what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files Date: 2024-05-09

Openmediavault Remote Code Execution / Local Privilege Escalation
Posted May 9, 2024
Authored by Mert BENADAM

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections.

tags | exploit, web, shell, root
SHA-256 | f54e108c3e072e69c000f9759d386e86aae92493e17fbe4348a5bdd7b5278328
RIOT 2024.01 Buffer Overflows / Lack Of Size Checks / Out-Of-Bound Access
Posted May 9, 2024
Authored by Marco Ivaldi

RIOT versions 2024.01 and below suffers from multiple buffer overflows, ineffective size checks, and out-of-bounds memory access vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2024-31225, CVE-2024-32017, CVE-2024-32018
SHA-256 | 43c245ca872e84173b6225084f324209f789f4e49b0b9c392d621feab1e1de58
I2P 2.5.1
Posted May 9, 2024
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Added search box to Susimail and UI improvements. NetDB modified to not lookup RI if on banlist. Tomcat updated to 9.0.88. Disabled IP-Closeness Checks in Sybil Attack Analysis Tool. Profiles change to not update last heard from if tunnel fails. NetDB has improved validation of RI's before storing, sending RI's.
tags | tool
systems | unix
SHA-256 | 4bc7e59ee0036389a0f76fc76b2303eeae62bf6eaaf608c9939226febf9ddeae
Zed Attack Proxy 2.15.0 Cross Platform Package
Posted May 9, 2024
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

Changes: This is a bug fix and enhancement release.
tags | tool, web, vulnerability
SHA-256 | 05d3932a1affb0ab7987664677134709982ca3837a0b0f0e16f9aeb391933341
AIDE 0.18.8
Posted May 9, 2024
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed concurrent reading of extended attributes (xattrs). Raises warning if both input databases are the same.
tags | tool, intrusion detection
systems | unix
SHA-256 | 16662dc632d17e2c5630b801752f97912a8e22697c065ebde175f1cc37b83a60
Microsoft PlayReady Complete Client Identity Compromise
Posted May 9, 2024
Authored by Adam Gowdiak | Site security-explorations.com

The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. Proof of concept included.

tags | exploit, proof of concept, info disclosure
systems | windows
SHA-256 | c2dc2010ee36581d568d891c24ac2a0dfd8b8a87de8de3d72f1072bb1e38964a
Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting
Posted May 9, 2024
Authored by malvuln | Site malvuln.com

Panel Amadey.d.c malware suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 56d2e699a952bda76c68e9e01f6c3048db2c4af020ac1ac6adda3f4b9c409042
Clinic Queuing System 1.0 Remote Code Execution
Posted May 9, 2024
Authored by Juan Marco Sanchez

Clinic Queuing System version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2024-0264, CVE-2024-0265
SHA-256 | 23c5d126d6744f4ca5ca7cb92f2a3a88c17df81ab9f24fd93329abb2706e0378
Debian Security Advisory 5686-1
Posted May 9, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5686-1 - Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2024-1580
SHA-256 | 1d54a90fb87cd4c748525d19d9c51c2c51fc01f301f39ff1f96aba4e73e5a21f
Ubuntu Security Notice USN-6768-1
Posted May 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6768-1 - Alicia Boya GarcĂ­a discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation.

tags | advisory, local, spoof
systems | linux, ubuntu
advisories | CVE-2024-34397
SHA-256 | 9d6cc5a1b7b13b05e7ee4c7c57c70d75adbdb3c986b39b86b881073bb5cc4413
Debian Security Advisory 5684-1
Posted May 9, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5684-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.

tags | advisory, web, arbitrary, spoof, vulnerability, code execution
systems | linux, debian
advisories | CVE-2023-42843, CVE-2023-42950, CVE-2023-42956, CVE-2024-23252, CVE-2024-23254, CVE-2024-23263, CVE-2024-23280, CVE-2024-23284
SHA-256 | 6e9bc12028378c36947c0cc1d5a1b5f2cd1a6e3c69e4d33ee6a4c62e19d93ae3
Debian Security Advisory 5682-2
Posted May 9, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5682-2 - The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated glib2.0 packages are available to correct this issue.

