exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2024-02-21

Botan C++ Crypto Algorithms Library 3.3.0
Posted Feb 21, 2024
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 3.x.x release.

Changes: Fixed a potential denial of service caused by accepting arbitrary length primes as potential elliptic curve parameters in ASN.1 encodings. Added FrodoKEM post-quantum KEM. Added support for Blake2s. Added support for RFC 7250 in TLS 1.3 to allow authenticating peers using raw public keys. 43 additional changes and additions.
tags | library
SHA-256 | 368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9
Botan C++ Crypto Algorithms Library 2.19.4
Posted Feb 21, 2024
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release.

Changes: Fixed a potential denial of service caused by accepting arbitrary length primes as potential elliptic curve parameters in ASN.1 encodings. Switched to using a constant time binary algorithm for computing GCD . Fixed a bug in SHAKE_Cipher which could cause incorrect output if set_key was called multiple times. Fixed a bug in RSA-KEM encryption where the shared secret key was incorrectly not padded to exactly the byte length of the modulus. 8 additional fixes and additions.
tags | library
SHA-256 | 5a3a88ef6433e97bcab0efa1ed60c6197e4ada9d9d30bc1c47437bf89b97f276
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation
Posted Feb 21, 2024
Authored by Johannes Volpel, Mike Klostermaier | Site sec-consult.com

OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-25973, CVE-2024-25974
SHA-256 | da2d4328b6f51310c2a5be6d36b60d1aa6c91e556e13bd98db91a0808753e340
Ubuntu Security Notice USN-6647-1
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | dc6419bae3374862f7e099238c6f62915d628b60e52c658d5d47d2442058067e
Ubuntu Security Notice USN-6646-1
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | 263643db87a6432edb065900eea41c3a1d8ae0e9c08508a673c02ef018cf394a
Yealink Configuration Encrypt Tool Static AES Key
Posted Feb 21, 2024
Authored by Jeroen J.A.W. Hermans

A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.

tags | exploit
advisories | CVE-2024-24681
SHA-256 | 5231a89077e6f3acf7d704bf699a2012bd1f949a0d291b1104b455e12e90fb07
Ivanti Connect Secure Unauthenticated Remote Code Execution
Posted Feb 21, 2024
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.

tags | exploit, remote, code execution
advisories | CVE-2023-36661, CVE-2024-21887, CVE-2024-21893
SHA-256 | 517cb3bdebea0c5e8bc6b809e873babc0faf56250fbc150da2e1a5d269f4e7b7
Ubuntu Security Notice USN-6584-2
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-20314, CVE-2021-33912
SHA-256 | c72593cd020b70c074deb6be89fd467cc478f83334792bd3c97e0f5753dae9cd
WordPress 6.4.3 Username Disclosure
Posted Feb 21, 2024
Authored by h4shur

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | a97e941dbe9a61933dee7deb046c9e9a1bbf565a1e2bda9458912a1212b1a57d
Fuelflow 1.0 SQL Injection
Posted Feb 21, 2024
Authored by nu11secur1ty

Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f20df871b015a83f2890d65c542097b8e2ef692547a8a6b09c7f09efd6242502
Ubuntu Security Notice USN-6645-1
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-7192
SHA-256 | c31a439fa6efc6f45ddf70895ddbcdb15a0d2f1e6ccdfe2e0e752da89b5c1bb2
ITFlow Cross Site Request Forgery
Posted Feb 21, 2024
Authored by stehled | Site wp-pomoc.cz

ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2024-25344
SHA-256 | e3baa15b97468f1a53ed93305b65d681ec3ea083d106863615e6c678b4218084
NFC Relay Attack On Tesla Model Y
Posted Feb 21, 2024
Authored by Josep Pi Rodriguez | Site ioactive.com

This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.

tags | paper, protocol, wireless
SHA-256 | 1b2f050c027e1bfe9702c6a2a927a78ccba6ef0043e76bbe3a63de1a54eaecc8
Red Hat Security Advisory 2024-0930-03
Posted Feb 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-33655
SHA-256 | a332284d2f3bdc79b2b6b5265feec719075fbd402552f58befbda3969ae1dff8
Red Hat Security Advisory 2024-0845-03
Posted Feb 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-49568
SHA-256 | c3a86bc78c63a25e4ac74334785c63b0e2bc69199f68a3ec15a6dba2ab612f85
WEBIGniter 28.7.23 Cross Site Scripting
Posted Feb 21, 2024
Authored by Sagar Banwa

WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-46391
SHA-256 | ce9033c8a5d4008525f16f7aed4391e201358d977f4356f22c00babfa8102d79
Red Hat Security Advisory 2024-0837-03
Posted Feb 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | d1bdf47cb8160404fe1823442680fae112d3f1c54d5ff3b387c3907fd6f7cc8d
Red Hat Security Advisory 2024-0832-03
Posted Feb 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-49568
SHA-256 | 0f7f8ac638ae202d360cdddceaddb107b040768f6ecfa6ed1ba97bf3cd508639
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close