what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2023-05-15

Screen SFT DAB 600/C Unauthenticated Information Disclosure
Posted May 15, 2023
Authored by LiquidWorm | Site zeroscience.mk

Screen SFT DAB 600/C is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.

tags | exploit, remote, info disclosure
SHA-256 | e3416b7b51b13c8a02e0377d294d6b4b558ba2a448f681c4ee83ec0d4a9214df
Screen SFT DAB 600/C Authentication Bypass / Reset Board Config
Posted May 15, 2023
Authored by LiquidWorm | Site zeroscience.mk

Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.

tags | exploit
SHA-256 | 0775eb59979d4285d81f3e446995dfddd17a03e6b3fb4d0066b5e60a4d94b27a
Ubuntu Security Notice USN-6060-3
Posted May 15, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6060-3 - USN-6060-1 fixed vulnerabilities in MySQL. The new upstream 8.0.33 version introduced a regression on the armhf architecture. This update fixes the problem. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.33 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.42. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 39f453105706e5aee5e53e888b4188597f22c5d87ecb6d9a75a34de0d747c5bc
Screen SFT DAB 600/C Authentication Bypass / Admin Password Change
Posted May 15, 2023
Authored by LiquidWorm | Site zeroscience.mk

Screen SFT DAB 600/C exploit that circumvents the control and requirement of the admin's old password and directly changes the password.

tags | exploit
SHA-256 | dfcbdbbd5c02702d5532b7a0e38376e5c9b13dc8b11dcbb24c7816464b0a1048
Screen SFT DAB 600/C Authentication Bypass / Erase Account
Posted May 15, 2023
Authored by LiquidWorm | Site zeroscience.mk

Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.

tags | exploit
SHA-256 | e5293775a6d798d227c2626e73ff3e846471a825452ef4ce910c61e4724d48d2
Screen SFT DAB 600/C Authentication Bypass / Password Change
Posted May 15, 2023
Authored by LiquidWorm | Site zeroscience.mk

Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.

tags | exploit
SHA-256 | 2848c1fbf6cfd49fdb794989936933fa8921c22fc36b62a88a8e30d1da63c3aa
Screen SFT DAB 600/C Authentication Bypass / Account Creation
Posted May 15, 2023
Authored by LiquidWorm | Site zeroscience.mk

Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.

tags | exploit
SHA-256 | 1734aa4dedbdbfbce8e975323fff3ec40c7fd2ae37818906ff3811eabf272f54
Debian Security Advisory 5403-1
Posted May 15, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5403-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2023-32205, CVE-2023-32206, CVE-2023-32207, CVE-2023-32211, CVE-2023-32212, CVE-2023-32213, CVE-2023-32215
SHA-256 | bf17b51015328d7d98681df59a418ed89846aef8ff979703c3a45f1a8748f26d
Ubuntu Security Notice USN-6075-1
Posted May 15, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6075-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Irvan Kurniawan discovered that Thunderbird did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-32205, CVE-2023-32206, CVE-2023-32211, CVE-2023-32212
SHA-256 | bc4899aba071e8e51502ad3336268edf2e3fc101e5d313a1c9d85381039d59ac
RockMongo 1.1.7 Cross Site Scripting
Posted May 15, 2023
Authored by Rafael Pedrero

RockMongo version 1.1.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ab8d5c8051cd433bcdcc87ad984c37a9a4b0cb68d3dfa43bde20392849ab68c7
Ubuntu Security Notice USN-6074-1
Posted May 15, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6074-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-32205, CVE-2023-32206, CVE-2023-32207, CVE-2023-32208, CVE-2023-32209, CVE-2023-32210, CVE-2023-32213, CVE-2023-32215
SHA-256 | 346f81631285f22c865ab7b35478e031cee120caa1ae43a62cf551e1b82e5769
TinyWebGallery 2.5 Cross Site Scripting
Posted May 15, 2023
Authored by Mirabbas Agalarov

TinyWebGallery version 2.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d0088b50facabac5530990ca0137108d985c7d99eeffdf7880acc2fee9b17906
Debian Security Advisory 5402-1
Posted May 15, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2023-0386, CVE-2023-31436, CVE-2023-32233
SHA-256 | ca0a9fd5ac26d144a3b3fe22c96089ab67f84776e3fc15dfb5ebef70147e7218
Simple Universal Fortigate Fuzzer
Posted May 15, 2023
Authored by Cody Sixteen

Simple python script to send commands prepared in text files mutated by an example payload string, e.g. multiple A or B letters. Using Fortigate's credentials, a user should be able to use this script to automate a basic fuzzing process for commands available in CLI.

tags | tool, python, fuzzer
SHA-256 | 183513f0d7a7bbd777a50826ac774d0cc927491384f081ad3ae5cf87426b640f
Ubuntu Security Notice USN-6073-5
Posted May 15, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-5 - USN-6073-3 fixed a vulnerability in Nova. The update introduced a regression causing Nova to be unable to detach volumes from instances. This update fixes the problem. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory, web
systems | linux, ubuntu
SHA-256 | cd8b9030e981b945b3e851be94b5f09fd82e1f3129b8df483efe80772fe215c4
Epson Stylus SX510W Denial Of Service
Posted May 15, 2023
Authored by Rafael Pedrero

Epson Stylus SX510W suffers from a power off denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 8d05be986e3d06eb86cff6a9f63ec9f332924c2c01171ba39cb6849388b1a6be
Siemens SIMATIC S7-1200 Cross Site Request Forgery
Posted May 15, 2023
Authored by RoseSecurity

Siemens SIMATIC S7-1200 CPU start/stop command cross site request forgery exploit. This older issue elaborates on t4rkd3vilz's CVE-2015-5698 by issuing a POST command to a specified web server path.

tags | exploit, web, csrf
advisories | CVE-2015-5698
SHA-256 | bec31b24b62a934362f2aebf30a3c1bbbc8f1ca87a9670d278c3773413280b4c
Online Clinic Management System 2.2 Cross Site Scripting
Posted May 15, 2023
Authored by Rafael Pedrero

Online Clinic Management System version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e04a2261c4b6038aa81e45da694418e47016e3912ab04aae9491b4fcc25a55c1
FLEX Denial Of Service
Posted May 15, 2023
Authored by Mr Empy

FLEX versions prior to 1085 Web 1.6.0 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
advisories | CVE-2022-2591
SHA-256 | ae0a20928dfa334d84c3e4bae14365283943129dafd6b66b0cb30a235a9f223c
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close