exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 49 RSS Feed

Files Date: 2023-04-12

Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco PolyEco Digital FM Transmitter version 2.0.6 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks to gain full control of the system.

tags | exploit, remote
SHA-256 | 4b06b64589263878904bbae281d9bc23f194bb5f895a3a50d9058978920f6a0e
Ubuntu Security Notice USN-6013-1
Posted Apr 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

tags | advisory, remote, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2020-36516, CVE-2021-26401, CVE-2021-3428, CVE-2021-3659, CVE-2021-3669, CVE-2021-3732, CVE-2021-3772, CVE-2021-4149, CVE-2021-4203, CVE-2021-45868, CVE-2022-0487, CVE-2022-0494, CVE-2022-0617, CVE-2022-1016
SHA-256 | a9c225928b1c28bf90c101180a361e5db4576ba6b23acb6d2f68a5da43566ceb
Sielco PolyEco Digital FM Transmitter 2.0.6 Cookie Brute Force
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.

tags | exploit
SHA-256 | 8f1daeafa0b883f3bc1384e9d0ca0360450ece2b79076365d95798b698667cd0
Red Hat Security Advisory 2023-1656-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2022-31690, CVE-2022-31692, CVE-2022-3172, CVE-2022-42889, CVE-2023-0266, CVE-2023-0286, CVE-2023-0461, CVE-2023-24422, CVE-2023-27898, CVE-2023-27899, CVE-2023-27903, CVE-2023-27904
SHA-256 | 240de720e001bf838375281c8974f3f4db8855a03923fc43cfd177237fada857
Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.

tags | exploit, vulnerability
SHA-256 | 1779dd48b3ba2fb604c2b3fe1410c7bc803e1f964aaa62ab3b478868956ced70
Ubuntu Security Notice USN-6011-1
Posted Apr 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6011-1 - It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed quotes. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed brackets. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-31684, CVE-2023-1370
SHA-256 | 779aeab8a0e6e185281188748833317d5be747f25316532e4e271da16208b410
Sielco PolyEco Digital FM Transmitter 2.0.6 Information Disclosure
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.

tags | exploit, remote, info disclosure
SHA-256 | 267418fd80ab371b230bbaa9fdec8767c24efde298174b16aca5925e335bcb57
Red Hat Security Advisory 2023-1655-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-31690, CVE-2022-31692, CVE-2022-3172, CVE-2022-42889, CVE-2023-24422, CVE-2023-27898, CVE-2023-27899, CVE-2023-27903, CVE-2023-27904
SHA-256 | f5fdb00ee615b9b2fbc00838a17e11fc10b0748dec647bfe139f3c9248ea106e
Sielco PolyEco Digital FM Transmitter 2.0.6 POST Manipulation
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a radio data system POST manipulation vulnerability.

tags | exploit
SHA-256 | e4b2d7df23ae1d7324dc922c11ba13e061cf42b3b6e86c38b42666eb035ea0d7
Sielco PolyEco Digital FM Transmitter 2.0.6 Authorization Bypass
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
SHA-256 | 914581db2916f5747f0db33acd0f545ea153e562c456cbc46171baf8c4bada5d
Ubuntu Security Notice USN-6010-1
Posted Apr 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6010-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29538, CVE-2023-29539, CVE-2023-29540, CVE-2023-29541, CVE-2023-29543, CVE-2023-29548, CVE-2023-29549
SHA-256 | c07c9ccfa752f289448bcd7602852f783c5740abe4afaefdadd3ef002834324b
Rocket Software Unidata udadmin_server Authentication Bypass
Posted Apr 12, 2023
Authored by Ron Bowes | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server. This affects versions of UniData prior to 8.2.4 build 3003. This service typically runs as root. It accepts a username of ":local:" and a password in the form of "<username>:<uid>:<gid>", where username and uid must be a valid account, but gid can be anything except 0. This exploit takes advantage of this login account to authenticate as a chosen user and run an arbitrary command (using the built-in OsCommand message).

