exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2023-07-19

RWS WorldServer 11.7.3 Session Token Enumeration
Posted Jul 19, 2023
Site redteam-pentesting.de

RWS WorldServer versions 11.7.3 and below suffer from a session token enumeration vulnerability.

tags | exploit
advisories | CVE-2023-38357
SHA-256 | 3809eddfb426d1ed940f1b902726114b7c7322dfe9d241fc6e98fd22830832ca
Ubuntu Security Notice USN-6237-1
Posted Jul 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.

tags | advisory, remote, denial of service, spoof, info disclosure
systems | linux, ubuntu
advisories | CVE-2023-28321, CVE-2023-28322, CVE-2023-32001
SHA-256 | 51f46d8ba4e11574eb483e508710565644dc207c352aed8e601c8ec28e6a4ba4
Openfire Authentication Bypass / Remote Code Execution
Posted Jul 19, 2023
Authored by h00die-gr3y | Site metasploit.com

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.

tags | exploit, java, remote, web, code execution
advisories | CVE-2023-32315
SHA-256 | 88a0702601cff01264e02916f842525d503acf8b450db38e6b24d4a2d9099b89
PaulPrinting CMS Cross Site Scripting
Posted Jul 19, 2023
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

PaulPrinting CMS suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0b9b7ad7b52dff7dadc73e6b15ebce81609bbccc522be48093c9fc76d4869227
Red Hat Security Advisory 2023-4053-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-20838, CVE-2020-14155, CVE-2020-24370, CVE-2020-35525, CVE-2020-35527, CVE-2021-20231, CVE-2021-20232, CVE-2021-23177, CVE-2021-31566, CVE-2021-3580, CVE-2021-36084
SHA-256 | 3bcde00c10f50e0c04e8bb156e955aa18c0b0fde3d60fb4c86dca74a55ed295e
MojoBox BLE Replay Attack
Posted Jul 19, 2023
Authored by Matteo Mandolini

ShowMojo MojoBox Digital Lockbox with firmware versions prior to 1.4 are vulnerable to authentication bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks.

tags | exploit
advisories | CVE-2023-34625
SHA-256 | c8d01ab621c05b5cf222dd8cb734378695bdd49996ea9fd01e1440dcdf9d4afc
Aures Booking And POS Terminal Local Privilege Escalation
Posted Jul 19, 2023
Authored by Vulnerability Laboratory, Benjamin Mejri, Lars Guenther | Site vulnerability-lab.com

Aures Booking and POS Terminal suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 65dcbce0dd25b1ee5a8f8ed1f420757b81a899961e2fd8df51f43e586fd4d3f1
OpenSSH 9.3p2
Posted Jul 19, 2023
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Disallowed remote addition of FIDO/PKCS11 keys. Terminates pkcs11 process for bad libraries.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | 200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
Ubuntu Security Notice USN-6236-1
Posted Jul 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-26675, CVE-2021-26676, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293, CVE-2023-28488
SHA-256 | f3894c0008a42ac92888785f910724c4ae5b50e31e7b89bdf6b252564b1bdb6f
Webile 1.0.1 Cross Site Scripting
Posted Jul 19, 2023
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Webile version 1.0.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9f5ef29f2e536ba47a2d55d09865dd5fd682e893f3576420ebd9b11e81f44a03
Dooblou WiFi File Explorer 1.13.3 Cross Site Scripting
Posted Jul 19, 2023
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Dooblou WiFi File Explorer version 1.13.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fc057810667f574cf1a766dc21c16490b2720f260231453db7f897daf835bedd
Red Hat Security Advisory 2023-4204-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4204-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-26604, CVE-2023-3089
SHA-256 | e28b9f4d75c6a5705f4b1069ef08aac3955a1d0c7eb2e93e2d4ebfbb62fbc557
PaulPrinting CMS Cross Site Scripting
Posted Jul 19, 2023
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

PaulPrinting CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1476838dfeb8caf84a49a3c37d8d86599c7d06983852e43569841ef23d18583a
Red Hat Security Advisory 2023-4201-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4201-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2023-32435, CVE-2023-32439
SHA-256 | a7d7554b6d74914a196337b5c2553010ed7ed00bbfd369756b272b6f2aa01588
Tiva Events Calender 1.4 Cross Site Scripting
Posted Jul 19, 2023
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Tiva Events Calender version 1.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ff6d43136930eb7be361f52eebe6e20e440999b2b18d5e0ec023055d03babdcd
Active Super Shop CMS 2.5 HTML Injection
Posted Jul 19, 2023
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Active Super Shop CMS version 2.5 suffers from an html injection vulnerability.

tags | exploit
SHA-256 | c721b298b72ab93ba44d36855084d2b6d6fc5a1941dd49801fe8154a10186b28
Red Hat Security Advisory 2023-4202-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4202-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2023-32435, CVE-2023-32439
SHA-256 | f83c9132ee29579547e8f9c92f9007ae3c552152caee5d0e4d8338bfb5ae1760
Boom CMS 8.0.7 Cross Site Scripting
Posted Jul 19, 2023
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Boom CMS version 8.0.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 946b502817cdfae4ddafbe5d6ea5c8846de4a8be41c8ba1e4f42c00f6ea8bded
Microsoft Office 365 18.2305.1222.0 Remote Code Execution
Posted Jul 19, 2023
Authored by nu11secur1ty

Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.

tags | exploit, remote, code execution
advisories | CVE-2023-33148
SHA-256 | 7b4fc08e37b6434887181c5603d0fcdb5ef2c0caef143f547da4b1a8d70b9799
Red Hat Security Advisory 2023-4200-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4200-01 - A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-20883
SHA-256 | bc405a6019830ee64b8cccb664b61b110b2fc08ca6c32796b1b791ffae0bb212
Hardwear.io NL 2023 Call For Papers
Posted Jul 19, 2023
Authored by hardwear.io CFP | Site hardwear.io

The call for papers for Hardwear.io 2023 in the Netherlands is now open. It will take place November 2nd through the 3rd, 2023 at the Marriott Hotel, The Hague, Netherlands.

tags | paper, conference
SHA-256 | ec87fd1f62c43c5094a8b7edcbb92181ee748aea83102c2abf02a405cf32899b
Ubuntu Security Notice USN-6233-1
Posted Jul 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
SHA-256 | dc76af79630bbfeaaf462528d36963309713ef6633d5dd1d737257cd112afad5
Clip Share 4.1.4 Cross Site Scripting
Posted Jul 19, 2023
Authored by indoushka

Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f104b1e9de39e7d0bb70da284aab85d83380acd95357f1cdeaf43197d30dc724
Ciuis CRM 1.0.7 Add Administrator
Posted Jul 19, 2023
Authored by indoushka

Ciuis CRM version 1.0.7 suffers from an add administrator vulnerability.

tags | exploit, add administrator
SHA-256 | 2b286a02c597cbb32afc9266045e6da8b1c71e5dbceb7655aed5c7f1b146456e
Red Hat Security Advisory 2023-4203-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4203-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2023-24329
SHA-256 | 46c15e24854b58d292795c5f401e74c5dda9a33b793f95b1a91fc41e5a0d1e7b
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close