what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2022-03-07 to 2022-03-08

Samhain File Integrity Checker 4.4.7
Posted Mar 7, 2022
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Fixed compile error on MacOS. Disable dnmalloc for gcc 11. Fixed minor compile issues with gcc 11.2. Fixed problem with login/logout monitoring on MacOS. Fixed problem caused by switch from pubkey.gpg to pubkey.kbx.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 1fa1703c34c1e615e7bcfa6d847c612795623e8bc52d36b15a8846c391362248
Asterisk Project Security Advisory - AST-2022-006
Posted Mar 7, 2022
Authored by Kevin Harwell, Sauw Ming | Site asterisk.org

If an incoming SIP message contains a malformed multi-part body an out-of-bounds read access may occur, which can result in undefined behavior. Note, it is currently uncertain if there is any externally exploitable vector within Asterisk for this issue, but they are providing this as a security issue out of caution.

tags | advisory
advisories | CVE-2022-21723
SHA-256 | 97b8999a7c776bc25667d248af8128d9089bb735a74f21b5e8602a90fb5d57dc
Asterisk Project Security Advisory - AST-2022-005
Posted Mar 7, 2022
Authored by Kevin Harwell, Sauw Ming | Site asterisk.org

When acting as a UAC, and when placing an outgoing call to a target that then forks, Asterisk may experience undefined behavior after a dialog set is prematurely freed.

tags | advisory
advisories | CVE-2022-23608
SHA-256 | caf0098653c4aa078aff32dd6a697ddb405273dec27531e5365356d26193b7fe
Apache APISIX Remote Code Execution
Posted Mar 7, 2022
Authored by Heyder Andrade, YuanSheng Wang | Site metasploit.com

Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction plugin.

tags | exploit, remote, code execution
advisories | CVE-2020-13945, CVE-2022-24112
SHA-256 | 75f7fd4db82a985948b400b9686ffc05f654d453b228621992abd5bb2505add2
Asterisk Project Security Advisory - AST-2022-004
Posted Mar 7, 2022
Authored by Kevin Harwell, Sauw Ming | Site asterisk.org

The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party.

tags | advisory, remote
advisories | CVE-2021-37706
SHA-256 | b4d958ee6e32f6f622c4ae3b0cd99a1c00dcde4578e8d8eca299633634cfec4c
Ubuntu Security Notice USN-5313-1
Posted Mar 7, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5313-1 - It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365
SHA-256 | 1eb3844ca9c50179160fb123966e80d10db7fef227b2a4d34bf4764270c8da5c
Attendance And Payroll System 1.0 Remote Code Execution
Posted Mar 7, 2022
Authored by pr0z

Attendance and Payroll System version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 8a42198f8d9f6fd6fe6e469fc47f164936a51032c097a2a20bc1bf5061b3f2ce
Attendance And Payroll System 1.0 SQL Injection
Posted Mar 7, 2022
Authored by pr0z

Attendance and Payroll System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | aa6fadd8eaf57ec93dc1be2d5d7cfdce4180181ba8cacd94f6f3b30ff8c409eb
Ubuntu Security Notice USN-5314-1
Posted Mar 7, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5314-1 - A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. A use-after-free was discovered in the WebGPU IPC framework. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-26485, CVE-2022-26486
SHA-256 | b17ace89140e01d36a866b024e58e378d04c3ad3415a3f2cadbeede314fa29fb
Hasura GraphQL 2.2.0 Information Disclosure
Posted Mar 7, 2022
Authored by Dolev Farhi

Hasura GraphQL version 2.2.0 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | d4c6e0949dc24e69b126808b4183027a77f8f87d802e545bb38e5a82e2127d9c
Spring Cloud Gateway 3.1.0 Remote Code Execution
Posted Mar 7, 2022
Authored by Carlos E. Vieira

Spring Cloud Gateway version 3.1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-22947
SHA-256 | f9d18c9ee39c9cd35731f202ab51b6291925e1c7ed9abc366f47ad1b7b4f8e6a
Ubuntu Security Notice USN-5310-2
Posted Mar 7, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5310-2 - USN-5310-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-3999, CVE-2022-23219
SHA-256 | 13edb425e5376cd1e6f7b1f1a7b3b981295f9b7415ac52782a50d019971b7e29
part-db 0.5.11 Remote Code Execution
Posted Mar 7, 2022
Authored by Sunny Mehra

part-db version 0.5.11 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-0848
SHA-256 | 9da1fe5035a4d2fb8ec1ee927834a5b61ea02aa1c8a8bb69218312c8d6380b5e
Ubuntu Security Notice USN-5300-3
Posted Mar 7, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5300-3 - USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, denial of service, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-8923, CVE-2017-9119, CVE-2021-21707
SHA-256 | 79f9d135d4d4a7c56dc43a848d48ffdb653c44069b4fe34f8a66deeb9811750f
Loki MVID-2022-0510 RAT (Relapse) SQL Injection
Posted Mar 7, 2022
Authored by malvuln | Site malvuln.com

Loki RAT (Relapse) malware suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f360a43787cda78af10420bd09311081fb3ab92487cc4daa8023042cf53e285d
Private Internet Access 3.3 Unquoted Service Path
Posted Mar 7, 2022
Authored by Saud Alenazi

Private Internet Access version 3.3 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 9081a47374b387e598e4cbbd836ec0da7d432399214647b3c5d18c596c676d55
Loki MVID-2022-0509 RAT (Relapse) Directory Traversal / Arbitrary File Deletion
Posted Mar 7, 2022
Authored by malvuln | Site malvuln.com

Loki RAT (Relapse) malware suffers from a directory traversal vulnerability that can allow for arbitrary file deletion.

tags | exploit, arbitrary
SHA-256 | 38a488d34c1a55e75b041524dba4177192be0b57d121b016291e69e18322ccfb
Matrimony 1.0 SQL Injection
Posted Mar 7, 2022
Authored by nu11secur1ty

Matrimony version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 43cafb28d6bd33a0cf68341d6ed85a5dd169aae68cd8b07cd700ae100a2f30dc
Cloudflare WARP 1.4 Unquoted Service Path
Posted Mar 7, 2022
Authored by Hejap Zairy

Cloudflare WARP version 1.4 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 079838f302318e8947c18c041fb543995af82b994f8f7ba21f0084b0d928a9e4
Malwarebytes 4.5 Unquoted Service Path
Posted Mar 7, 2022
Authored by Hejap Zairy

Malwarebytes version 4.5 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 5d3b338c6b63fa0e19f25fadaae3a0c56720448c0466a9380022704057d9075e
Foxit PDF Reader 11.0 Unquoted Service Path
Posted Mar 7, 2022
Authored by Hejap Zairy

Foxit PDF Reader version 11.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | e960ef66e4b747d6f9a4cfdcc7b0f2af4a177caa7d262118d388ef0e31b50512
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close