what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2024-02-05

American Fuzzy Lop plus plus 4.10c
Posted Feb 5, 2024
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site github.com

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: 3 changes to afl-fuzz, 3 changes to afl-cc, 6 changes to instrumentation, 1 change to qemu_mode, and a few other updates.
tags | tool, fuzzer
systems | unix
SHA-256 | c9a43894b87502a5f69efdb97dee637c9dd4d2c5dfef1c9d79b9d406adafdb76
Debian Security Advisory 5615-1
Posted Feb 5, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5615-1 - It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was susceptible to multiple container break-outs due to an internal file descriptor leak.

tags | advisory
systems | linux, debian
advisories | CVE-2024-21626
SHA-256 | a959e4508099a43ffce4457a32f3fdcb636129404d0c2704c808e2edae17a68f
Ubuntu Security Notice USN-6592-2
Posted Feb 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6592-2 - USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6004, CVE-2023-6918
SHA-256 | 8b05812f1564de798f6fac3b6ba6391af039f74309ab8408b47cb1ef70eee3fa
Cacti pollers.php SQL Injection / Remote Code Execution
Posted Feb 5, 2024
Authored by Christophe de la Fuente, Aleksey Solovev | Site metasploit.com

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.

tags | exploit, remote, local, php, vulnerability, code execution, sql injection, file inclusion
advisories | CVE-2023-49084, CVE-2023-49085
SHA-256 | b4ef67908324e2b53eac068bc36847b4c86d487875706d6d2339e053cc3970f0
Gentoo Linux Security Advisory 202402-10
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-10 - Multiple vulnerabilities have been found in NBD Tools, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.24 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-26495, CVE-2022-26496
SHA-256 | 83b8d46f9c09fea3e5f24332fab518cfa8353b71b47ad892281a37e40beacce2
runc 1.1.11 File Descriptor Leak Privilege Escalation
Posted Feb 5, 2024
Authored by h00die, Rory McNamara | Site metasploit.com

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

tags | exploit, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2024-21626
SHA-256 | c42842f57bc20a342f98ba3468fd922f4034a579676faa1da23d0d71f03b5e91
Debian Security Advisory 5614-1
Posted Feb 5, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5614-1 - Two vulnerabilities were discovered in zbar, a library for scanning and decoding QR and bar codes, which may result in denial of service, information disclosure or potentially the execution of arbitrary code if a specially crafted code is processed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2023-40889, CVE-2023-40890
SHA-256 | 8622812f88e985e7306821abbdc0f758934b8fa49410f0223dd4e05e28a1acdb
SISQUAL WFM 7.1.319.103 Host Header Injection
Posted Feb 5, 2024
Authored by Omer Shaik

SISQUAL WFM version 7.1.319.103 suffers from a host header injection vulnerability.

tags | exploit
advisories | CVE-2023-36085
SHA-256 | 999fb99ba1eaa913b2e2c723b3bae263813d0e1ac23dcb4ed598112369465431
Ubuntu Security Notice USN-6622-1
Posted Feb 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6622-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC on the PowerPC architecture. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | ff69da46815898e29a74d2a9b2e923d655291a8edb80d059ecf7a44b3dc0eeb1
Apple Security Advisory 02-02-2024-1
Posted Feb 5, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 02-02-2024-1 - visionOS 1.0.2 addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2024-23222
SHA-256 | ef7c480cac8065bb23e20b2d4701f7e2cac7122e19abb127d2d019d5b25e894a
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
Posted Feb 5, 2024
Authored by Bipin Jitiya

Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption.

tags | exploit, info disclosure
advisories | CVE-2023-43261
SHA-256 | 4791d7ca6f5a11b71148995110e315c6b6ea98632d3810a0ca1aeb9e961c9eb3
Gentoo Linux Security Advisory 202402-09
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-9 - Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark. Versions greater than or equal to 4.0.11 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2023-5371, CVE-2023-6174
SHA-256 | aedd47a5fac11b07ba34143204f93f64bc085e816f7faf686f4d18430bed47d4
Sumatra PDF 3.5.2 DLL Hijacking
Posted Feb 5, 2024
Authored by Ravishanka Silva

