what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2023-06-13

TerraMaster TOS 4.2.29 Remote Code Execution
Posted Jun 13, 2023
Authored by h00die-gr3y, Octagon Networks, 0xf4n9x | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.

tags | exploit, remote, root, php, vulnerability, code execution
advisories | CVE-2022-24989, CVE-2022-24990
SHA-256 | 7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25d
American Fuzzy Lop plus plus 4.07c
Posted Jun 13, 2023
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site github.com

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: 3 updates to afl-fuzz, 6 updates to afl-cc, 2 updates to afl-showmap, 1 update to afl-cmin + afl-cmin.bash, 1 update to qemu_mode. Two new custom mutators.
tags | fuzzer
systems | unix
SHA-256 | cdb42834359b17336047814d1c24845f606456dbe4e6aff5edac66c21aa577db
Hydra Network Logon Cracker 9.5
Posted Jun 13, 2023
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: 2 updates to http-form, 1 fix for smb2, 1 fix for smtp, and 1 fix for rdp.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | 9dd193b011fdb3c52a17b0da61a38a4148ffcad731557696819d4721d1bee76b
Debian Security Advisory 5425-1
Posted Jun 13, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.

tags | advisory, web, php
systems | linux, debian
SHA-256 | b78ada19cdad18133c1d75e67c6a3d412579cefae51613bdc1305bfaf34bc7be
Debian Security Advisory 5424-1
Posted Jun 13, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.

tags | advisory, web, php
systems | linux, debian
SHA-256 | 1480d11098e522e1a4cec8195fa739e3296da2ba49c56c9ed78a071d88989612
Ubuntu Security Notice USN-6160-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6160-1 - It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-45078
SHA-256 | 8b6a655fc6838240998d7cd469c2413c5315a09e14069da4d3c5a84cff73fcd3
Ubuntu Security Notice USN-6159-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6159-1 - It was discovered that Tornado incorrectly handled certain redirect. An remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-28370
SHA-256 | 7440ddb7e97150e1cf67daa00fd016cf9ebe9fd1c46535f1f9d68002fa456714
Ubuntu Security Notice USN-6158-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6158-1 - It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2022-0235
SHA-256 | 968ff904ef9f14fe3e77d238e9a2ee6369b1894eeb3c04eaf46e01fdd905979a
Ubuntu Security Notice USN-6143-2
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-34415, CVE-2023-34416
SHA-256 | 65e5345c6a2eff50bedd46c58f08263dddb24b4796a5b94947e949f12a360fb6
Red Hat Security Advisory 2023-3495-01
Posted Jun 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2022-1679, CVE-2022-1789, CVE-2022-20141, CVE-2022-2196, CVE-2022-25147, CVE-2022-25265, CVE-2022-2663, CVE-2022-3028, CVE-2022-30594, CVE-2022-3239
SHA-256 | 75ededaa7ebb9bc88370e1dcf331b0264869168ba7cd74f69b15381204808248
Ubuntu Security Notice USN-6157-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6157-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-26253
SHA-256 | b01cd6fd53124be83389f3f71bb29ce80f5daf831c84d7b8ac6ba8dc441c5fff
Ubuntu Security Notice USN-6148-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6148-1 - It was discovered that SNI Proxy did not properly handle wildcard backend hosts. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2023-25076
SHA-256 | 73ed2f2b42d8fbf219d68ecb70c28ade57663eab3a64ccf40ecd1e390a89fea4
Ubuntu Security Notice USN-6156-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6156-1 - It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2022-4254
SHA-256 | 63578ae04fc3e81b06fa98a19bd7e8d2c47bcb07bf5872c1a28538556c4317f6
Ubuntu Security Notice USN-6155-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6155-1 - Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-32681
SHA-256 | 36886555e4ffe834520b499d96cab6905a0724841e5922e2e007f3843e76b975
Ubuntu Security Notice USN-6154-1
Posted Jun 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6154-1 - It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-2426, CVE-2023-2609, CVE-2023-2610
SHA-256 | 8848b18b0396acfc52a2563f943aabe12e20a60d1698fb46840f08bf54c7de10
ProLogin 1.9 Insecure Direct Object Reference
Posted Jun 13, 2023
Authored by indoushka

ProLogin version 1.9 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 36f2fa8535bbb46e039186a15887f500fdfa9007841ab476d7fdce82ee62e103
Piyanas 0.1 Cross Site Request Forgery
Posted Jun 13, 2023
Authored by indoushka

Piyanas version 0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | da33c7a3f20204afc57251323ce20a3ff63022f850048df90865809817a3df15
phpAnalyzer 2.0.4 Insecure Settings
Posted Jun 13, 2023
Authored by indoushka

phpAnalyzer version 2.0.4 appears to leave default credentials installed after installation.

tags | exploit
SHA-256 | d51987e4819d06b3df58aca60e11f4c08b120851934626b98c70303d40027d34
EasyAnswer 1.0.1 Cross Site Request Forgery
Posted Jun 13, 2023
Authored by indoushka

EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 8a8571d6c794a167c8e35842efa44a6c771bc100529859f16183e6a698ebae01
Online Thesis Archiving System 1.0 SQL Injection
Posted Jun 13, 2023
Authored by nu11secur1ty

Online Thesis Archiving System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c2b85344213729b28081ddd9f9688c1eaf052a6a2e3a0c5c6c894b00dd672eda
Xoops CMS 2.5.10 Cross Site Scripting
Posted Jun 13, 2023
Authored by tmrswrr

Xoops CMS version 2.5.10 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f50eae013be87413e7586e015b02f9f385d2883ba7fa473b31bd6af8b4e86ee9
MOVEit Transfer SQL Injection / Remote Code Execution
Posted Jun 13, 2023
Authored by Horizon3 Attack Team | Site github.com

This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.

tags | exploit, remote, arbitrary, code execution, sql injection, proof of concept
systems | windows
advisories | CVE-2023-34362
SHA-256 | 891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close