what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2023-06-22

Debian Security Advisory 5437-1
Posted Jun 22, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5437-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

tags | advisory, java
systems | linux, debian
advisories | CVE-2023-1183
SHA-256 | 7c544f31219784b743536b45da6065cc810499bfb45dbd1197cd11a809f8e80a
Red Hat Security Advisory 2023-3740-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3740-01 - This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-20883, CVE-2023-24815
SHA-256 | 58c98dc04b54e3626d83bf209197c06eb22fe9f8e980bb6b6099f24aba62f3bd
Kernel Live Patch Security Notice LSN-0095-1
Posted Jun 22, 2023
Authored by Benjamin M. Romer

It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2023-0386, CVE-2023-1380, CVE-2023-1872, CVE-2023-2612, CVE-2023-31436, CVE-2023-32233
SHA-256 | 9af3c677c764aab7902d47c2a505555b84fde68a690ae6e7624c01659fe90f86
Ubuntu Security Notice USN-6183-1
Posted Jun 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6183-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-2828, CVE-2023-2911
SHA-256 | 8c98b23533bb65799530876b7495994b7f2a7e5243dbe968de2fc62016d3d8e1
Red Hat Security Advisory 2023-3771-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3771-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-20860, CVE-2023-20861
SHA-256 | 00566f877e194c658cc2885f9f671af06701ad0fc1fd4587e997d9d53e79ea82
Debian Security Advisory 5436-1
Posted Jun 22, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5436-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

tags | advisory, java
systems | linux, debian
advisories | CVE-2023-1183
SHA-256 | 10c658300144766f15b5f3423e106e451ef63ac07ea18305bd88c937ac36abf1
OX App Suite SSRF / Resource Consumption / Command Injection
Posted Jun 22, 2023
Authored by Mehmet Ince, Martin Heiland, Tim Coen, Icare

OX App Suite suffers from server-side request forgery, command injection, uncontrolled resource consumption, code injection, authorization bypass, and insecure storage vulnerabilities. Various versions in the 7.10.x and 8.x branches are affected.

tags | advisory, vulnerability
advisories | CVE-2023-26427, CVE-2023-26428, CVE-2023-26429, CVE-2023-26431, CVE-2023-26432, CVE-2023-26433, CVE-2023-26434, CVE-2023-26435, CVE-2023-26436
SHA-256 | a27979ae3ae36aed54def31f404e98c49b579e2113420246b0b046bb9f32e18d
WordPress BackUpWordPress 3.8 Backup Disclosure
Posted Jun 22, 2023
Authored by indoushka

WordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 0aa2086e4896317bbe3e7bdbf4459a1d7ed4b988564f1de3d17a4038856e606e
Zstore 6.5.4 Database Disclosure
Posted Jun 22, 2023
Authored by indoushka

Zstore version 6.5.4 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 59ef2a6ae2dedf274f03866554742255b38accdbc92491e12e38cf45e9ba3fd8
Red Hat Security Advisory 2023-3741-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3741-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-32067
SHA-256 | 8783d76c406bb3dbdd7902bd839ae0f4e25d1290d7045d5be51a4596aef627db
Debian Security Advisory 5435-1
Posted Jun 22, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5435-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2022-47184, CVE-2023-30631, CVE-2023-33933
SHA-256 | dfca8e4b23324ea3fd1686d46452b9a26062e6cab430b4598ba6351a0f959fc6
Ad Manager Pro 3.05 Backup Disclosure
Posted Jun 22, 2023
Authored by indoushka

Ad Manager Pro version 3.05 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 9849adf143ac40f826534802c5f270e16d48ad28e11911067998927a139fda16
Active Matrimonial CMS 1.4 HTML Injection
Posted Jun 22, 2023
Authored by indoushka

Active Matrimonial CMS version 1.4 suffers from an html injection vulnerability.

tags | exploit
SHA-256 | 4f76c6ed2c67cc6b8b75cac164fbea9625d1673592f28718c07536a4c040b3cf
Red Hat Security Advisory 2023-3711-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804
SHA-256 | 196186a82819b64abfb35d95f92fbdf909a0e1469d2a1617734772b452b11b4d
Red Hat Security Advisory 2023-3715-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3715-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a memory leak vulnerability.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2023-2700
SHA-256 | 9b8b53521738368a749fe60c780351f9820f05a28d78796091f980340ba474e6
Acon Architecture and Construction Website CMS 1.2 Insecure Settings
Posted Jun 22, 2023
Authored by indoushka

Acon Architecture and Construction Website CMS version 1.2 appears to leave default credentials installed after installation.

tags | exploit
SHA-256 | 70ef2d8bc91eb56a1a4440da226b2cf249319048b28003a05fa920674c61c763
ACJWEB DESIGNER 1.0 SQL Injection
Posted Jun 22, 2023
Authored by indoushka

ACJWEB DESIGNER version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1476b83d361f5d3b12a5630e5e0b2a06fcf04b60ef0362ae9f733f5b20894725
Red Hat Security Advisory 2023-3714-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3714-01 - PostgreSQL is an advanced object-relational database management system.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2454, CVE-2023-2455
SHA-256 | 1980932e5150f22b5f57c035b3ff2943d17686a6d61283f8449cf87085fa2a42
Red Hat Security Advisory 2023-3342-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3342-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-16250, CVE-2022-36227, CVE-2023-0361, CVE-2023-27535
SHA-256 | 5813a13210ed8e54dc4702cd68bd86626f42460b625c85cdf1c29d002e4fa0ba
Hospital Management System 1.0 Cross Site Scripting
Posted Jun 22, 2023
Authored by CraCkEr

Hospital Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bef4ac773418eecdb2cb90f3b34c9de48f70d82f6c1f69f08d2eab960efd9daf
Red Hat Security Advisory 2023-3725-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3725-01 - The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-46663
SHA-256 | f6cb2a7d3051126b1c4eecbd958c190d66bdc0bf9a5f855ef91302dcd94c0eaa
Red Hat Security Advisory 2023-3723-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235, CVE-2023-28466, CVE-2023-32233
SHA-256 | f8a34f995a7852da92a3cca107e8f6571599a4b822024fff055ccd561d71651d
Red Hat Security Advisory 2023-3708-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235, CVE-2023-28466, CVE-2023-32233
SHA-256 | 80c9f68cc29ea00b3e16e1e525e2fcbc5bac527cd864bd1396b7641c8f97a6a4
Red Hat Security Advisory 2023-3722-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer over-read and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650
SHA-256 | e1612faff6f424cfc97b4e21cc06d8f464dc4df56c7dcf975e3d7e907960a248
Microsoft OneNote 2305 Build 16.0.16501.20074 Spoofing
Posted Jun 22, 2023
Authored by nu11secur1ty

Microsoft OneNote version 2305 Build 16.0.16501.20074 suffers from a spoofing vulnerability.

tags | exploit, spoof
advisories | CVE-2023-33140
SHA-256 | e1a6ba66345421d4b84c2f1e23049522fda9532f67c44a4fb8e6abd93f47c7f4
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close