what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2023-05-10 to 2023-05-11

Zyxel Chained Remote Code Execution
Posted May 10, 2023
Authored by Thomas Rinsma, h00die-gr3y, Bogi Napoleon Wennerstrom | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in the zhttpd binary (/bin/zhttpd) and zcmd binary (/bin/zcmd). It is present on more than 40 Zyxel routers and CPE devices. The remote code execution vulnerability can be exploited by chaining the local file disclosure vulnerability in the zhttpd binary that allows an unauthenticated attacker to read the entire configuration of the router via the vulnerable endpoint /Export_Log?/data/zcfg_config.json. With this information disclosure, the attacker can determine if the router is reachable via ssh and use the second vulnerability in the zcmd binary to derive the supervisor password exploiting a weak implementation of a password derivation algorithm using the device serial number. After exploitation, an attacker will be able to execute any command as user supervisor.

tags | exploit, remote, local, vulnerability, code execution, info disclosure
advisories | CVE-2023-28770
SHA-256 | 9a3aef1a073115f56b28eb2aec9260df77503937d00eeca46fde8494010d2467
Optoma 1080PSTX Firmware C02 Authentication Bypass
Posted May 10, 2023
Authored by Anthony Cole

Optoma 1080PSTX with firmware C02 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2023-27823
SHA-256 | d88a8a558c62dafd0d9de14ecf4fd00db1f456ba346cf8ad8a0ab8f824204a3f
VOTAB Voting Quiz PHP Script 1.0 SQL Injection
Posted May 10, 2023
Authored by CraCkEr

VOTAB Voting Quiz PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 61047f833473fa5d13e8efb4584274bdf7b5963248818c4148cdc531ff24fd95
VOTAB Voting Quiz PHP Script 1.0 Cross Site Scripting
Posted May 10, 2023
Authored by CraCkEr

VOTAB Voting Quiz PHP Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 5fbbd195f12baae87919c60674abb2c62c66d9b889e811367d9e58a1cbe5dddb
Ubuntu Security Notice USN-6064-1
Posted May 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6064-1 - It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-30608
SHA-256 | d34ce8b0c3c8abfba96492864e622d3aca4c0b3f8be3c0c708ac0d1bb92a63b5
Ubuntu Security Notice USN-6068-1
Posted May 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2023-1668
SHA-256 | 45e945b26172b4cd3f49accd7dfd8444de8ec69ca29ddf1c06dec32da51ffe2b
Ubuntu Security Notice USN-6067-1
Posted May 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6067-1 - David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Jake Yip and Justin Mammarella discovered that OpenStack Neutron incorrectly handled the linuxbridge driver when ebtables-nft is being used. An attacker could possibly use this issue to impersonate the hardware address of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-20267, CVE-2021-38598, CVE-2021-40085, CVE-2021-40797, CVE-2022-3277
SHA-256 | 836fc58983503cea6accc902e2c2997895b5dfe647bcd965b113040cafacba9e
Ubuntu Security Notice USN-6066-1
Posted May 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6066-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-1625
SHA-256 | a98cd0b49df46afba6c337f2b429f5ac209241a22d387cc29b14cbf027e7a310
Ubuntu Security Notice USN-6065-1
Posted May 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6065-1 - It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-33587
SHA-256 | 84711b04c5292aa67ee9e6bf62fb253370899f8a48bc3ea7526318a91d0da636
Ubuntu Security Notice USN-6063-1
Posted May 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6063-1 - Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-3979, CVE-2022-0670, CVE-2022-3650, CVE-2022-3854
SHA-256 | 95dd03f74a9a721eed466e8920212bc9973fb3052f53fcc9554d358a668e9123
Red Hat Security Advisory 2023-2707-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2707-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-0341, CVE-2022-38752, CVE-2022-41854, CVE-2022-41881, CVE-2022-4492, CVE-2022-45787, CVE-2023-0482
SHA-256 | f3a3244b8800f3fa5696530f4ef41122f472df902c12dc890147da0039bfa484
Red Hat Security Advisory 2023-2706-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2706-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-0341, CVE-2022-38752, CVE-2022-41854, CVE-2022-41881, CVE-2022-4492, CVE-2022-45787, CVE-2023-0482
SHA-256 | 99833f6f17a41a304367e14738bcd88c480188f9580234db4c690c4ea2288991
Red Hat Security Advisory 2023-2705-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2705-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-0341, CVE-2022-38752, CVE-2022-41854, CVE-2022-41881, CVE-2022-4492, CVE-2022-45787, CVE-2023-0482
SHA-256 | 392661bfb50aa16e7a02bf2fdad4b315911c43195b4a222d25cc99aec1b69634
Red Hat Security Advisory 2023-2111-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.16.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-3064
SHA-256 | e4623236baae74fd3860fb8398b92cb595c3dc5ce4fec65b159ec7fc4f428745
Red Hat Security Advisory 2023-1372-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1372-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat, windows
advisories | CVE-2022-41717, CVE-2023-25173
SHA-256 | 90f9e40ef64431731006b57dee187d9656b1f6d15df0e8be50a81f1dbbc854b9
Red Hat Security Advisory 2023-2654-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2654-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807
SHA-256 | 4e7a13c72b1bbe26649f90f2ee5c748667dc190692c7389ff21e92530336c9f3
Red Hat Security Advisory 2023-2655-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2655-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807
SHA-256 | 812f3378f3e6c1833158a97cad774a26513a32be88e668163955d219a846d53f
Red Hat Security Advisory 2023-2653-01
Posted May 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2653-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-2203
SHA-256 | d1e89aadc415d465d4a438c519e6cefea2a42a295d2158d329d1844d1bd411fb
Soft-o Free Password Manager 1.1.20 DLL Hijacking
Posted May 10, 2023
Authored by Christian Bortone

Soft-o Free Password Manager version 1.1.20 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2023-25428
SHA-256 | e1b138eb2b5d08216026d57417f77d003b577e3bbea9fd16b8c2e12c2a9edc27
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close