exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 77 RSS Feed

Files Date: 2024-01-11

Ubuntu Security Notice USN-6578-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6578-1 - Vishal Mishra and Anita Gaud discovered that .NET did not properly validate X.509 certificates with malformed signatures. An attacker could possibly use this issue to bypass an application's typical authentication logic. Morgan Brown discovered that .NET did not properly handle requests from unauthenticated clients. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2024-0057, CVE-2024-21319
SHA-256 | 1a5ffa31cec024f4e71d57b72c2f478574b69113780d92f067efda5d9346b0e0
Debian Security Advisory 5598-1
Posted Jan 11, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5598-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service, or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-0333
SHA-256 | fc63d222e51570fb223395a2aa8d1fb25f8cd15178ff88be15918e0297228dc0
Ubuntu Security Notice USN-6560-2
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6560-2 - USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

tags | advisory, remote, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795, CVE-2023-51385
SHA-256 | 279f23efe6b36684994928a454f01081c5330f4103d3e9a111b6c5ff07c9a1f6
Ubuntu Security Notice USN-6579-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6579-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1311
SHA-256 | 2c7f1904a8605b02abe1cc4cb1f85e2e9495b578c47b07e5a54f32d06a2a6fcf
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
Posted Jan 11, 2024
Authored by Ulyses Saicha, Sean Murphy | Site wordfence.com

WordPress POST SMTP Mailer plugin versions 2.8.7 and below suffer from authorization bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass
advisories | CVE-2023-6875, CVE-2023-7027
SHA-256 | 1bdd84a69d04f6ca05b840e49215c74a3095a9b4cd20f08c7cd6c500f98bc02f
Ubuntu Security Notice USN-6574-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.

tags | advisory, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2023-39318, CVE-2023-39323, CVE-2023-39326, CVE-2023-45285
SHA-256 | b8c2a5761a1b9b637336f2af66c0577c0e91e5d6928b1d69d773c8f5060e8589
Ubuntu Security Notice USN-6562-2
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6562-2 - USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code. George Pantela and Hubert Kario discovered that Firefox using multiple NSS NIST curves which were susceptible to a side-channel attack known as "Minerva". An attacker could potentially exploit this issue to obtain sensitive information. Andrew Osmond discovered that Firefox did not properly validate the textures produced by remote decoders. An attacker could potentially exploit this issue to escape the sandbox.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6135, CVE-2023-6856, CVE-2023-6857, CVE-2023-6860, CVE-2023-6861, CVE-2023-6864
SHA-256 | b0f78c407c1b7675cfb31191c04f588fe6093e29a445623eb97e433bacb31e61
Ubuntu Security Notice USN-6577-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6577-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-45863
SHA-256 | f5c75748cbd05864595b53a3d62429463f197d9429e3dc98c4eef18615631d48
Ubuntu Security Notice USN-6575-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6575-1 - It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2022-39348, CVE-2023-46137
SHA-256 | ed3e7c5783d3f0cb002940795e80215d7f03c457363997ab4d6217f8021d22d0
SimpleWebServer 2.2-rc2 Denial Of Service
Posted Jan 11, 2024
Authored by Fernando Mengali

SimpleWebServer version 2.2-rc2 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | f28d2fac5ba23248c7daf412b3466478c3b79c9d6a68bdebdc204f08f7f5b755
PHPJabbers Event Ticketing System 1.0 Missing Rate Limiting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Event Ticketing System version 1.0 suffers from a missing rate limiting vulnerability.

tags | exploit
advisories | CVE-2023-51339
SHA-256 | 4a6a8a2bb5c05efbc11ad1d41c847ca080200973fefae103ae2349b0fa2e4aaa
PHPJabbers Meeting Room Booking System 1.0 CSV Injection
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Meeting Room Booking System version 1.0 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2023-51336
SHA-256 | 56f185b937b316878476083d1cb2130c91c994c67ad4c681560e1a113757915b
PHPJabbers Meeting Room Booking System 1.0 Cross Site Scripting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Meeting Room Booking System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-51338
SHA-256 | e6821affd91c6976ec243ea146e7afbb0ed24afc9759a1132aa2d0f6d32f79c1
PHPJabbers Event Ticketing System 1.0 Cross Site Scripting / HTML Injection
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Event Ticketing System version 1.0 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-51303, CVE-2023-51306, CVE-2023-51337
SHA-256 | 2caf4aa999009c25ac7c26798df4e4a0ac8a097c8ef866861469f934e7b3bfca
Ubuntu Security Notice USN-6576-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6576-1 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle an expired catchall element in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6111
SHA-256 | b0ba67caed49782e02acb79bc82218723de010303bc990330e8f7b8c0eddeaaf
Ubuntu Security Notice USN-6549-5
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6549-5 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754, CVE-2023-5158, CVE-2023-5178, CVE-2023-5717
SHA-256 | 7f3d37463aea9418aa3b6ed179287539adb8654a4eb628b52ca84b3bcc0b8b01
Ubuntu Security Notice USN-6548-5
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6548-5 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178, CVE-2023-5717, CVE-2023-6176
SHA-256 | 204de9cbd7ff5168f434bb4b9cdf4bb3f661850230f6e8189a021bda661538c8
PHPJabbers Cinema Booking System 1.0 Missing Rate Limiting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Cinema Booking System version 1.0 suffers from a missing rate limiting vulnerability.

tags | exploit
advisories | CVE-2023-51334
SHA-256 | 0e9a8392414859c263da5455715b136476e5d9dfa821e24aa22cabb38d54a54a
PHPJabbers Cinema Booking System 1.0 CSV Injection
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Cinema Booking System version 1.0 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2023-51333
SHA-256 | 14a6d24c101a22f1c0d7244c66f7b75fdd605e2e723016e983aa91ff8f4b8c2e
PHPJabbers Meeting Room Booking System 1.0 Missing Rate Limiting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Meeting Room Booking System version 1.0 suffers from a missing rate limiting vulnerability.

tags | exploit
advisories | CVE-2023-51332
SHA-256 | 2bb4e829d1153014ad902eedd4e84ffd1c4f36ed68b0e4d4f52e2bb2a7835bf5
PHPJabbers Cleaning Business Software 1.0 CSV Injection
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Cleaning Business Software version 1.0 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2023-51331
SHA-256 | fa8e25420d535f17cc1424b804b5e0097c947ebbbb9c26ec4b178c3e61d4fa5a
PHPJabbers Cinema Booking System 1.0 Cross Site Scripting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Cinema Booking System version 1.0 suffers from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, xss
advisories | CVE-2023-51330
SHA-256 | 65d36ac9160ab1c240f6675581e697453542fa0e4bd126a1f51e746ce51641f2
PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Cleaning Business Software version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-51328
SHA-256 | e47debdf9fc3c3d01a9a065adc30bc2b0166bcf23690c6d3ac8b4dd15242abfa
PHPJabbers Cleaning Business Software 1.0 Missing Rate Limiting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Cleaning Business Software version 1.0 suffers from multiple missing rate limiting vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2023-51326, CVE-2023-51327
SHA-256 | 381abe9a5a62fc40721ed1c1d5e23bc493b0edb0ae470d82c9f5996553920898
PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting
Posted Jan 11, 2024
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Shared Asset Booking System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-51325
SHA-256 | 55b8208f2ccd19891ff073a3c0c73038d621c5100ca8bca74d3b845c3b903e9a
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close