exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2024-01-18

WordPress Backup Migration 1.3.7 Remote Command Execution
Posted Jan 18, 2024
Authored by jheysel-r7, Valentin Lobstein, Nex Team | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.

tags | exploit, remote, php
advisories | CVE-2023-6553
SHA-256 | 1feecca12306422ebe993c3821d87be77ad3056e719f9dcbae7c033f156e447f
Ansible Agent Payload Deployer
Posted Jan 18, 2024
Authored by h00die, n0tty | Site metasploit.com

This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).

tags | exploit
SHA-256 | a5fbba3600698942b6e9fdfb81bf552aec7d2529c1415dbf0234d6081449a4c1
Debian Security Advisory 5602-1
Posted Jan 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-0517, CVE-2024-0518, CVE-2024-0519
SHA-256 | 45e1bf24562fc069454170dc81c0c1b115ade42f764860a6f6a63c8ba8f0f761
Ubuntu Security Notice USN-6588-1
Posted Jan 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6588-1 - Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2024-22365
SHA-256 | 01b72c7835037ae651f0e64333340d75271e1c9cf94dfe7c92d80f644b525526
mqXSS 0.2
Posted Jan 18, 2024
Authored by grandpae | Site github.com

mqXSS is a client to communicate with XSS hooked browsers over MQTT. Similar to xsshunter or beef, mqxss allows interaction with remote browsers that have been injected with a XSS payload. However, instead of having the victim connect back to your server they connect through a Secure Websocket MQTT broker instead. This tool facilitates the JS payload generation and interaction with hooked browsers that communicate over WSS MQTT brokers.

tags | tool, remote, vulnerability, xss
systems | unix
SHA-256 | 8896d3a6c195fd964e3ba8e5a991dcb72d8c6488f787f595e2d0fca71fec9ad8
SpyCamLizard 1.230 Denial Of Service
Posted Jan 18, 2024
Authored by Fernando Mengali

SpyCamLizard version 1.230 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | a7873c3ae31f00a2db87aa16898d36176fa4e56ef20e5000f29595ea163d98f1
Ubuntu Security Notice USN-6559-1
Posted Jan 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6559-1 - It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Damien Diederen discovered that ZooKeeper incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-0201, CVE-2023-44981
SHA-256 | 534b6c013d7713c3db3c8290512cdb776320bf30fcdd91612968f64217ae7077
Contiki-NG tinyDTLS Buffer Over-Read / Denial Of Service
Posted Jan 18, 2024
Authored by jerrytesting

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed packets.

tags | advisory, remote, denial of service
advisories | CVE-2021-42147
SHA-256 | cbd23d5e5c03a89b7797b1140a3998118f6627b3823c690bdae65a977b7770e9
Contiki-NG tinyDTLS Epoch Number Reuse
Posted Jan 18, 2024
Authored by jerrytesting

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).

tags | advisory, remote, tcp
advisories | CVE-2021-42146
SHA-256 | db8a0bf96f7883a8a21b7027f42157c985e59fe2bbc26de4705dacefa635eccf
Contiki-NG tinyDTLS check_certificate_request() Denial Of Service
Posted Jan 18, 2024
Authored by jerrytesting

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpectedly, resulting in a denial of service.

tags | advisory, denial of service
advisories | CVE-2021-42145
SHA-256 | 860a30d6b1aa58e5dc58161f2acf23b5acba868a0821683f71b804cf74409a1c
Contiki-NG tinyDTLS dtls_ccm_decrypt_message() Buffer Overread
Posted Jan 18, 2024
Authored by jerrytesting

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. Incorrect handling of over-large packets in dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.

tags | advisory
advisories | CVE-2021-42144
SHA-256 | fcd7f90fba43be1f60b391164b0ba2a0e19f793b3291f3ea45d6c373dadd81b8
Contiki-NG tinyDTLS Buffer Over-Read / Denial Of Service
Posted Jan 18, 2024
Authored by jerrytesting

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.

tags | advisory, remote, denial of service
advisories | CVE-2021-42143
SHA-256 | 846b82fbb5e4c16ada129d3f8122d5e00f7c07ffd7830416cb4698d8fd258206
Contiki-NG tinyDTLS Denial Of Service
Posted Jan 18, 2024
Authored by jerrytesting

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.

tags | advisory, remote, denial of service
advisories | CVE-2021-42142
SHA-256 | e1244689736de9338e92f0ce31592afd33da836f554ad8dfaf50a9775596ca5b
Contiki-NG tinyDTLS Denial Of Service
Posted Jan 18, 2024
Authored by jerrytesting

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.

tags | advisory, denial of service
advisories | CVE-2021-42141
SHA-256 | d23467a0c344b00cea5d67a8d7ebffd0d3109291ffebc872fa9a3524ff53213a
Redis Raft ODR Violation
Posted Jan 18, 2024
Authored by jerrytesting

Redis raft versions master-1b8bd86 to master-7b46079 were discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.

tags | advisory
SHA-256 | 586772289785921cd60806511eb653c014c7a2c3992c9b9729e80b45a626043f
Legends Of IdleOn Random Number Generation Manipulation
Posted Jan 18, 2024
Authored by Soatok Dreamseeker | Site gist.github.com

Legends of IdleOn suffers from use of an insecure random number generator that can be replaced by a malicious user.

tags | exploit
SHA-256 | a9e5118b86a88a1079be435c411c2d75118a0770946b0e8811a6c1535ed7b9ea
Red Hat Security Advisory 2024-0279-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0279-03 - An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-44446
SHA-256 | aa36516f4accc3597cd90449f3ae812bdb83a42ee3e7911f9cabc34b191a1bd9
Red Hat Security Advisory 2024-0278-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0278-03 - Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-33201
SHA-256 | 0e907deff5622c361514f18be2b94658cc2f981624236674841748d0ed5b0f6a
Red Hat Security Advisory 2024-0267-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0267-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, java, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | 25472340c13cb9f4577a8912a5d95f63053995c70bd7bf78286806e9369f1664
Red Hat Security Advisory 2024-0265-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0265-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, java, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | 4bad16c511dcb29dee9422cff81de79c13f07ff10c55612fca6ee2648f96535d
Red Hat Security Advisory 2024-0250-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0250-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | 3d64b9219f0a129f2cd7100b5fbe77fa4333cb34021bf2eac88faf1709e81e78
Red Hat Security Advisory 2024-0249-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0249-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, java, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | a6281db3e40b4796c934f9b79123fe125b43a8258bb4f9ea04c34fbc1a8e1b0b
Red Hat Security Advisory 2024-0248-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0248-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, java, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | a744bc3e2917c7be87ba3de0c18a7c511146043ba0cbced3376d73d6bf7fc44a
Red Hat Security Advisory 2024-0247-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0247-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | 043dea53dc4a46c72e529bbddf23d3b06cbaff15ae4515b6132ca3e8bb86aa8f
Red Hat Security Advisory 2024-0246-03
Posted Jan 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0246-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | d715f9407ae46af18833312453df03daaa7e1d3e5d62cc8a622e469ecd6b94aa
Page 1 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close