what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2024-04-15

Amazon AWS Glue Database Password Disclosure
Posted Apr 15, 2024
Authored by Michael Werner | Site sec-consult.com

The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate permissions can read the password. This behavior also increases the risk that database passwords will be intercepted by an attacker during transmission in the server response. Many types of vulnerabilities, such as broken access controls, cross site scripting and weaknesses in session handling, could enable an attacker to leverage this behavior to retrieve the passwords.

tags | exploit, vulnerability, xss
SHA-256 | 70e6691798348933f72079d525b978bc0517e5c1f2d9ac8b96813c23d1234685
CrushFTP Remote Code Execution
Posted Apr 15, 2024
Authored by Christophe de la Fuente, Ryan Emmons | Site metasploit.com

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.

tags | exploit, remote, web, code execution
advisories | CVE-2023-43177
SHA-256 | fc2503cafa5ba3115896a3dc2baf8a4ded20d177d35f6003c3053acbcc5a8f5a
American Fuzzy Lop plus plus 4.20c
Posted Apr 15, 2024
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site github.com

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: A new forkserver communication model is now introduced. AFL++ now supports up to 4 billion coverage edges, up from 6 million. There is a new compile option. 6 changes to afl-fuzz, 3 changes to afl-cc, and a few other updates.
tags | tool, fuzzer
systems | unix
SHA-256 | 855ddefbe9c88911146c1b7cb50dc5423b7623a7a59343f34f31bf038a865a24
Debian Security Advisory 5659-1
Posted Apr 15, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5659-1 - Bartek Nowotarski discovered that Apache Traffic Server, a reverse and forward proxy server, was susceptible to denial of service via HTTP2 continuation frames.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2024-31309
SHA-256 | 29c5828b3902a593e3dfd49023a6bfae4f32fe5f978debd03b974b9c0db403e8
OpenSSH 8 Password Backdoor
Posted Apr 15, 2024
Authored by bluedragonsec | Site bluedragonsec.com

This is a backdoored version of openssh-8.0p1 where the ssh client will log the ssh username and ssh password into /opt/.../log.txt.

tags | tool, rootkit
systems | unix
SHA-256 | f82adc0b1250fc99dd1084b64d7615221985dff9a51580cc3cfaedc1f2218b6b
Ubuntu Security Notice USN-6731-1
Posted Apr 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6731-1 - It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. It was discovered that yard before 0.9.20 is affected by a path traversal vulnerability, allowing HTTP requests to access arbitrary files under certain conditions. This issue only affected Ubuntu 18.04 LTS.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-17042, CVE-2019-1020001, CVE-2024-27285
SHA-256 | 6cc5e58d73d3c046e985de41d539f9f53c558c2a92241a406f4d47be886d6803
GLPI 10.x.x Remote Command Execution
Posted Apr 15, 2024
Authored by V3locidad

GLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.

tags | exploit, remote, shell
advisories | CVE-2024-31705
SHA-256 | 0937b05f1fb5c8e26650b3ff3036018e86cdfd467308fd6c3e1b37d5aa588d9c
WordPress WP Video Playlist 1.1.1 Cross Site Scripting
Posted Apr 15, 2024
Authored by Erdemstar

WordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 44b6783873b84d60c9427dd76b9a98383fd7f993964765bebb0b876b91c1beda
Debian Security Advisory 5658-1txt
Posted Apr 15, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5658-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2023-2176, CVE-2023-28746, CVE-2023-47233, CVE-2023-52429, CVE-2023-52434, CVE-2023-52435, CVE-2023-52583, CVE-2023-52584, CVE-2023-52587, CVE-2023-52588, CVE-2023-52589, CVE-2023-52593, CVE-2023-52594, CVE-2023-52595
SHA-256 | 37cefcc8693691a29ddc63f10ee46f6f0724bf622031a4c9c4bfc376d40acaae
BMC Compuware iStrobe Web 20.13 Shell Upload
Posted Apr 15, 2024
Authored by trancap

BMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.

tags | exploit, remote, web, shell
advisories | CVE-2023-40304
SHA-256 | 3c3484f8fcc75a92702655ca438887e9feb947e1b2bba0fc5284d6ea230f3db7
Kruxton 1.0 SQL Injection
Posted Apr 15, 2024
Authored by nu11secur1ty

Kruxton version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cd
Kruxton 1.0 Shell Upload
Posted Apr 15, 2024
Authored by nu11secur1ty

Kruxton version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4
WBCE 1.6.0 SQL Injection
Posted Apr 15, 2024
Authored by Young Pope

WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-39796
SHA-256 | 18873adacfde1b4805b4a6b105109b6e4a03d0a85a9440207f1364a7e3ae897b
AMPLE BILLS 0.1 SQL injection
Posted Apr 15, 2024
Authored by nu11secur1ty

AMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d20b6ec27d1eeff141c08bd7cfa9127bb8953085c6f65df0d3f8a8e79abd9901
Debian Security Advisory 5657-1
Posted Apr 15, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5657-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
SHA-256 | 28ab9735e5a87ff285676269d50c238ee979e4049765f3ebddfb327aa4a63eef
PrusaSlicer 2.6.1 Arbitrary Code Execution
Posted Apr 15, 2024
Authored by Kamil Brenski

PrusaSlicer versions 2.6.1 and below suffer from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2023-47268
SHA-256 | b34aa624a28c8476e02d0d03c7e6f3acee3206fcd6fe6d3cee5190899b172c4e
Red Hat Security Advisory 2024-1812-03
Posted Apr 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1812-03 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | b61dccacdb7ea0362167c7c5ba016b286a5a61e0de39f1d9b9408d4c69a810a8
Moodle 3.10.1 SQL Injection
Posted Apr 15, 2024
Authored by Julio Ángel Ferrari

Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-36393
SHA-256 | e3ce711f4b8356d012259f34f7f227e8907a46d0f7af6bb3c35ce4c0de5a0e57
Django REST Framework SimpleJWT 5.3.1 Information Disclosure
Posted Apr 15, 2024
Authored by Dhrumil Mistry

Django REST Framework SimpleJWT versions 5.3.1 and below suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2024-22513
SHA-256 | 0cf9167770cb06a14b145bf5a24a5c6ad91da1a8ea53c6113587115ec0fc17a4
Red Hat Security Advisory 2024-1804-03
Posted Apr 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1804-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-50387
SHA-256 | 3f6038eb6b11978321a1d3a41550ce18b219f539e78cd3948fae8fcd90444a9a
Red Hat Security Advisory 2024-1803-03
Posted Apr 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1803-03 - Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-4408
SHA-256 | 3fcb6f4ad6fef1f8b75b5d5d4c731ba0866869aab8ebd25742671d16ddb0180e
Jenkins 2.441 Local File Inclusion
Posted Apr 15, 2024
Authored by Matisse Beckandt

Jenkins version 2.441 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2024-23897
SHA-256 | bd541e95b84e90dc4cbb0bfe35af5cd5870fc359b6d836f3a3eb70857003a87a
Red Hat Security Advisory 2024-1802-03
Posted Apr 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1802-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-1488
SHA-256 | 9b7e9a42f05830fd6737d25192b1fb941f217af9a95e4484ea20916b39b33817
Red Hat Security Advisory 2024-1801-03
Posted Apr 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1801-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-50387
SHA-256 | 45122845dea36af6a8541c34b5b848f918b02a18d28d962c00ba4e7bed57d9d2
Red Hat Security Advisory 2024-1800-03
Posted Apr 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1800-03 - Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-4408
SHA-256 | e3df1184e9249e0d7a062812d27b0c57794884f78be0a1f9ce04f80b27e75532
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close