tags | advisory
systems | linux, debian
SHA-256 | 77333f6bc4c30f5e80c43b9d37869eda5b471ffea3c144e29bd56e485f4edf6b
Debian Security Advisory 5685-1
Posted May 9, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5685-1 - Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2023-2745, CVE-2023-38000, CVE-2023-39999, CVE-2023-5561, CVE-2024-31210
SHA-256 | ad8b64e2ba526ad865543abe9892e49e02b0997f620bdfe4b1a9169d4c45e33c
Debian Security Advisory 5683-1
Posted May 9, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5683-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-4558, CVE-2024-4559
SHA-256 | 1e13bcfc9f75d691cae68258fef1e827898a71cb8c7a2d77cad66b75bfcd4bb2
Gentoo Linux Security Advisory 202405-29
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-7774, CVE-2021-22883, CVE-2021-22884, CVE-2021-22918, CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-37701, CVE-2021-37712, CVE-2021-39134
SHA-256 | 896f93d8be3fd63618f8c7828d363945d93c89399750559db27ad47c3598d38a
Gentoo Linux Security Advisory 202405-28
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-28 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.223.02 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2023-25515, CVE-2023-25516, CVE-2023-31022
SHA-256 | 4d1b35515c6ffab8d4f949193b102ed87d31b8db5b0343e6731e457ac07224aa
Gentoo Linux Security Advisory 202405-27
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-27 - A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow. Versions greater than or equal to 42.4 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2022-29536
SHA-256 | ea521ba9991bcd86765824e3a1beb74e67842c421b78985dbfe132d5dc3e8221
Gentoo Linux Security Advisory 202405-26
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-26 - Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service. Versions greater than or equal to 5.15.9-r1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-45930, CVE-2023-32573
SHA-256 | 67dda3b3bd74c411362c0a504b1a94b2cdf9cdf31b0fff8a8d74b6c3887016b3
Gentoo Linux Security Advisory 202405-25
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-2938, CVE-2019-2974, CVE-2021-46661, CVE-2021-46662, CVE-2021-46663, CVE-2021-46664, CVE-2021-46665, CVE-2021-46666, CVE-2021-46667, CVE-2021-46668, CVE-2021-46669, CVE-2022-24048, CVE-2022-24050, CVE-2022-24051
SHA-256 | c7eea512705fd85ee9b21b74205bd6536f65edcb5f0bb362d8617c6d376e0385
Gentoo Linux Security Advisory 202405-24
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-24 - Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution. Versions greater than or equal to 2.0 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-3403, CVE-2021-3404
SHA-256 | f773c0416c2314301424eef8ca3e6ea1f69246934de6a31f00bcad58e89121c0
Gentoo Linux Security Advisory 202405-23
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-23 - A vulnerability has been discovered in U-Boot tools which can lead to execution of arbitrary code. Versions greater than or equal to 2020.04 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2020-8432
SHA-256 | c1dc7bd1c32bc706d8d8f6cf71c063da8f4c690cc0c11dc94e128751c1bd5455
Gentoo Linux Security Advisory 202405-22
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-22 - Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure. Versions greater than or equal to 3.2.5_pre1 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2018-25032, CVE-2020-14387, CVE-2022-29154
SHA-256 | 4fb939a9acb6eea8907aff39bda3bbcb7e04b912b8b0e0f209f11800635e877a
Gentoo Linux Security Advisory 202405-21
Posted May 9, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-21 - A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code. Versions greater than or equal to 1.9.4 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2019-10086
SHA-256 | 27c6c59af387590eb8be80ba66edbbef5b5173342aef388484994465cade7406
Ubuntu Security Notice USN-6766-1
Posted May 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6766-1 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-0001, CVE-2023-52435, CVE-2023-52492, CVE-2023-52493, CVE-2023-52583, CVE-2023-52587, CVE-2023-52595, CVE-2023-52597, CVE-2023-52601, CVE-2023-52606, CVE-2023-52607, CVE-2023-52615, CVE-2023-52616, CVE-2023-52617
SHA-256 | 7b9d401aae999b54dc79d9c6b860920ebcf6a9add3896d3e2fa03e35ea39ca96
Ubuntu Security Notice USN-6767-1
Posted May 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6767-1 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2023-52435, CVE-2023-52587, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52601, CVE-2023-52606, CVE-2023-52607, CVE-2023-52617, CVE-2023-52619, CVE-2024-23849, CVE-2024-26593
SHA-256 | 339076a1f5711d55cd375ea187457dc3949b36b7d8631b134fc24a9b65866d7e
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close