what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2023-08-16

Clam AntiVirus Toolkit 1.1.1
Posted Aug 16, 2023
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.

Changes: Critical patch release. Fixed a possible denial of service vulnerability in the HFS+ file parser. Fixed a build issue when using the Rust nightly toolchain, which was affecting the oss-fuzz build environment used for regression tests. Fixed a build issue on Windows when using Rust version 1.70 or newer. CMake build system improvement to support compiling with OpenSSL 3.x on macOS with the Xcode toolchain. The official ClamAV installers and packages are now built with OpenSSL 3.1.1 or newer. Removed a warning message showing the HTTP response codes during the Freshclam database update process.
tags | tool, virus
systems | unix
advisories | CVE-2023-20197
SHA-256 | a26699704bb4ddf2684e4adc1f46d5f3de9a9a8959f147970f969cc32b2f0d9e
AudioCodes VoIP Phones Hardcoded Key
Posted Aug 16, 2023
Authored by Moritz Abrell | Site syss.de

The AudioCodes VoIP phones can be managed centrally, whereby configuration files are provided and requested by the phones at a central location. These configuration files can also be provided in encrypted form. This is intended to protect sensitive information within the configuration files from unauthorized access. Due to the use of a hardcoded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. Firmware versions greater than or equal to 3.4.8.M4 are affected.

tags | exploit
advisories | CVE-2023-22956
SHA-256 | aa8123253e08b34d540bf926ba4a87654940b99a7e069721ef96a63db69bac95
AudioCodes VoIP Phones Hardcoded Key
Posted Aug 16, 2023
Authored by Moritz Abrell | Site syss.de

The AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also be automatically configured, e.g. via the "One Voice Operation Center" or other central device management solutions. Due to the use of a hardcoded cryptographic key, an attacker with access to these configuration files is able to decrypt the encrypted values and retrieve sensitive information, e.g. the device root password. Firmware versions greater than or equal to 3.4.8.M4 are affected.

tags | exploit, root
advisories | CVE-2023-22957
SHA-256 | 29414b5c1036f3966c46308f74f15451f22b582e783e487f7aa45422c6dfd70f
AudioCodes VoIP Phones Insufficient Firmware Validation
Posted Aug 16, 2023
Authored by Matthias Deeg, Moritz Abrell | Site syss.de

AudioCodes VoIP Phones with firmware versions greater than or equal to 3.4.4.1000 have been found to have validation of firmware images that only consists of simple checksum checks for different firmware components.

tags | exploit
advisories | CVE-2023-22955
SHA-256 | 87f14d8fb3d841332987f94e0d0b781df7d013b6b805f919c5e4b88c417fe4f0
Hyip Rio 2.1 Cross Site Scripting / File Upload
Posted Aug 16, 2023
Authored by CraCkEr

