exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2023-12-04 to 2023-12-05

TinyDir 1.2.5 Buffer Overflow
Posted Dec 4, 2023
Authored by Marco Ivaldi | Site security.humanativaspa.it

TinyDir versions 1.2.5 and below suffer from a buffer overflow vulnerability with long path names.

tags | exploit, overflow
advisories | CVE-2023-49287
SHA-256 | cdcc3ee8902aca56a1a663bef58fe0cd58c43fd5918cc6c25bfa566f389d2573
Debian Security Advisory 5572-1
Posted Dec 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.

tags | advisory, arbitrary, javascript, imap
systems | linux, debian
advisories | CVE-2023-47272
SHA-256 | 7488c1f8cb39c45a8e6fb8d221877649d21afc6a14f9c3eceb2b735b03ccc617
PHPJabbers Appointment Scheduler 3.0 CSV Injection
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2023-48841
SHA-256 | 91df452bdb8414c73939d446206345890d6047ab573faf07167ba3465035c78f
Nikto Web Scanner 2.5.0
Posted Dec 4, 2023
Authored by Sullo | Site cirt.net

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Changes: Breaking changes to JSON and XML output may have occurred. IPv6 support added. Updated db_checks format uses multiple reference. Hundreds of OSVDB and BID references replaced. Removal of some very old and false-positive prone tests. Decodes Netscaler cookies. Added -usecookies flag to send received cookies with subsequent requests. Added -followredirects flag to signal 3xx responses should be fetched and tested. Added -noslash to remove trailing slash from directories. Check for indexing on redirect paths. Alert on alt-svc header. Hundreds of bug fixes, test updates and enhancements, and other optimization changes.
tags | tool, web, cgi
systems | unix
SHA-256 | fb0dc4b2bc92cb31f8069f64ea4d47295bcd11067a7184da955743de7d97709d
PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Appointment Scheduler version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

tags | exploit
advisories | CVE-2023-48840
SHA-256 | c4139915e46fef357730abad6be1bb960a85b529ac04b96475adeb2dae8eea93
PHPJabbers Appointment Scheduler 3.0 Cross Site Scripting
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Appointment Scheduler version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-48839
SHA-256 | bfc938e6e7895ad38fb6bab62ee404ab6d5c6f4f9a1fc5f93e362333dc7bc331
PHPJabbers Appointment Scheduler 3.0 HTML Injection
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Appointment Scheduler version 3.0 suffers from multiple html injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2023-48838
SHA-256 | 4e08e35e0e0eda4f6efe64d3e3a3248c3265ce78404eb2cf8969e8ea0bb8ae23
October CMS 3.4.0 Wiki Article Cross Site Scripting
Posted Dec 4, 2023
Authored by Nazli Soysal Kuran | Site zeroscience.mk

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.

tags | exploit, xss
SHA-256 | d580a80cc73913f04ace7c62f85113ce9e77937e62898798e82b472da77074cf
October CMS 3.4.0 Category Cross Site Scripting
Posted Dec 4, 2023
Authored by Nazli Soysal Kuran | Site zeroscience.mk

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.

tags | exploit, xss
SHA-256 | 36668205e95cab2b322636af7be77779877c012806877e9084103fc48afda16b
October CMS 3.4.0 Blog Cross Site Scripting
Posted Dec 4, 2023
Authored by Nazli Soysal Kuran | Site zeroscience.mk

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.

tags | exploit, xss
SHA-256 | 96b738ec0ed1ddb9e322f25138fff8f77ecb84dbd07ba3530ee0039680c3f1c1
October CMS 3.4.0 Author Cross Site Scripting
Posted Dec 4, 2023
Authored by Nazli Soysal Kuran | Site zeroscience.mk

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.

tags | exploit, xss
SHA-256 | fa27de65868b7a449ef6325d904dca7874168f0b58c222353c466ee363abde93
October CMS 3.4.0 About Cross Site Scripting
Posted Dec 4, 2023
Authored by Nazli Soysal Kuran | Site zeroscience.mk

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability where a user has the ability to edit the landing/about page.

tags | exploit, xss
SHA-256 | ca674a079c1f7de869829d79e2a37dbd839d64c194a488dc6d93277574fbe1fe
PHPJabbers Car Rental 3.0 HTML Injection
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Car Rental version 3.0 suffers from an html injection vulnerability.

tags | exploit
advisories | CVE-2023-48837
SHA-256 | b615ce21c59a8802d26a9e4c2d6d5d4123022b8add6057aafeee363a9a711421
Ubuntu Security Notice USN-6509-2
Posted Dec 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6509-2 - USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6204, CVE-2023-6205, CVE-2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6210
SHA-256 | ad83f1762f0c9b91d83173c5919f250795adb5f0c74dd9b083106a33e56ea5bf
PHPJabbers Car Rental 3.0 Cross Site Scripting
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Car Rental version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-48836
SHA-256 | 88613e2e49fa83781333027bf741fc0382e56bffb3e5b621cf78a84757587689
PHPJabbers Car Rental 3.0 CSV Injection
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Car Rental version 3.0 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2023-48835
SHA-256 | 76d5aaed8fb6f55066b5e1736817c5e918c51cfd401081fba181ad61f4ba7327
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Posted Dec 4, 2023
Authored by LiquidWorm | Site zeroscience.mk

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

tags | exploit, cgi
SHA-256 | 957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54d
PHPJabbers Car Rental 3.0 Missing Rate Limit
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Car Rental version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

tags | exploit
advisories | CVE-2023-48834
SHA-256 | 1e25466f2392b79cadc7889f8e530e0d2c5c8b2ee6f9c3217853e9ae88e4758b
PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

tags | exploit
advisories | CVE-2023-48833
SHA-256 | f1dfb0019c57abd3c9019650a3666922144cd5fc0bd2146660251fb2bbdc05e1
Red Hat Security Advisory 2023-7633-01
Posted Dec 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-32081
SHA-256 | 2165f4c4088cccb2ffaafd3edfa36139e6ace90f396a6bfcbb446462f67e2115
Debian Security Advisory 5571-1
Posted Dec 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.

tags | advisory, web, denial of service, protocol
systems | linux, debian
advisories | CVE-2023-46118
SHA-256 | 7957822e1b93b14f04419323dbc94e28eb76fa05e363e9d72f263770555fc295
PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

tags | exploit
advisories | CVE-2023-48831
SHA-256 | 6cecb49be3b4173f435cb87183129cce9d33ac6ef6f5040530cfde4c84ed1ffb
PHPJabbers Shuttle Booking Software 2.0 CSV Injection
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2023-48830
SHA-256 | c937c34f8c7bdd3e156a5b73f2fa9b7e49ce5e0b41400346a7073e8ca4695178
PHPJabbers Time Slots Booking Calendar 4.0 Cross Site Scripting
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-48828
SHA-256 | e6b45e3f61a13423e59c968e1a0aa93d94b7096aa974eb58f208e7e877969979
PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection
Posted Dec 4, 2023
Authored by Rahad Chowdhury, BugsBD Limited

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.

tags | exploit
advisories | CVE-2023-48827
SHA-256 | ab9a0351616ce7e96456782c9f900796587b91b053d7a4d36f897369ad715f8d
Page 1 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close