exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 283 RSS Feed

Files Date: 2024-05-01 to 2024-05-31

I2P 2.5.2
Posted May 22, 2024
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: I2P 2.5.2 is released to fix a bug introduced in 2.5.0 causing truncation of some HTTP content.
tags | tool
systems | unix
SHA-256 | f23d0746d72a55cccbd17f40762e491ae1b42cdf55d7e73404d213a84985ca73
NorthStar C2 Cross Site Scripting / Code Execution
Posted May 22, 2024
Authored by h00die, chebuya | Site metasploit.com

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.

tags | exploit, xss
systems | linux, windows, ubuntu
advisories | CVE-2024-28741
SHA-256 | e5fdc1eb511aee9e0ced55911325ab4ed7c9efe59d20347fc192d3a17a7fa844
AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
Posted May 22, 2024
Authored by Valentin Lobstein | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require() function without proper sanitization. By exploiting this, an attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-31819
SHA-256 | 7df90df7e75927e09777170cc36a4823a5062bc6e077056564aea5f7a6ba8b7f
Ubuntu Security Notice USN-6782-1
Posted May 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6782-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2024-4367, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777
SHA-256 | 0f0a71c347b975f78289e67052bdd319bc9db3306585631d3361530ff7c998bf
Ubuntu Security Notice USN-6777-3
Posted May 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6777-3 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2021-46981, CVE-2023-47233, CVE-2023-52530, CVE-2023-52566, CVE-2023-52602, CVE-2023-52604, CVE-2024-26635, CVE-2024-26735, CVE-2024-26805
SHA-256 | 0a4ec1b5cdab50af1d45a8024a5c8ea07e1e81310889905d0a681372aa96f76c
Ubuntu Security Notice USN-6775-2
Posted May 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6775-2 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-47233
SHA-256 | 68847ce8c2132a68e75792ac2d82bcd7511acf2ecd56b621cac7d6242948ea6e
Chat Bot 1.0 SQL Injection
Posted May 22, 2024
Authored by nu11secur1ty

Chat Bot version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 49ddf48680164af066978efabddac4f15a73ca97d2e553446260cc4ca68b75d9
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
Posted May 21, 2024
Authored by h00die, chebuya | Site metasploit.com

CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.

tags | exploit, remote, web, xss
advisories | CVE-2024-30850, CVE-2024-31839
SHA-256 | f57ebc1eae72783c36ac9e3df7805d9879e3d1ced0b8232ea872b32518252dce
Ubuntu Security Notice USN-6780-1
Posted May 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2024-3651
SHA-256 | bbb048cf814f6806a645c6dc9c2a5fdd98efe4048d43ea84e67590f8f5bad561
Ubuntu Security Notice USN-6781-1
Posted May 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6781-1 - Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated input from a file into a string-type "eval". An attacker could craft a malicious file to achieve arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2023-7101
SHA-256 | cbbc9336f0ab4f5ad4b0da404d1fa2f58da1f00404c2dbea318ee4148ecf03b9
Joomla 4.2.8 Information Disclosure
Posted May 21, 2024
Authored by d4t4s3c

Joomla versions 4.2.8 and below remote unauthenticated information disclosure exploit.

tags | exploit, remote, info disclosure
advisories | CVE-2023-23752
SHA-256 | 626134242ae4ae7b4c28853f3d05cf44659ed92ca2ceb96b914b80675d522cdc
Ubuntu Security Notice USN-6779-1
Posted May 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6779-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-4367, CVE-2024-4764, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4777
SHA-256 | 4d7400f325f71baca26df6b20cae1eea1678bfef4723ae53fb8cbfd57b547707
Nethserver 7 / 8 Cross Site Scripting
Posted May 21, 2024
Authored by Andrea Intilangelo

The NethServer module installed as WebTop, produced by Sonicle, is affected by a stored cross site scripting vulnerability due to insufficient input sanitization and output escaping which allows an attacker to store a malicious payload as to execute arbitrary web scripts or HTML. Versions 7 and 8 are affected.

tags | exploit, web, arbitrary, xss
advisories | CVE-2024-34058
SHA-256 | 71dee722377e162d1e9feb9e21ad78ba3b875d892287e875ff81e8ff1b5fccf2
PowerVR DevmemIntChangeSparse2() Dangling Page Table Entry
Posted May 21, 2024
Authored by Jann Horn, Google Security Research

PowerVR suffers from a wrong order of operations in DevmemIntChangeSparse2() that leads to a temporarily dangling page table entry.

tags | exploit
advisories | CVE-2024-31335
SHA-256 | c60d53fd594988ae874f9172ca988e0a08a60b03ec48452203f70a979e6d922e
PowerVR _UnrefAndMaybeDestroy() Use-After-Free
Posted May 21, 2024
Authored by Jann Horn, Google Security Research

PowerVR suffers from a use-after-free vulnerability in _UnrefAndMaybeDestroy().

tags | exploit
advisories | CVE-2024-34724
SHA-256 | 62d48fec6da2920518cfbf331f251078d85c51ab0a1e30e21ab38e0edd6f3b51
Red Hat Security Advisory 2024-2945-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2945-03 - Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Issues addressed include bypass, cross site scripting, denial of service, and deserialization vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-41678
SHA-256 | a1bd8b17d1ea52c416681ba7c4b14359862f20f952c91549afb225034cc1ad70
Red Hat Security Advisory 2024-2944-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2944-03 - This is the multiarch release of the AMQ Broker 7.12.0 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Issues addressed include denial of service and deserialization vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-43565
SHA-256 | eb6c67a7046e0e5d471b6ff28a0285a141f410365f6e59c0a915fd044bc8171f
Arm Mali r45p0 Broken State Use-After-Free
Posted May 21, 2024
Authored by Jann Horn, Google Security Research

Arm Mali versions since r45p0 suffer from a broken KBASE_USER_BUF_STATE_* state machine for userspace mappings that can lead to a use-after-free condition.

tags | exploit
advisories | CVE-2024-1065
SHA-256 | 6886ec45419b22efaa4183177ef852a685bb4e3e8f20fe513a25b84dccef3243
Red Hat Security Advisory 2024-2941-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2941-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 058274a5a8a2ef81022c3b931e75a58aeb095177305dbb4f368e7c05ccd002fb
Red Hat Security Advisory 2024-2938-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2938-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-30156
SHA-256 | 3b5b45809c43ee04ff76b81a77ff212b0953901c7e5497f18085cb5cc579fa7b
Red Hat Security Advisory 2024-2937-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2937-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-27983
SHA-256 | d94948125e0734bf4210d1dc02ef910d0f3fbaa97f00fa612029fbf4a1a6d5f8
Red Hat Security Advisory 2024-2936-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2936-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 0c66080036d3877a2053131be34e3532ec730fd6f664126d288f32bb2b9f52f4
Red Hat Security Advisory 2024-2935-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2935-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | eb6abceef4af7f545bb0a4498e6c1196cfa2a03103cf9293ecb4dc2b44a27d8b
Red Hat Security Advisory 2024-2892-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2892-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | f6d61698d047beee21d5faf2677c8d8ef6887f8590521f36f728c66ccdf88fe2
Red Hat Security Advisory 2024-2865-03
Posted May 21, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2865-03 - Red Hat OpenShift Container Platform release 4.15.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 55ab991ba6df729380417347d8d1dcc16692a8e477df61d3a76e2e87859b7230
Page 1 of 12
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close