Hyip Rio version 2.1 suffers from an arbitrary file upload vulnerability that can be leveraged to commit cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
advisories | CVE-2023-4382
SHA-256 | cb26d9e78a7f34adc181f96e6e2bfa835fe0ee3bd358f8c8da79954a82c3bbe6
Ubuntu Security Notice USN-6294-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6294-1 - Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-40225
SHA-256 | eb07f489e5aa114922ba5706f886aedf4d3738378f6fb7e9a080692a4e5c88c3
Red Hat Security Advisory 2023-4664-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2022-45869, CVE-2022-46663, CVE-2023-0458, CVE-2023-1998, CVE-2023-2002, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235, CVE-2023-22652, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
SHA-256 | e6adec08a41db66a6b16db061aa69314b8013291796ba90e7c9baac7c7edf27c
Red Hat Security Advisory 2023-4612-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section. Issues addressed include bypass, code execution, denial of service, and deserialization vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-46877, CVE-2022-1471, CVE-2022-31684, CVE-2022-45143, CVE-2023-1108, CVE-2023-20860, CVE-2023-20861
SHA-256 | 9fce17aaf4b1e17b6dd5371a535e817dbb5fd71c7e4c095fca880dd19e594fbd
Ubuntu Security Notice USN-6293-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6293-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-1625
SHA-256 | 2e00a7841fa65b3e3dd44f551e88dbaeb78958b20f0f4b7ede21df21c6997015
Ubuntu Security Notice USN-6292-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2022-3650
SHA-256 | 75967740ce1a9069be3b5ffdad890e66bf3af3e56b32fbff26a28baf8de418c4
Ubuntu Security Notice USN-6291-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6291-1 - Hanno Bock discovered that GStreamer incorrectly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-5838
SHA-256 | 6ed2a0d160c0f8456980f4faa4f374ee99df919ed0cff56e9c25486aace22156
Red Hat Security Advisory 2023-4603-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2023-34969
SHA-256 | 4fce8c6ec3e22dae0e2f20b975bc266affa67f262d5a7425975c79e3cd79cf1a
Red Hat Security Advisory 2023-4582-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4582-01 - Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-21235
SHA-256 | 83d9f3399f06049a50aecd7cab6994d78263156f001b66a39abef4a0dfe9753b
Ubuntu Security Notice USN-6290-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-48281, CVE-2023-26965, CVE-2023-2731, CVE-2023-2908, CVE-2023-3316, CVE-2023-3618, CVE-2023-38288
SHA-256 | dea439e173df06f4701c3d819ad53b19bb3bf0a6496304490d18dec1b8d0c9e5
Red Hat Security Advisory 2023-4628-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-24963, CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-48279, CVE-2023-24021, CVE-2023-27522, CVE-2023-28319, CVE-2023-28321, CVE-2023-28322, CVE-2023-28484, CVE-2023-29469
SHA-256 | 2421b3b97cc7191c9230548e299fe246f93d5b82a4d21e6fa8eaf14abddaa1f0
Red Hat Security Advisory 2023-4629-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-24963, CVE-2022-36760, CVE-2022-37436, CVE-2022-48279, CVE-2023-24021, CVE-2023-27522, CVE-2023-28319, CVE-2023-28321, CVE-2023-28322
SHA-256 | 6c109e8112c245ff647417e707926d11d65d612b66e7ae46f1f05cb3ab724077
Red Hat Security Advisory 2023-4654-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2023-1667, CVE-2023-2283, CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-3089, CVE-2023-32681, CVE-2023-34969, CVE-2023-37903, CVE-2023-38408
SHA-256 | f65b71e2d93a61d8fd6e9baa0836136297d958349bf5dfab6550b04986c6a67b
Ubuntu Security Notice USN-6289-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-38133, CVE-2023-38595, CVE-2023-38611
SHA-256 | 56a23505c39e15a9992e4da11ed2253e380d5dccf0c819aca7b95fda96df2aaf
ExcessWeb And Network CMS 4.0 Database Disclosure
Posted Aug 16, 2023
Authored by indoushka

ExcessWeb and Network CMS version 4.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 3804ccc9e62f4f0b3d7f7e5d2646a5827031767b52189c5bfbdb8fee5663b88f
Evsanati Radyo 1.0 Insecure Settings
Posted Aug 16, 2023
Authored by indoushka

Evsanati Radyo version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | 1326815dc9e9bd378da2493a7d90ff8ff159f77ddbce953e96b82a55038a3c8c
Event Locations CMS 1.0.1 Cross Site Scripting
Posted Aug 16, 2023
Authored by indoushka

Event Locations CMS version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ef6dfc0bf961f4476c4574b9af2ecbb1525f1e15fc02221c257a9d4d1ad082f6
Erim Upload 4 Database Disclosure
Posted Aug 16, 2023
Authored by indoushka

Erim Upload version 4 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 0a5d9f97ad99a2e396c97011db6206b01062091d026186ae3e3e5346edff23b4
E-partenaire LMS 1.0.0 Cross Site Scripting
Posted Aug 16, 2023
Authored by indoushka

E-partenaire LMS version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ccf167601a645dc0cec6d60d6fb1c3ef568c4f66b01fd8e2878bd91b70a103f4
EMH CMS 0.1 Cross Site Scripting
Posted Aug 16, 2023
Authored by indoushka

EMH CMS version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c58615aff6cd57a5ca22a34be62372e9e81249eb20b812f9a35ccd440af33052
H2 Web Interface Create Alias Remote Code Execution
Posted Aug 16, 2023
Authored by h00die, gambler, h4ckNinja, Nairuz Abulhul | Site metasploit.com

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not favorable. A valid database connection is required. If the database engine was configured to allow creation of databases, the module default can be used which utilizes an in memory database. Some Docker instances of H2 don't allow writing to folders such as /tmp, so we default to writing to the working directory of the software. This Metasploit module was tested against H2 version 2.1.214, 2.0.204, 1.4.199 (version detection fails).

tags | exploit, java, web, arbitrary
SHA-256 | 07a91f31f74a5616ef0d92c5c535db18babf8aacc5e32f1b0d759b6219544cc8
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close