what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 31,476 RSS Feed

Remote Files

Relate Learning And Teaching System SSTI / Remote Code Execution
Posted Apr 19, 2024
Authored by kai6u

Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Markup Sandbox function.

tags | exploit, remote, code execution
SHA-256 | dc9ebb411726c774da4987d54d2ba2f224359e747d24c55618c19978e8b73e8a
Debian Security Advisory 5664-1
Posted Apr 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.

tags | advisory, java, remote, web, denial of service, tcp
systems | linux, debian
advisories | CVE-2024-22201
SHA-256 | f811fdb59918d1ff6c0f69e7c41be61c5a9681f083aca6ccdb106ccc1fb89b43
Ubuntu Security Notice USN-6729-2
Posted Apr 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
SHA-256 | 48e8f6ab38e454ffe37a65ae74aa96cb5b3942a28276a0cc0f3a974d4716ae83
Ubuntu Security Notice USN-6726-3
Posted Apr 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52444, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52454, CVE-2023-52470, CVE-2023-52612, CVE-2024-0607, CVE-2024-23851
SHA-256 | fbdef91004d190c96cf4e043eaae82ae1153ee17c38e14e93c908daa2a909e66
Ubuntu Security Notice USN-6726-2
Posted Apr 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52444, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52454, CVE-2023-52470, CVE-2023-52612, CVE-2024-0607, CVE-2024-23851
SHA-256 | 729c2c491401a2ba3cbcc24fc7e792dce6e1d41caac420160758655bfe67ca27
Ubuntu Security Notice USN-6725-2
Posted Apr 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-1194, CVE-2023-32254, CVE-2023-32258, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431, CVE-2023-3867, CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52442, CVE-2023-52444
SHA-256 | 6d7cd6326721629b499ff1a4ed3916c1134b9cf7a03933ebb2aad8ffbd18a71d
Centreon 23.10-1.el8 SQL Injection
Posted Apr 16, 2024
Authored by Cody Sixteen | Site code610.blogspot.com

Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434
Ubuntu Security Notice USN-6735-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
SHA-256 | 68173f83f0f09f1ae43ac3a78cd02b33b6ccf09520b2e1d1d103a308c74bddd3
Ubuntu Security Notice USN-6733-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2024-28834, CVE-2024-28835
SHA-256 | dfebcedb7a860d4a621a8d974617128c42cd5bb110089a91567169351a2f584d
Ubuntu Security Notice USN-6732-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-42843, CVE-2024-23254
SHA-256 | de34dd341ebb6d403b4c828166ceeda34879902207f833c29fa8ffd18d7ee2ad
CrushFTP Remote Code Execution
Posted Apr 15, 2024
Authored by Christophe de la Fuente, Ryan Emmons | Site metasploit.com

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.

tags | exploit, remote, web, code execution
advisories | CVE-2023-43177
SHA-256 | fc2503cafa5ba3115896a3dc2baf8a4ded20d177d35f6003c3053acbcc5a8f5a
GLPI 10.x.x Remote Command Execution
Posted Apr 15, 2024
Authored by V3locidad

GLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.

tags | exploit, remote, shell
advisories | CVE-2024-31705
SHA-256 | 0937b05f1fb5c8e26650b3ff3036018e86cdfd467308fd6c3e1b37d5aa588d9c
BMC Compuware iStrobe Web 20.13 Shell Upload
Posted Apr 15, 2024
Authored by trancap

BMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.

tags | exploit, remote, web, shell
advisories | CVE-2023-40304
SHA-256 | 3c3484f8fcc75a92702655ca438887e9feb947e1b2bba0fc5284d6ea230f3db7
Kruxton 1.0 SQL Injection
Posted Apr 15, 2024
Authored by nu11secur1ty

Kruxton version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cd
Kruxton 1.0 Shell Upload
Posted Apr 15, 2024
Authored by nu11secur1ty

Kruxton version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4
WBCE 1.6.0 SQL Injection
Posted Apr 15, 2024
Authored by Young Pope

WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-39796
SHA-256 | 18873adacfde1b4805b4a6b105109b6e4a03d0a85a9440207f1364a7e3ae897b
AMPLE BILLS 0.1 SQL injection
Posted Apr 15, 2024
Authored by nu11secur1ty

AMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d20b6ec27d1eeff141c08bd7cfa9127bb8953085c6f65df0d3f8a8e79abd9901
Moodle 3.10.1 SQL Injection
Posted Apr 15, 2024
Authored by Julio Ángel Ferrari

Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-36393
SHA-256 | e3ce711f4b8356d012259f34f7f227e8907a46d0f7af6bb3c35ce4c0de5a0e57
Online Fire Reporting System 1.2 SQL Injection
Posted Apr 15, 2024
Authored by Diyar Saadi

Online Fire Reporting System version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 9342b7d21282ed54ce4702c6cda7276732332887ecb951f160125d0470ad7553
Stock Management System 1.0 SQL Injection
Posted Apr 15, 2024
Authored by Josué Mier

Stock Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-51951
SHA-256 | ee8f6806eb002eeb79308e1f582300e6c9e5c6963aed8ff7b5b730994fc80298
Ubuntu Security Notice USN-6729-1
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
SHA-256 | b6b856a665b8ccd0c761b17ac9d0990bb16f01e11f4e9c76e440d6681ef8b0fd
Ubuntu Security Notice USN-6727-2
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
SHA-256 | 98f7aae4d30d1b37976aae71c2f8f3d1c09fb49865d4abec3139169342e9663a
TOR Virtual Network Tunneling Tool 0.4.8.11
Posted Apr 11, 2024
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is a minor release mostly to upgrade the fallbackdir list. Worth noting also that directory authority running this version will now automatically reject relays running the end of life 0.4.7.x version.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 8f2bdf90e63380781235aa7d604e159570f283ecee674670873d8bb7052c8e07
Ubuntu Security Notice USN-6727-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
SHA-256 | 2c691be3dfb8ed61396b4eb86ac7b035f8344a516e272f6ffb13c26ac0186bd9
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67
Page 3 of 1,259
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close