what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2024-10-01

Packet Storm New Exploits For September, 2024
Posted Oct 1, 2024
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 522 exploits added to Packet Storm in September, 2024. Please note the increase in size for this month is due to a massive backlog of older exploits being added to the archive and is not representative of an uptick in new issues being discovered.

tags | exploit
SHA-256 | 8e55d45d17c797a008c2549c382151243f42b03a5be9b34ae0965c6b1d014788
Nitro PDF Pro Local Privilege Escalation
Posted Oct 1, 2024
Authored by Sandro Einfeldt, Michael Baer | Site sec-consult.com

The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.

tags | exploit
systems | windows
advisories | CVE-2024-35288
SHA-256 | a84e46e6f47edcfa84a24b20d405dc9009aef6635aeed2d4103f5c1e3b453e54
VICIdial Authenticated Remote Code Execution
Posted Oct 1, 2024
Authored by Valentin Lobstein, Jaggar Henry | Site metasploit.com

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

tags | exploit, arbitrary, shell, root
advisories | CVE-2024-8504
SHA-256 | 2328f6faa4b6ae3ca330a27bb8694e1604bd747c455740abb7e147c4bd02a379
Falco 0.39.0
Posted Oct 1, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 4 breaking changes, 9 major changes, 6 minor changes, 4 bug fixes, and 23 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 77cfde0e3fe797209e92e741f526d6000c97302a686dd0b4cfa3801b2df4b199
Ubuntu Security Notice USN-7048-1
Posted Oct 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7048-1 - Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, overflow
systems | linux, ubuntu
advisories | CVE-2024-43802
SHA-256 | bcaa966b946ebbac60b29bd722b6caa356f8d815ffea551ffb97ecb1e1d02926
Ubuntu Security Notice USN-7015-3
Posted Oct 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7015-3 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088
SHA-256 | 0390e83a0739fcfacc6a5629ced929a50e15b96cabb5e32ff94afb187b1335a3
Ubuntu Security Notice USN-7046-1
Posted Oct 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7046-1 - It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2024-42472
SHA-256 | 01a084264fd2fb9f4288cdb3292854813991efd6cef3d7e5731bff2eba86f5b4
Red Hat Security Advisory 2024-7443-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7443-03 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes. The updated image includes security and bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-39249
SHA-256 | 229619073f9f2227cd9d36135978e6288b6ae8cbdb1db4d4e61f022d65a7de87
Red Hat Security Advisory 2024-7442-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7442-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-7885
SHA-256 | 3e77eb8b2d7adbdc24265a7bbc600b297889816e9eb58afdcf8d687194ce6c09
Red Hat Security Advisory 2024-7441-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7441-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-7885
SHA-256 | 921c1bfe0e56ac72439bbc0517cbf7d6a3bef2b07d23105007abd4fa6b151f8f
Red Hat Security Advisory 2024-7436-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7436-03 - The components for Red Hat OpenShift for Windows Containers 10.17.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

tags | advisory
systems | linux, redhat, windows
SHA-256 | f9f6a21021825712bf4746f21d3128dde3ff2cc370b717d9e3f6b54dc5961898
Red Hat Security Advisory 2024-7434-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7434-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-8445
SHA-256 | d6f0ea6c6a6c62c2b517fe837aa9d1edd1f7722313c915cd174236efeefd31fc
Red Hat Security Advisory 2024-7433-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7433-03 - An update for kpatch-patch-4_18_0-372_118_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-41071
SHA-256 | d4bc429c18e4d13241eb1fc3a122bddaca4637cd7cd3e8688dcb266530f778c0
Student Study Center Management System 1.0 Insecure Settings
Posted Oct 1, 2024
Authored by indoushka

Student Study Center Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | 784cc27f73e683e0fe07c9ff81d6781cff9ab45ae899bf8af79fd81378e9b889
Red Hat Security Advisory 2024-7432-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7432-03 - An update for kpatch-patch-5_14_0-427_13_1 and kpatch-patch-5_14_0-427_31_1 is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-41071
SHA-256 | 8782d0583a22ab537c2a2d3bf197bd0e8a68bef828af9f9550d782de0d818162
Red Hat Security Advisory 2024-7431-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7431-03 - An update for kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-41071
SHA-256 | abdf48b33b4a020f1f1ea53a3a853502f9ffa48300274cb9515bbc02c9d194ba
Red Hat Security Advisory 2024-7430-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7430-03 - An update for kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-41071
SHA-256 | d15a70b5f018f48f50437fcc6d136c529c95f9892486f913d739309f23275ea2
Red Hat Security Advisory 2024-7429-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7429-03 - An update for kpatch-patch-4_18_0-553 and kpatch-patch-4_18_0-553_16_1 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-41071
SHA-256 | 1b80c7cbf41af9cbbdc77cbc854f0751e74627115c659e7ef263483c64a0857b
Red Hat Security Advisory 2024-7428-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7428-03 - An update for kpatch-patch-5_14_0-70_112_1 and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-41071
SHA-256 | edb367b104cf59c284886fe98fcd1847ee9e2f4d4cabc6c245ae02bdd7565fcc
Student Management System 1.0 Insecure Settings
Posted Oct 1, 2024
Authored by indoushka

Student Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | 101a31a6e1d44b64433889c04447671ac782b12e96a0e31c2720d9240165a90a
Red Hat Security Advisory 2024-7427-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7427-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-36886
SHA-256 | a21567818c7ffd2e4e49f7d85f8646d428c1470888748d0bb222ca63720933a7
Red Hat Security Advisory 2024-7421-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7421-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-41419
SHA-256 | 16de725a918adfde0dabbfb6254ab0711f3af24ffe7d5835f1b443c36ad5f838
Red Hat Security Advisory 2024-7418-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7418-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-20584
SHA-256 | 040f3fab4e23666424c6b7aa26b2d7206fe23689ce435562baa10457c5153c36
Red Hat Security Advisory 2024-7417-03
Posted Oct 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7417-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-4032
SHA-256 | f33aabbc04aa3c1c91e5a613fb1255279b63b12ddc76f2a93e89d6e475ea9236
Student Attendance Management System 1.0 Code Injection
Posted Oct 1, 2024
Authored by indoushka

Student Attendance Management System version 1.0 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | 211655fa45954e4ae6f9a85ce74ab73c1e00115284ac0474fff8f8cb752a988d
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close