what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2023-06-19

Ubuntu Security Notice USN-6177-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6177-1 - It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-40149
SHA-256 | e6cdd0e3d0c42bbb014bdc13a1b95610164b58d458c37f074c4a71dbb1318c04
BBoard Forum 1.0 Cross Site Scripting
Posted Jun 19, 2023
Authored by CraCkEr

BBoard Forum version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dc249565999752f20ea8b2f1218967c74c729e1f369ae61f7429b321375e6852
Red Hat Security Advisory 2023-3662-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3662-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-32067
SHA-256 | c47f3f8f3d3487557786186920d8a97082e33197daf8c53bbc9c079d8e9775cb
OpenBSD Kernel Relinking Issue
Posted Jun 19, 2023
Authored by C.W. Schech

The automatic and mandatory-by-default reordering of OpenBSD kernels is not transactional and as a result, a local unpatched exploit exists which allows tampering or replacement of the kernel. Arbitrary build artifacts are cyclically relinked with no data integrity or provenance being maintained or verified for the objects being consumed with respect to the running kernel before and during the execution of the mandatory kernel_reorder process in the supplied /etc/rc and /usr/libexec scripts. The reordering occurs at the end of installation process and also automatically every reboot cycle thereafter unless manually bypassed by a knowledgeable party.

tags | advisory, arbitrary, kernel, local
systems | openbsd
SHA-256 | 534646964f9d44726bd9728ee38202f8b55ff1b1f54a3ede253500cd6b4fd5e5
Ubuntu Security Notice USN-6083-2
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6083-2 - USN-6083-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-24805
SHA-256 | decceef457557adefac9c1f13424abd0b5b135ee95bf421d4386ad76aa1ef601
WG Ticket 1.0 Cross Site Scripting
Posted Jun 19, 2023
Authored by CraCkEr

WG Ticket version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | faf095088f9104bc00317ee339ff7cb6a4aa94bec60668a0a071f805292b077b
Diafan CMS 6.0 Cross Site Scripting
Posted Jun 19, 2023
Authored by tmrswrr, Hulya Karabag

Diafan CMS version 6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d28b123e05c68accec03212f6dbf13028216a8c3f4da7358b4db6889a78d4ae4
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass
Posted Jun 19, 2023
Authored by Lana Codes | Site wordfence.com

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2023-2986
SHA-256 | 0d0d222d7e4479afba078b42457efd1a3419d37ce0e5e13dc9d76da2989c29b7
Ubuntu Security Notice USN-6166-2
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6166-2 - USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-2603
SHA-256 | 9d3ef7276e2ceeb88a0d8282a8238d902c361649bf8b40434cc484189e0d822b
Coursela Personal Course Selling Website 1.0 Cross Site Scripting
Posted Jun 19, 2023
Authored by CraCkEr

Coursela Personal Course Selling Website version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bf0a2b9e36953184847c03c107b7df1c01cb247ba0a30c2cd82bfeca10b9a004
Ubuntu Security Notice USN-6170-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6170-1 - It was discovered that Podman incorrectly handled certain images. An attacker could possibly use this issue to pull an untrusted image.

tags | advisory
systems | linux, ubuntu
SHA-256 | 8d5b1f07e88ff6fd5801d4bd48eb63b00cc0aa6bd4a91b124eb68a8f9bea5348
Ubuntu Security Notice USN-6176-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6176-1 - It was discovered that PyPDF2 incorrectly handled certain PDF files. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-24859
SHA-256 | 79e8fa08d70b3be94d258d760d8e952d77f635676c8411c4e217670463df35ba
Ubuntu Security Notice USN-6167-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6167-1 - It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. It was discovered that QEMU did not properly check the size of the structure pointed to by the guest physical address pqxl. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1050, CVE-2022-4144, CVE-2022-4172, CVE-2023-0330
SHA-256 | 2cba75998a8cdb78ec32d167bfb012d5f0977f37e53d09a890bb6240045f9e0c
Ubuntu Security Notice USN-6175-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2023-1380, CVE-2023-1583, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1859, CVE-2023-1989, CVE-2023-1990, CVE-2023-2194, CVE-2023-2235, CVE-2023-2612, CVE-2023-28466, CVE-2023-28866
SHA-256 | 8d2750e78e3f34d550c35335528e9e223f031e2f6d9e0cec905fe85512526c34
Ubuntu Security Notice USN-6174-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6174-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. It was discovered that the Human Interface Device support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0459, CVE-2023-1073, CVE-2023-26606
SHA-256 | 632d3906a0b0a2c1d622d79dd45d89336eac42d43ef982f2319c70909610cfda
Speculative Denial-of-Service Attacks In Ethereum
Posted Jun 19, 2023
Authored by Kaihua Qin, Liyi Zhou, Aviv Yaish, Arthur Gervais, Aviv Zohar

