exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2023-06-02

Packet Storm New Exploits For May, 2023
Posted Jun 2, 2023
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 173 exploits added to Packet Storm in May, 2023.

tags | exploit
SHA-256 | 3f39d22e54526c7d409e403a1a6382ca215777d5cae90bbe636eca920ce8f752
Ubuntu Security Notice USN-6134-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-3707, CVE-2022-4129, CVE-2022-47929, CVE-2022-4842, CVE-2023-0386, CVE-2023-0394, CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118
SHA-256 | f29d43641cf6602854ca5f12c8ec924f3cc0c924589ae311e0273f588159f703
Ubuntu Security Notice USN-6133-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6133-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118, CVE-2023-1513, CVE-2023-1829, CVE-2023-1872, CVE-2023-20938, CVE-2023-2162, CVE-2023-32269
SHA-256 | 8dbd60b85d91d8541dce5a452bbd26cd2c78f4622dc2154acc6b4aac98331f41
Ubuntu Security Notice USN-6130-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6130-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | eb8fea09209e1b2a9abd8095f300d58cce398ab3b53779fad1bc9628adcea281
Ubuntu Security Notice USN-6132-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6132-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118, CVE-2023-1380, CVE-2023-1513, CVE-2023-2162, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233, CVE-2023-32269
SHA-256 | 3a2b50e313c2b4827e0511e7d699e0f91e738af1c052d4ce14e197ce64a96362
Ubuntu Security Notice USN-6131-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6131-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | dc564d8e0327ead2dc5b56ea1fdacab2e8e966c41d956a83876c3ad9c642ef13
Ubuntu Security Notice USN-6129-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6129-1 - It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2023-1981
SHA-256 | f65369fa40ed2e7b77a7fc379d24f62c423708f82d427ec75676f1d90369baf7
Faraday 4.4.0
Posted Jun 2, 2023
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Addition where it is now possible to modify the host or service assigned of a vulnerability. Modification to /get_manifest where it separates the optional environment variables from the rest. Addition of the not_any filter operator which will retrieve results that do not contain the value requested. Added fix for make get_manifest to be compatible with all versions of dispatcher.
tags | tool, rootkit
systems | unix
SHA-256 | e2a5cdf7a3ce61d88cc9b378dd84618e9618ea6645c6863b04d35ed89762182c
Total CMS 1.7.4 Shell Upload
Posted Jun 2, 2023
Authored by tmrswrr

Total CMS version 1.7.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 311a9fa22f204b4564b82c2a94c4476851b555dc106ca4601cf30653dcdf3e5a
KesionCMS ASP 9.5 Add Administrator
Posted Jun 2, 2023
Authored by indoushka

KesionCMS ASP version 9.5 suffers from an add administrator vulnerability.

tags | exploit, asp, add administrator
SHA-256 | 8f7da64c05cea45e214c0b133100220a4e4204662264b751cdf75e0cfc9d4cf3
Ubuntu Security Notice USN-6128-2
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6128-2 - USN-6128-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-32324
SHA-256 | fceb8af9b14db12b79923f7e06c1daf58e6a5764133e7f09083a028c0f8d9b1e
Inlislite 3.1 Insecure Settings
Posted Jun 2, 2023
Authored by indoushka

Inlislite version 3.1 appears to leave default credentials installed after installation.

tags | exploit
SHA-256 | b9a6310f5485e8143c98e287ccc11ae6c0522999d2a43b0f2c5124b69bb29bed
Biig Order CMS 2 SQL Injection
Posted Jun 2, 2023
Authored by indoushka

Biig Order version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 135c4823d5cfa6367b9062549ef2f52f49f5c9ff501993937fb584f0c14f9fd6
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close