what you don't know can hurt you
Showing 1 - 25 of 29,636 RSS Feed

Remote Files

Ubuntu Security Notice USN-5424-2
Posted May 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5424-2 - USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.

tags | advisory, remote, sql injection
systems | linux, ubuntu
advisories | CVE-2022-29155
SHA-256 | 0e0e7d427185a4265212e9573a0d260655e14290d1cec821dc663cfb8913d341
Ubuntu Security Notice USN-5429-1
Posted May 19, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5429-1 - Thomas Amgarten discovered that Bind incorrectly handled certain TLS connections being destroyed. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-1183
SHA-256 | 55ce2e3ed595a0e54481d0b59f468b92eb5b3652c3537ba65ac53e265a0140ee
Ubuntu Security Notice USN-5430-1
Posted May 19, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5430-1 - It was discovered that GNOME Settings incorrectly handled the remote desktop sharing configuration. When turning off desktop sharing, it may be turned on again after rebooting, contrary to expectations.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2022-1736
SHA-256 | 0caae1f837e57963485b670c7a2e0b364633d4e5ddcf44795a2923c570f64b8a
Ubuntu Security Notice USN-5423-2
Posted May 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5423-2 - USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796
SHA-256 | 8e4b8948d5e1b928c53f47538c39a5720eb5d9b54a8e9ed63566bd719e26428b
Ubuntu Security Notice USN-5424-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5424-1 - It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.

tags | advisory, remote, sql injection
systems | linux, ubuntu
advisories | CVE-2022-29155
SHA-256 | 622b2eaedb770c0fbeedd05eb4c12c43e234131acf0a55523407bb64c0dc2e6d
Online Discussion Forum Site 1.0 SQL Injection
Posted May 17, 2022
Authored by Saud Alenazi

Online Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4ee8e26b03aaab698cd44b2e3b37998f1e0a8d62d370fcb6c7a0fa3cfbbfada8
Ubuntu Security Notice USN-5423-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5423-1 - Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796
SHA-256 | 8a7e6d56f5558ae8bd78cd46e08c6dd48ba55d4079f3389737d0e448d3eb3555
T-Soft E-Commerce 4 SQL Injection
Posted May 17, 2022
Authored by Alperen Ergel

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 45b5224650ea3cb883a0c405f3c4d76eef8cc2dbc8f3fb98282c4ea633d2e202
WordPress Tatsu Builder Remote Code Execution
Posted May 17, 2022
Authored by Vincent Michel | Site wordfence.com

WordPress Tatsu Builder plugin versions prior to 3.3.13 suffer from an unauthenticated remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2021-25094
SHA-256 | 632f285a1a3ec46f04fb233958d273d11b2e22568b10b2920f52c77d06e276ea
Zyxel Firewall ZTP Unauthenticated Command Injection
Posted May 16, 2022
Authored by jbaines-r7 | Site metasploit.com

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below.

tags | exploit, remote, cgi
advisories | CVE-2022-30525
SHA-256 | ab9073cd14f8ea730621aa93b69a0d03cb5f9d8e92dbc88068fca19ff77f6fab
IpMatcher 1.0.4.1 Server-Side Request Forgery
Posted May 16, 2022
Authored by Sick Codes, Kelly Kaoudis

IpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file inclusion, remote file inclusion, and denial of service vectors.

tags | exploit, remote, denial of service, local, file inclusion
advisories | CVE-2021-33318
SHA-256 | 98c5f3ee4fded068839fc2a03bbd74be24dce6bd2b2774a8a477b3d476489bb1
Zyxel Remote Command Execution
Posted May 16, 2022
Authored by jbaines-r7 | Site github.com

Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.

tags | exploit, remote, proof of concept
advisories | CVE-2022-30525
SHA-256 | d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bf
HighCMS/HighPortal 12.x SQL Injection
Posted May 16, 2022
Authored by E1.Coders

HighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 11e531f865e4da1f04161aa0a4cb5e11bbe807e029d3818481e6c9fa1d18a1e6
F5 BIG-IP iControl Remote Code Execution
Posted May 12, 2022
Authored by Alt3kx, Ron Bowes, Heyder Andrade, James Horseman | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, root, code execution, bash, bypass
advisories | CVE-2022-1388
SHA-256 | bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0ad
College Management System 1.0 SQL Injection
Posted May 12, 2022
Authored by Eren Gozaydin

College Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2022-28079
SHA-256 | b22b4daf0882e631e72558215fc7c93f3286e35a1f1f3a8a70f7fb9b95c0a356
Royal Event Management System 1.0 SQL Injection
Posted May 12, 2022
Authored by Eren Gozaydin

Royal Event Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2022-28080
SHA-256 | 884c0f6e25d5c7878c15b69a5867168b87afcc090d923b7b1d8d3da4f3da329d
F5 BIG-IP 16.0.x Remote Code Execution
Posted May 12, 2022
Authored by Yesith Alvarez

F5 BIG-IP version 16.0.x remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2022-1388
SHA-256 | f5638973e5c1c81d7b5bf21977de0671c9081697e4ab7ad0ccd0963b8abf883c
Ubuntu Security Notice USN-5412-1
Posted May 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-27780, CVE-2022-27781, CVE-2022-27782
SHA-256 | 477ec6bff1dfd28bf6df200de8f8540192a02b1e6306fa486d364e719ff4bca8
Ubuntu Security Notice USN-5410-1
Posted May 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5410-1 - Lenny Wang discovered that NSS incorrectly handled certain messages. A remote attacker could possibly use this issue to cause servers compiled with NSS to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-25648
SHA-256 | 024993daf9b959e9075f012157b05fdba5d56fc13c1c2804f9ed1a134b8f5c7a
Ruijie Reyee Mesh Router Remote Code Execution
Posted May 11, 2022
Authored by Minh Khoa

Ruijie Reyee mesh routers with ReyeeOS version 1.55.1915 EW_3.0(1)B11P35 and EW_3.0(1)B11P55 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-43164
SHA-256 | 9905dae507eb8530625d18dd769fb31462b102ba1ef93e4d98767d53ee920b23
Joomla SexyPolling 2.1.7 SQL Injection
Posted May 11, 2022
Authored by Wolfgang Hotwagner

Joomla SexyPolling version 2.1.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 24467bea113b84b81b21b6432a86a6b8f1a19434f5022bdee1963531502e80e0
Red Hat Security Advisory 2022-1964-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1964-01 - Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet for retrieval. Then Fetchmail forwards the mail through SMTP so the user can read it through their favorite mail client. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

tags | advisory, remote, denial of service, tcp, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2021-36386, CVE-2021-39272
SHA-256 | 56a9423de5b90a5b76974fef202cb8350dc94cd1c401b9fb36ecb0edbd6e7fed
MyBB 1.8.29 Remote Code Execution
Posted May 11, 2022
Authored by Altelus

MyBB version 1.8.29 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-24734
SHA-256 | b1964aa112c7c928f79b7073c01f6cb887bfbe9b8361eee6191d68c8574b9832
Google Chrome 78.0.3904.70 Remote Code Execution
Posted May 11, 2022
Authored by deadlock

Google Chrome version 78.0.3904.70 suffers from a use-after-free vulnerability that allows for remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2019-13720
SHA-256 | a9832a52e5893b9811e27a815ed2c4abdf52b38a82a53ef447ac4925b565d934
Anuko Time Tracker 1.20.0.5640 SQL Injection
Posted May 11, 2022
Authored by Altelus

Anuko Time Tracker version 1.20.0.5640 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2022-24707
SHA-256 | e4482fcf6e8633bde341b060885eef6ee281ae2dd86d01b3a88b52afec8264a3
Page 1 of 1,186
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close