exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2024-03-14

Debian Security Advisory 5639-1
Posted Mar 14, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5639-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-2400
SHA-256 | 4cbadb48dda00be85d46d8fcccadc0b92923c8219c7569b6d2df731ece4d0271
Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
Posted Mar 14, 2024
Authored by Michael Baer | Site sec-consult.com

Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2024-06070
SHA-256 | 7507da836273d2bbc7b9ad937d83b3421ee4908160760a5f62fe62fa67b910e0
Vinchin Backup And Recovery 7.2 Command Injection
Posted Mar 14, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from an authentication command injection vulnerability.

tags | exploit
advisories | CVE-2024-25228
SHA-256 | dd0fc3f58917682d94f66913e102128d1a5e1eb10e34fa851b9f47a77fc06b74
Ubuntu Security Notice USN-6673-2
Posted Mar 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2023-50782
SHA-256 | c4fe18ae97be2193d34a7e1f1b12596463b48313b3820550e75dc093759247ba
Hunting Down The HVCI Bug In UEFI
Posted Mar 14, 2024
Authored by Satoshi TANDA, Andrea Allievi | Site tandasat.github.io

This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.

tags | advisory, arbitrary, kernel, root, code execution
systems | windows
advisories | CVE-2024-21305
SHA-256 | 9d64188a47060dad96a12b2b5fc06e5f3f52c1141722943d26696fa195cc355b
Fortinet FortiOS Out-Of-Bounds Write
Posted Mar 14, 2024
Authored by h4x0r-dz | Site github.com

Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7.

tags | exploit
advisories | CVE-2024-21762
SHA-256 | 253e125f2c77fe6892c6503df7eeedff1bed043c4fb701d366058c149ab702b6
Ubuntu Security Notice USN-6587-5
Posted Mar 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6587-5 - USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6478, CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409, CVE-2024-21885, CVE-2024-21886
SHA-256 | 9f02a5fba82a37e9433c20a481152b829c57eaf4483d36e161436fe7547bf8f0
JetBrains TeamCity Unauthenticated Remote Code Execution
Posted Mar 14, 2024
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.

tags | exploit, remote, arbitrary, code execution, bypass
advisories | CVE-2024-27198
SHA-256 | 68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87
Apple Security Advisory 03-12-2024-1
Posted Mar 14, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 03-12-2024-1 - GarageBand 10.4.11 addresses code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2024-23300
SHA-256 | cf1feda0632734f3eac97a03cb231aca57c5c2445e35cdacbbac27e26d43b080
Ubuntu Security Notice USN-6686-2
Posted Mar 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6686-2 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-22995, CVE-2023-4134, CVE-2023-46343, CVE-2023-46862, CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2024-0340, CVE-2024-0607
SHA-256 | 88475de5e2398450d91c1bb38fd2f616290eb3128f9d1ab6ef796c5b5b3a08eb
Apple Security Advisory 03-07-2024-7
Posted Mar 14, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2024-23220, CVE-2024-23225, CVE-2024-23226, CVE-2024-23235, CVE-2024-23246, CVE-2024-23254, CVE-2024-23257, CVE-2024-23258, CVE-2024-23262, CVE-2024-23263, CVE-2024-23264, CVE-2024-23265, CVE-2024-23284, CVE-2024-23286
SHA-256 | bb37d3d885c05665df5e0348f90e65516bd9024d109db00efe75183960a1ab40
Backdoor.Win32.Emegrab.b MVID-2024-0675 Buffer Overflow
Posted Mar 14, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Emegrab.b malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | c0d8137645859e14608a0b7a84c3cadd70d3be3e7d59a937b20c600dbcc88162
StimulusReflex 3.5.0 Arbitrary Code Execution
Posted Mar 14, 2024
Authored by lixts

StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2024-28121
SHA-256 | 9e5263d5183618a2c41a25b126b245bfa777329a2f535120971b95cdc71f0486
Apple Security Advisory 03-07-2024-6
Posted Mar 14, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-48554, CVE-2024-0258, CVE-2024-23225, CVE-2024-23226, CVE-2024-23235, CVE-2024-23239, CVE-2024-23241, CVE-2024-23246, CVE-2024-23250, CVE-2024-23254, CVE-2024-23263, CVE-2024-23264, CVE-2024-23265, CVE-2024-23270
SHA-256 | 75dbd070cadb95c190fb2c3e720880078476efddd8b02e812bc1c594dfa6e86f
Apple Security Advisory 03-07-2024-5
Posted Mar 14, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-48554, CVE-2024-0258, CVE-2024-23225, CVE-2024-23226, CVE-2024-23231, CVE-2024-23235, CVE-2024-23239, CVE-2024-23246, CVE-2024-23250, CVE-2024-23254, CVE-2024-23263, CVE-2024-23265, CVE-2024-23278, CVE-2024-23280
SHA-256 | 6df43170bd5fc352fd321acd5fe231d753158fd667fcbe6941a1ccefd16eb11a
Apple Security Advisory 03-07-2024-4
Posted Mar 14, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2023-28826, CVE-2024-23201, CVE-2024-23204, CVE-2024-23216, CVE-2024-23218, CVE-2024-23225, CVE-2024-23227, CVE-2024-23230, CVE-2024-23234, CVE-2024-23244, CVE-2024-23245, CVE-2024-23247, CVE-2024-23257, CVE-2024-23264
SHA-256 | 6d34d98987ed9e7f5bc383bd22eb781faef984e2518dc2398e1701abcb1cdd3b
Red Hat Security Advisory 2024-1323-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1323-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2022-42896
SHA-256 | 9a06e0eca6d55f4737c53093f73634c651394734ef1e9e0d5c554986987a9199
Red Hat Security Advisory 2024-1321-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1321-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
systems | linux, redhat
advisories | CVE-2024-27289
SHA-256 | d95d3241f282a5f42e6af5a8ac241179ef6329f681c625f25b533245c13ac448
Red Hat Security Advisory 2024-1315-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1315-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 5c07e13176e7ba3129760645563207929dd20831c991cd82a0e00a19a17b4cf7
Red Hat Security Advisory 2024-1314-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 8a03f568fa207cd9a133487dff3b0fecd855fa1c24625d76f411122c04366cda
GitLab CE/EE Password Reset
Posted Mar 14, 2024
Authored by Sebastian Kriesten

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

tags | exploit
advisories | CVE-2023-7028
SHA-256 | ecc61996fa0e38b05ac70ce2080679b2eaf36720822b04f8d38867b1d69456b3
Red Hat Security Advisory 2024-1311-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1311-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-21392
SHA-256 | 53799c0e00921f20fc12667f719499ea8eeb3b6ca49b151a926d0c339d045b57
Red Hat Security Advisory 2024-1310-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1310-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-21392
SHA-256 | 137e871a2582763fe3bf266e6342859d3211e6d4e195fad32fc8a04aa8d425c9
Red Hat Security Advisory 2024-1309-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1309-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-21392
SHA-256 | 6bff4901676e5227a6620cb7e29340461381826eae54c4d5f51468dfbe9d833e
Red Hat Security Advisory 2024-1308-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1308-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-21392
SHA-256 | a51fdec6c69bab300be1a7700eddf8bcae6fc7764c77bf4f6116086fe4c243e5
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close