Sumatra PDF version 3.5.2 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2024-24528
SHA-256 | 260431c4bf718f16940d65c7a74690e935f1132e5750593158b7961d93c3e061
Gentoo Linux Security Advisory 202402-08
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-8 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Versions greater than or equal to 3.0.10 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2022-3358, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-2975
SHA-256 | 21ad378435b07083191f0c5fc69298cd031080be76d8665f35aae2aacebb11f1
Gentoo Linux Security Advisory 202402-07
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-7 - Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 4.16.6_pre1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-28703, CVE-2021-28704, CVE-2021-28705, CVE-2021-28706, CVE-2021-28707, CVE-2021-28708, CVE-2021-28709, CVE-2022-23816, CVE-2022-23824, CVE-2022-23825, CVE-2022-26356, CVE-2022-26357, CVE-2022-26358, CVE-2022-26359
SHA-256 | 19872780145bfa0c32c4309b28ecde3c62c36daf70f877bcfa9b07a713bfd2ba
WordPress Simple URLs Cross Site Scripting
Posted Feb 5, 2024
Authored by AmirZargham

WordPress Simple URLs plugin versions prior to 115 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-0099
SHA-256 | c30a14aad4b176fcca47e0448ca0f4736ce2e14ebe3feb095662f74d88b72153
Gentoo Linux Security Advisory 202402-06
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-27404, CVE-2022-27405, CVE-2022-27406, CVE-2023-2004
SHA-256 | 2332b930c1bc02b4c15052d2dd556f55c348f922103bdae172fa61778f27d3ef
GYM MS 1.0 Cross Site Scripting
Posted Feb 5, 2024
Authored by yozgatalperen1

Gym Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original credit for this finding goes to Jyotsna Adhana in October of 2020 but uses a different vector of attack for this software version.

tags | exploit, xss
SHA-256 | c0f2d33a4c3991ea99477e6d1d0b6c609743f37a52348c26fa084cc05b9df687
Gentoo Linux Security Advisory 202402-05
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-5 - Multiple vulnerabilities have been discovered in Microsoft Edge, the worst of which could lead to remote code execution. Versions greater than or equal to 120.0.2210.61 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-29345, CVE-2023-33143, CVE-2023-33145, CVE-2023-35618, CVE-2023-36022, CVE-2023-36029, CVE-2023-36034, CVE-2023-36409, CVE-2023-36559, CVE-2023-36562, CVE-2023-36727, CVE-2023-36735, CVE-2023-36741, CVE-2023-36787
SHA-256 | c844eb6242995346f26fd4f6088786fbcb1b77133dff69f6873e1a0045401326
Gentoo Linux Security Advisory 202402-04
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-4 - A vulnerability has been discovered in GNAT Ada Suite which can lead to remote code execution. Versions prior to 2019-r2 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2020-27619
SHA-256 | 36a43e2ded398a3755890db87828d0b486520c2a8a1e13a524cbc8a5ff206c35
WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting
Posted Feb 5, 2024
Authored by Andreas Finstad

WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-35759
SHA-256 | c220ac742e0433187b0d69c0b84acee272914b285cfb7aab956f93dfb9bd2fce
Gentoo Linux Security Advisory 202402-03
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-3 - Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution. Versions greater than or equal to 5.15.9-r1 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-38593, CVE-2023-32763
SHA-256 | 29abf5245e675ff4a969b993e3b6f8e40d58919eb43e3ef6ff64ed7c35ecd325
Gentoo Linux Security Advisory 202402-02
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-2 - A vulnerability has been discovered in SDDM which can lead to privilege escalation. Versions greater than or equal to 0.18.1-r6 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2020-28049
SHA-256 | 6b963f4bd06c531eca044b5135208a427fda74b10ead04703ae9d3458fab5725
MISP 2.4.171 Cross Site Scripting
Posted Feb 5, 2024
Authored by Mucahit Ceri

MISP version 2.4.171 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-37307
SHA-256 | c46d1b01317a56d0c3ca6306f105dceaf23c7eb41b768453a59fb637c41d5e3e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close