exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2023-05-23

Sudoedit Extra Arguments Privilege Escalation
Posted May 23, 2023
Authored by h00die, Matthieu Barjole, Victor Cutillas | Site metasploit.com

This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit (aka sudo -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. by appending extra entries on /etc/sudoers allowing for execution of an arbitrary payload with root privileges. Affected versions are 1.8.0 through 1.9.12.p1. However, this module only works against Ubuntu 22.04 and 22.10. This module was tested against sudo 1.9.9-1ubuntu2 on Ubuntu 22.04 and 1.9.11p3-1ubuntu1 on Ubuntu 22.10.

tags | exploit, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2023-22809
SHA-256 | eaefd5435610f2d14b94c9716c1cfacaa1464408e9bb9ca12c02d1fd7cb21f04
Stegano 0.11.2
Posted May 23, 2023
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Improved typing of various functions. Updated dependencies.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | edc2f69b5090076c99d276a5968f9dda0e5738f6bf8e34f5233dcb702ff3ac2e
WBiz Desk 1.2 Cross Site Scripting
Posted May 23, 2023
Authored by CraCkEr

WBiz Desk version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 03550bc7dff882789a12f3a45a3cb2753d944d1b5b3db27c5c98ba0b048195c2
WBiz Desk 1.2 SQL Injection
Posted May 23, 2023
Authored by CraCkEr

WBiz Desk version 1.2 suffers from a remote SQL injection vulnerability in the idtk parameter. This is a variant finding from the original discovery of SQL injection in this version attributed to h4ck3r in May of 2023.

tags | exploit, remote, sql injection
SHA-256 | 332b84c29819f7a13b61e09456a833eac210172edb2ce5d235400faeb63c454b
Ubuntu Security Notice USN-5725-2
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5725-2 - USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-16845
SHA-256 | c1d4db4b1676e74edd2489358097ff57f961cfd2a391313d0d5d10f6276a44d2
Ubuntu Security Notice USN-6073-9
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-9 - USN-6073-4 fixed a vulnerability in os-brick. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
SHA-256 | c3e79800c65e88375787bc8c21d43489cdf3494607e86a80f463ad61089934e9
Ubuntu Security Notice USN-6073-6
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-6 - USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
SHA-256 | 19f3d5cc0abc256c32830b798c25f52e7838aa9e37064dbbba33e911663ef987
Ubuntu Security Notice USN-6073-7
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-7 - USN-6073-2 fixed a vulnerability in Glance_store. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
SHA-256 | b834ec48f0603c52e23711a3f55c34861a12817405ebdb35d51fef68d852f7c7
Ubuntu Security Notice USN-6073-8
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-8 - USN-6073-3 fixed a vulnerability in Nova. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
SHA-256 | 89388e832579c4d8d18a257c9555154e0ac3d938e39d639129a68e677d05317d
Ubuntu Security Notice USN-6099-1
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2023-29491
SHA-256 | bd5932f6f83f66022d0f8b28696a79dea826d643696406d830f69821bd9667dd
Debian Security Advisory 5409-1
Posted May 23, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5409-1 - Two security issues have been discovered in libssh, a tiny C SSH library.

tags | advisory
systems | linux, debian
advisories | CVE-2023-1667, CVE-2023-2283
SHA-256 | abd472c8de412391ba5ca0b0eda59e7c54a8498ae86da74d49b8402bb519b8a1
Ubuntu Security Notice USN-6094-1
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6094-1 - Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269
SHA-256 | a3a88d0b843198cebf466b877981d871db378fc4912cde4c4d51d76f2d1fa5af
Ubuntu Security Notice USN-6096-1
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6096-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-36280, CVE-2022-3707, CVE-2022-4129, CVE-2022-4842, CVE-2022-48423, CVE-2022-48424, CVE-2023-0210, CVE-2023-0394, CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075
SHA-256 | 34cc30ebdf58924fb1b0c1d2ffdb4157e4f644bf5821397bbd37680bea54a1e2
Ubuntu Security Notice USN-6095-1
Posted May 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6095-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0459, CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269
SHA-256 | 902ea7575b25bbc81e98afa096da148d6b4dd72ed49f98e4a167376dcb1aaef5
Affiliate Me 5.0.1 SQL Injection
Posted May 23, 2023
Authored by h4ck3r

Affiliate Me version 5.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8633b6342c844afb3936033927d659bd0a1ffa95152eacdbf7c50652f08e1f50
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close