what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2024-04-05

Ubuntu Security Notice USN-6721-1
Posted Apr 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2024-31080, CVE-2024-31083
SHA-256 | 4882781902435137ae8b1fd009b4c4df6d61f4ae936be03a8ca2819d4d11c896
Faraday 5.2.2
Posted Apr 5, 2024
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: When manually creating vulnerabilities, services are now listed along with their respective ports and assigned names.
tags | tool, rootkit
systems | unix
SHA-256 | f852de0f0b6d8436761426dbdc2eda922558e197112c212440905e57ecb39f15
Debian Security Advisory 5655-1
Posted Apr 5, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5655-1 - It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-2947
SHA-256 | 14093fabc69fd65851f3932ac6e03e2c4be92f356b14adae4a02493d9c0dbc94
IEEE CSR Workshop 2024 Call For Papers
Posted Apr 5, 2024
Site acfti.org

The IEEE CSR Workshop on Cyber Forensics and Advanced Threat Investigations in Emerging Technologies organizing committee is inviting you to submit your research papers. The workshop will be held in Hybrid mode. The in-person mode will held at Hilton London Tower Bridge, London from September 2nd through the 4th, 2024.

tags | paper, conference
SHA-256 | 0d300ee78ceddaee1fa7d0efc06f277816ca687d310c808e3dbab1c1003095d5
Visual Planning 8 Arbitrary File Read
Posted Apr 5, 2024
Authored by David Brown, Lennert Preuth | Site schutzwerk.com

Authenticated attackers can exploit a weakness in the XML parser functionality of the Visual Planning application in order to obtain read access to arbitrary files on the application server. Depending on configured access permissions, this vulnerability could be used by an attacker to exfiltrate secrets stored on the local file system. All versions prior to Visual Planning 8 (Build 240207) are affected.

tags | exploit, arbitrary, local
advisories | CVE-2023-49234
SHA-256 | bdf19a1c93a8a216cff1545664827634a9baef8a83c8ebb7ba571f139ed08b7a
Visual Planning 8 Authentication Bypass
Posted Apr 5, 2024
Authored by David Brown, Lennert Preuth | Site schutzwerk.com

Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access to arbitrary user accounts including administrators. In case administrative (in the context of Visual Planning) accounts are compromised, attackers can install malicious modules into the application to take over the application server hosting the Visual Planning application. All versions prior to Visual Planning 8 (Build 240207) are affected.

tags | exploit, arbitrary
advisories | CVE-2023-49232
SHA-256 | 317fc4e9931be1f5637f8b1a9a92f3305f2b80aa897d807f8b7b94af2fd3c671
Visual Planning REST API 2.0 Authentication Bypass
Posted Apr 5, 2024
Authored by Lennert Preuth | Site schutzwerk.com

A wildcard injection inside a prepared SQL statement was found in an undocumented Visual Planning 8 REST API route. The combination of fuzzy matching (via LIKE operator) and user-controlled input allows exfiltrating the REST API key based on distinguishable server responses. If exploited, attackers are able to gain administrative access to the REST API version 2.0.

tags | exploit
advisories | CVE-2023-49231
SHA-256 | c55674b96230c64cac5bca2736c46d82917b5d83954b7346ec654295bd66eda4
Feng Office 3.10.8.21 Cross Site Scripting
Posted Apr 5, 2024
Authored by tmrswrr

Feng Office version 3.10.8.21 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ad3a7614cba9fce96ba0ef2c4100acb2e516bae93834f646720f56ca266fd5e3
DerbyNet 9.0 print/render/racer.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30923
SHA-256 | c59f5b4f5d044eb7838a408a25e1ddb8966666ed55c708660903f015ccf7e1b5
DerbyNet 9.0 print/render/award.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30922
SHA-256 | 635f60dcea426f833c149bf378a0e8ce1585c3548641f81eb1702cf39c8c50de
DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30928
SHA-256 | 4d58e0287f76d2e5689e86c7f6907829d0e768e9a60e0f2ac317c9153ee4e3b6
DerbyNet 9.0 playlist.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.

tags | exploit, php, xss
advisories | CVE-2024-30929
SHA-256 | 33a3298bf5768c9f7a9fcd2deaa459729d65f2eb60c8601a0d2dd30561151395
DerbyNet 9.0 racer-results.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.

tags | exploit, php, xss
advisories | CVE-2024-30927
SHA-256 | e1f0ec83ec56b1d3ebff89be4223a47e4c6caea8be38185b375b827447078473
DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.

tags | exploit, xss
advisories | CVE-2024-30926
SHA-256 | 74c4544a3c0353807fe286b034266f311ce4af6f554209e73f1d797e5fbff5cc
DerbyNet 9.0 photo-thumbs.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.

tags | exploit, php, xss
advisories | CVE-2024-30925
SHA-256 | e33a05805911bcd786fdff15a7d4ac31f136e43e12a0f9ec5b25c0db38d7fe3e
DerbyNet 9.0 checkin.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.

tags | exploit, php, xss
advisories | CVE-2024-30924
SHA-256 | 8f9e6fd28f6cfe91749cb218425046ee910787a3a9fd05dafed94fca09da5a72
DerbyNet 9.0 photo.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.

tags | exploit, php, xss
advisories | CVE-2024-30921
SHA-256 | d7ac5458d2d0756d2d607450406a0027661faffb3740c59db51f83e2e7620fe8
DerbyNet 9.0 render-document.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.

tags | exploit, php, xss
advisories | CVE-2024-30920
SHA-256 | 6ac6f7dc08e5aa36734a4a3929671a6b16c39f23cfa800f533b74b3aa6969051
Seo Panel 4.7.0 Cross Site Scripting
Posted Apr 5, 2024
Authored by Arzu Demirez

Seo Panel version 4.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b07abff2f49d2fe016305db3af08234302945203e601e991d4e73f2065cc5538
Human Resource Management System 2024 1.0 SQL Injection
Posted Apr 5, 2024
Authored by nu11secur1ty

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 94d4f83975f87861e5de23afeddf375d89516755bb5f7b64deb215523821ad76
Jasmin Ransomware 1.1 Arbitrary File Read
Posted Apr 5, 2024
Authored by chebuya

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary
advisories | CVE-2024-30851
SHA-256 | 31f4b2bfcea7721b795130a73ea23eb4c455761a9210c8e57d648ef7f5a73b61
Gibbon School Platform 26.0.00 Remote Code Execution
Posted Apr 5, 2024
Authored by h00die-gr3y, Islam Rzayev, Fikrat Guliev, Ali Maharramli | Site metasploit.com

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-24725
SHA-256 | 2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9
Linux 6.5 Kernel Pointer Leak
Posted Apr 5, 2024
Authored by Jann Horn, Google Security Research

Linux versions starting with 6.5 suffer from a read-after-type-change of folio in cachestat() that leads to a kernel pointer leak.

tags | exploit, kernel
systems | linux
advisories | CVE-2024-26630
SHA-256 | 9ed32c7cf46a882e510759c307e0ac2758225c4d00df31c8c83be548a01fd482
Red Hat Security Advisory 2024-1686-03
Posted Apr 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1686-03 - A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-28241
SHA-256 | 8bbc60ed7e29b0e8f106e96518194e50ce2f9ff3e1745a5623692abaa3060942
Red Hat Security Advisory 2024-1678-03
Posted Apr 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1678-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-22019
SHA-256 | c8e9210dcbe1fe1521f22f792f9ce018db0841a4eab54976403ba6ef71eecccf
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close