tags | exploit, arbitrary, local, root, bypass
systems | linux
advisories | CVE-2023-28503
SHA-256 | a072b9a39317b3843159b4f19550be453c524b06398e48145609bb5afa1a4475
Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow
Posted Apr 12, 2023
Authored by Ron Bowes | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server, which runs as root. This vulnerability affects UniData versions 8.2.4 build 3003 and earlier (for Linux), but this module specifically targets UniData version 8.2.4 build 3001. Other versions will crash the forked process, but will not otherwise affect the RPC server. The username and password fields are copied to a stack-based buffer using a function that's equivalent to strcpy() (ie, has no bounds checking). Additionally, the password field is encoded in such a way that we can include NUL bytes.

tags | exploit, root, bypass
systems | linux
advisories | CVE-2023-28502
SHA-256 | 573fc6e16c91d795c9424c33a9909a1277e50ad02e08eb5886ceb1a2e2610251
Red Hat Security Advisory 2023-1744-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1744-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-38900, CVE-2022-4904, CVE-2023-23918, CVE-2023-23920
SHA-256 | b516e9f562da009ac786a0543e0d7eebc70acfd4e3c5df43a3267c02f234c887
Red Hat Security Advisory 2023-1743-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1743-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065, CVE-2022-25881, CVE-2022-3517, CVE-2022-38900, CVE-2022-4904, CVE-2023-23918, CVE-2023-23920
SHA-256 | 48bd4394b42ef169e2f3ba2b84e34d023eb13eadddd77b237b4659256714e6b3
Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 04fe7d8ff6572fa3612a369b0c0a33163c016a620b5ff6ab9e58d326db1f5cf8
Sielco Radio Link 2.06 Remote Privilege Escalation
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco Radio Link version 2.06 suffers from a remote privilege escalation vulnerability.

tags | exploit, remote
SHA-256 | 0c75a354919091616a5f5737e0902174ba1e520eeba17f8046eaaf7514082d82
Red Hat Security Advisory 2023-1663-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1663-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2022-42252, CVE-2022-45143
SHA-256 | c0b211c61f5b1935e346647b65b123e0fa7907ee7a3ed75a15991b0a9fd45bb6
Sielco Radio Link 2.06 Improper Access Control
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco Radio Link version 2.06 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.

tags | exploit
SHA-256 | f9373f954a93947453ded81dc6daa3fec0b14580a358bf7dd553b39b0a3ac6e3
Sielco Radio Link 2.06 Cross Site Request Forgery
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco Radio Link version 2.06 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | c17546acff364d10c1872ec359f38d4d53aa3ec8bfa731bb52efa125a19521ce
Ubuntu Security Notice USN-6009-1
Posted Apr 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6009-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-3669, CVE-2022-3424, CVE-2022-36280, CVE-2022-41218, CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0394, CVE-2023-23455, CVE-2023-23559, CVE-2023-28328
SHA-256 | fae0436a7a71ef1f1c9e2b9c7be382f428603ebb16892ffc834fe96514e4351e
Sielco Radio Link 2.06 Cookie Brute Force
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco Radio Link version 2.06 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.

tags | exploit
SHA-256 | b3c859a3990332816faa05fab3d576d807b312c06709f5259ba34906edcbc66e
Red Hat Security Advisory 2023-1664-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1664-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2022-42252, CVE-2022-45143
SHA-256 | c0eb66100eff33a05cc9e2d9a75d565b68109c88876cfb85737526650fe5d7c1
Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco Analog FM Transmitter version 2.12 suffers from a remote privilege escalation vulnerability.

tags | exploit, remote
SHA-256 | f9e8dacd33d3784c7f722d94e8a2f150689a024754736b4c0454360058ce7c17
Sielco Analog FM Transmitter 2.12 Improper Access Control
Posted Apr 12, 2023
Authored by LiquidWorm | Site zeroscience.mk

Sielco Analog FM Transmitter version 2.12 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.

tags | exploit
SHA-256 | d26af0548c227a54b41c51e35c1c6513352b0b18304e8cf89730a7260c3ad51d
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close