what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2024-04-11

TOR Virtual Network Tunneling Tool 0.4.8.11
Posted Apr 11, 2024
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is a minor release mostly to upgrade the fallbackdir list. Worth noting also that directory authority running this version will now automatically reject relays running the end of life 0.4.7.x version.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 8f2bdf90e63380781235aa7d604e159570f283ecee674670873d8bb7052c8e07
Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure
Posted Apr 11, 2024
Authored by Clement Cruchet

An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full rights and privileges.

tags | exploit
advisories | CVE-2023-27195
SHA-256 | f463a33e91d671de7054018540aff6f6ec53938dedf239b9646be10f49edfccf
Ubuntu Security Notice USN-6727-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
SHA-256 | 2c691be3dfb8ed61396b4eb86ac7b035f8344a516e272f6ffb13c26ac0186bd9
OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue
Posted Apr 11, 2024
Authored by Martin Heiland

OX App Suite version 7.10.6 suffers from cross site scripting and deserialization vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2023-46604, CVE-2024-23189, CVE-2024-23190, CVE-2024-23191, CVE-2024-23192
SHA-256 | d67b15e5e463386e7b28cf5d7d03eebfcf3f668423493ad7f356fc890f038561
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect
Posted Apr 11, 2024
Authored by Andrey Stoykov

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67
Ubuntu Security Notice USN-6728-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | c9a980c32c2ef96069eee9285fdd53c5aa4c12d940c776810cbfff41a398c101
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
Posted Apr 11, 2024
Authored by Georgios Tsimpidas, Frey

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.

tags | exploit, remote, php, file upload
advisories | CVE-2024-31777
SHA-256 | 87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747
Red Hat Security Advisory 2024-1781-03
Posted Apr 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1781-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-4408
SHA-256 | f9172f020815718f03fbbf2cb0e0498ec5c902cad67d0fbb67751f2f98e48c06
Red Hat Security Advisory 2024-1780-03
Posted Apr 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1780-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-1488
SHA-256 | 413115998c92e243ca7274c5588d8f9a6c7883be5e1d8b5c8d765fbb7fea2976
Red Hat Security Advisory 2024-1752-03
Posted Apr 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1752-03 - An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-50726
SHA-256 | de9bcfc1a39b972fb31a92ccaec98138bf8171d246dcc9513c296c444216e4d6
Red Hat Security Advisory 2024-1751-03
Posted Apr 11, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1751-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-1488
SHA-256 | d1492f2e991749e52197defcda62a0908fb701cece824796ece418dc41b206c4
Windows Kernel Subkey List Use-After-Free
Posted Apr 11, 2024
Authored by Google Security Research, mjurczyk

The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.

tags | exploit, kernel
systems | windows
advisories | CVE-2024-26182
SHA-256 | 371f9505662bb6a768bb624f24a62e46fef4ad9feab889c6189fe75092e31989
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close