The expressiveness of Turing-complete blockchains implies that verifying a transaction's validity requires executing it on the current blockchain state. Transaction fees are designed to compensate actors for resources expended on transactions, but can only be charged from transactions included in blocks. In this work, the authors show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return by introducing three attacks.

tags | paper, cryptography
SHA-256 | 68b4adbac9a02de43d43f0c0b285dc603d363d3be1f6185ba4fe1c00129c1969
Red Hat Security Advisory 2023-3661-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3661-01 - The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat, unix
advisories | CVE-2023-32700
SHA-256 | b57a94a77de0cc294afe761935aead5aa0fd9cbbb2d78bb8ae38e05dbb984ad6
Coursemat Multi-Tenant Course Selling Website 1.1 Cross Site Scripting
Posted Jun 19, 2023
Authored by CraCkEr

Coursemat Multi-Tenant Course Selling Website version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1675530982c8312aec9a4f69a1b1a5f0549783510f0a0afc83436b648c577b48
Red Hat Security Advisory 2023-3660-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3660-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-32067
SHA-256 | 22d290497bf4243b478e6c25a13228fe5466ce6572796b1d1e2a838680a094fb
Red Hat Security Advisory 2023-3664-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3782, CVE-2021-46848, CVE-2022-1304, CVE-2022-1705, CVE-2022-2795, CVE-2022-28327, CVE-2022-2880, CVE-2022-32148, CVE-2022-35737, CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-41715, CVE-2022-41717
SHA-256 | dd336c3e2dc2db105e105127e1f2bbf79335a56f544ed3b31f07727c470cb571
SystemK NVR 504/508/516 Command Injection
Posted Jun 19, 2023
Authored by Keniver Wang

SystemK NVR 504/508/516 version 2.3.5SK.30084998 suffer from a command injection vulnerability.

tags | exploit
SHA-256 | 37a7b108e668514d1272b2bf9db799ba455aa98492cd85a4122f6c4264b40362
Debian Security Advisory 5432-1
Posted Jun 19, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5432-1 - Jurien de Jong discovered that the parsing of KeyInfo elements within the XMLTooling library may result in server-side request forgery.

tags | advisory
systems | linux, debian
SHA-256 | ee24cc1357858942fea5c788b259b57c1d2a84475e1c2cef5e274f0ca2153603
elearning-SES 1.0 Sql Injection
Posted Jun 19, 2023
Authored by nu11secur1ty

elearning-SES version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 14b449fd53fdd997460c193401cb6fb035f4356904c022ae14d1a17de6489ce9
RentEquip Multipurpose Rental 1.0 Cross Site Scripting
Posted Jun 19, 2023
Authored by CraCkEr

RentEquip Multipurpose Rental version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1fd5f42ae4fc24efbe648ebf14610f1b332a7409d04419da5876b0ffbfd52961
Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle
Posted Jun 19, 2023
Authored by secbugs3

Polycom BToE Connector version 4.4.0.0 suffers from remote buffer overflow and man-in-the-middle vulnerabilities.

tags | exploit, remote, overflow, vulnerability
SHA-256 | 0474731c83a965e64f56d5999635c45783ba6863f131c036afacdc28c4204b05
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close