exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 60 RSS Feed

Files Date: 2023-09-19

Apache Airflow 1.10.10 Remote Code Execution
Posted Sep 19, 2023
Authored by Pepe Berba, Ismail E. Dawoodjee, xuxiang | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability by combining two critical vulnerabilities in Apache Airflow version 1.10.10. The first, CVE-2020-11978, is an authenticated command injection vulnerability found in one of Airflow's example DAGs, "example_trigger_target_dag", which allows any authenticated user to run arbitrary OS commands as the user running Airflow Worker/Scheduler. The second, CVE-2020-13927, is a default setting of Airflow 1.10.10 that allows unauthenticated access to Airflow's Experimental REST API to perform malicious actions such as creating the vulnerable DAG above. The two CVEs taken together allow vulnerable DAG creation and command injection, leading to unauthenticated remote code execution.

tags | exploit, remote, arbitrary, vulnerability, code execution
advisories | CVE-2020-11978, CVE-2020-13927
SHA-256 | bb3e8db54407d69676a1eba8103ab6fd9b1a3d72a85765a5ca4067e046a3ef88
Lexmark Device Embedded Web Server Remote Code Execution
Posted Sep 19, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.

tags | exploit, remote, arbitrary, cgi, code execution, bash
advisories | CVE-2023-26067, CVE-2023-26068
SHA-256 | 55b25ea44278a5136992f906756ff24cc7e2991ab7847a6388c6522fffc7a70a
TOR Virtual Network Tunneling Tool 0.4.8.6
Posted Sep 19, 2023
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This version contains an important fix for onion service regarding congestion control and its reliability. Apart from that, unneeded bug warnings have been suppressed especially about a compression bomb seen on relays. The Tor team strongly recommends, in particular onion service operators, to upgrade as soon as possible to this latest stable.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 552d895fcaf66c7cd2b50f5abe63b7884b30fed254115be7bfb9236807355088
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
Posted Sep 19, 2023
Authored by Marco Wotschka | Site wordfence.com

WordPress Essential Blocks plugin versions 4.2.0 and below and Essential Blocks Pro versions 1.1.0 and below suffer from multiple PHP object injection vulnerabilities.

tags | exploit, php, vulnerability
advisories | CVE-2023-4386, CVE-2023-4402
SHA-256 | 3bc456da9e240b7476040544d3e4f0b5fa6f68d4e3ad65a015be529481ab73ad
Taskhub 2.8.7 SQL Injection
Posted Sep 19, 2023
Authored by CraCkEr

Taskhub version 2.8.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-4987
SHA-256 | ec51f7c0ec6ec9827399486aa736c27e2875675b7757f895f52b660f9301b1c9
Red Hat Security Advisory 2023-5269-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5269-01 - PostgreSQL is an advanced object-relational database management system.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2454, CVE-2023-2455
SHA-256 | 0bc0d9a60fdfcda899dc4b188ea513db2270ece612fcec958ab317490e650c83
Packers And Movers Management System 1.0 SQL Injection
Posted Sep 19, 2023
Authored by Robert Cretu | Site robsware.github.io

Packers and Movers Management System version 1.0 suffers from a remote blind SQL injection vulnerability. Proof of concept exploit written in python included.

tags | exploit, remote, sql injection, proof of concept, python
advisories | CVE-2023-30415
SHA-256 | 392e218592b7d81bc0c0a1e2e699e9fe38ca587052d6e6393e97b66c59ab44ea
Red Hat Security Advisory 2023-5255-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5255-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine- tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-20593, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 258b79c6d38731112095e3861aa827e7da64cfdb743f048033bd446d901f450c
Super Store Finder 3.7 Remote Command Execution
Posted Sep 19, 2023
Authored by Etharus

Super Store Finder versions 3.7 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 59708f67b0915cf1156ee9e02ad60df7ef019793a0e335e432949ea847133ec7
Red Hat Security Advisory 2023-5220-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5220-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-20900
SHA-256 | 49e87bdb278fc5ebfb08f7d6b8458115e93c7d53e96c36814077d4fe0cb429dc
Ubuntu Security Notice USN-6380-1
Posted Sep 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6380-1 - Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2020-8174, CVE-2020-8265
SHA-256 | c9cc97e96bb7a83ea382245507e85fc0d4820b2068dcb9f3906a130008dfa00c
Red Hat Security Advisory 2023-5213-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5213-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-20900
SHA-256 | 8a4f2705bf6a1bca9b91d0db19f4ebcdcfae40efd014951c9a015a5acb50b819
Red Hat Security Advisory 2023-5216-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5216-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-20900
SHA-256 | efa3c864a04ed4be635bfe21f5dc06cd8d825333c2f80fb2e28538b784cb0124
Red Hat Security Advisory 2023-5224-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5224-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2023-4863
SHA-256 | bd6817f1e4f6c97fc819c0a8ce62a541ef18f564c5689abe9483e2454d3475cb
Red Hat Security Advisory 2023-5218-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5218-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-20900
SHA-256 | bde7d4e94184ae227fe3c61e725c4d1c004e390fdf02bea48f6d285048f96297
Red Hat Security Advisory 2023-5214-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5214-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2023-4863
SHA-256 | c613a0c2a0e96dd2a7efdefa1cc1266b64722d48fe564a507a17ae0e41255fb2
Red Hat Security Advisory 2023-5222-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5222-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2023-4863
SHA-256 | b43aea9374b3a7df5041103ea43adcb2dfa3d53a080a4fa63638a49e8f3bff91
Red Hat Security Advisory 2023-5221-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5221-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 90b863a69ef3aaeeadf4c84256e8105c90c054203054b9c02dcef9c670542b6c
Red Hat Security Advisory 2023-5223-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5223-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2023-4863
SHA-256 | 0983a7bcd4952a6c29c2019e08abf232d9caa035f3c8261d041fc7917766f689
Red Hat Security Advisory 2023-5210-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5210-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-20900
SHA-256 | 8554f99a08e40394d6241fd42669f3a799b8fcd6657ecc7e5552625ded374ff8
Red Hat Security Advisory 2023-5217-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5217-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-20900
SHA-256 | 338c6cff0900c9ff8b53901e2a6e4e463488e383ebd26a0e6e15b09559b46393
Red Hat Security Advisory 2023-5219-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5219-01 - FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

tags | advisory, tcp, protocol
systems | linux, redhat
advisories | CVE-2023-38802
SHA-256 | 759afd71f030a506e2dfabab7b8c4f2e7e0c744118b0700ba98378b0309f611d
Red Hat Security Advisory 2023-5209-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5209-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-21216, CVE-2022-33196, CVE-2023-0286
SHA-256 | e2349325b497de01733a16778a47c3ad4594b641992b40d4decefa64fedf5c94
Red Hat Security Advisory 2023-5155-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5155-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.13. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-22219, CVE-2023-2253
SHA-256 | b9f40d3cec1b35cbc530eae31f324b5def974add399b96d0d9a0de62b3060c20
Debian Security Advisory 5502-1
Posted Sep 19, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5502-1 - Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact.

tags | advisory, remote, denial of service, overflow, vulnerability, protocol
systems | linux, debian
advisories | CVE-2022-23468, CVE-2022-23477, CVE-2022-23478, CVE-2022-23479, CVE-2022-23480, CVE-2022-23481, CVE-2022-23482, CVE-2022-23483, CVE-2022-23484, CVE-2022-23493
SHA-256 | 323c304dee1ba11249d6da0a81f12f546f35d88b8cd6f8fcad09dcd346d812e7
Page 1 of 3
Back123Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close