9a297da7930
Ubuntu Security Notice USN-5976-1
Posted Mar 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5976-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2022-2196, CVE-2022-3061, CVE-2022-3628, CVE-2022-36280, CVE-2022-3646, CVE-2022-3649, CVE-2022-41850, CVE-2023-0394, CVE-2023-0461
SHA-256 | a6dd79b8c521b85e0e1a1074affe7a355a0374b601afa3bdb39197d6af2e1843
X-Skipper-Proxy 0.13.237 Server-Side Request Forgery
Posted Mar 28, 2023
Authored by Milad Fadavvi, Hosein Vita

X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2022-38580
SHA-256 | 876aed8ac1af7db0f1e7042dc3e6263dc7ae9ca1429d89517aef860913ece9e7
Subrion CMS 4.2.1 Cross Site Scripting
Posted Mar 28, 2023
Authored by Sinem Sahin

Subrion CMS version 4.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2522ffebb3f430ee0af9c8551dc7b1c7ccd8d38777900a80d1fb438938e478fa
Apple Security Advisory 2023-03-27-4
Posted Mar 28, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2023-0433, CVE-2023-0512, CVE-2023-23514, CVE-2023-23527, CVE-2023-23533, CVE-2023-23538, CVE-2023-23540, CVE-2023-23542, CVE-2023-27933, CVE-2023-27935, CVE-2023-27936, CVE-2023-27937, CVE-2023-27942, CVE-2023-27944
SHA-256 | 739ebbc2aa08de0dd5a0e2a5bb4889f44cdd6fdabb272260bc18eca98e3250b8
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close