exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 9,400 RSS Feed

Web Files

Micro Focus GroupWise Session ID Disclosure
Posted Jan 27, 2023
Authored by Stefan Pietsch | Site trovent.io

Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the browser history or the server log files is able to take control of the user session with the help of the session ID. Versions prior to 18.4.2 are affected.

tags | exploit, web
advisories | CVE-2022-38756
SHA-256 | 45d877f2bc8d1d68f308fad7fe918c90f982d284964eee41b93805a3c6fb1ad2
Red Hat Security Advisory 2023-0479-01
Posted Jan 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0479-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2022-2850
SHA-256 | d5a8a460836a1434a477fb5c4989e348088a2cd4c81068198b4abc49a30ab0ac
Secure Web Gateway 10.2.11 Cross Site Scripting
Posted Jan 26, 2023
Site redteam-pentesting.de

Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.

tags | exploit, web, arbitrary, javascript, xss
advisories | CVE-2023-0214
SHA-256 | f0bbf9c04ccb2873653f86035ec08f7b9388e540d28d2f705eaf53a75692bfea
Debian Security Advisory 5326-1
Posted Jan 25, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-43548
SHA-256 | 72e5be8502372f25a305cf0e5e848f49100f6c4c07231ed340c9052cb558a635
Ubuntu Security Notice USN-5806-2
Posted Jan 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-2 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 5e9eaa591a250702e16d36f855a65138db55f846075d60d7208d9a3e346086a8
Red Hat Security Advisory 2023-0294-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0294-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | ab4c27a56bfd50be18a850fba4a30e3a052a6b53070d078de5e0ebe47efa7d99
Red Hat Security Advisory 2023-0321-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0321-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-3517, CVE-2022-35256, CVE-2022-43548
SHA-256 | e0c653b344cad061ff2db4d48425d59d51ad956a499681962b6bdd29869c3026
Red Hat Security Advisory 2023-0289-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0289-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | f8a347e68750841335df8e115c8ea7b16322d3d5febd59dfe769fef4aaf8cab1
Red Hat Security Advisory 2023-0290-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0290-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | 883d4c7cbf458e7d07ae35c725fe10a741cb801d639bd372c4f5f711e48aa2c7
Red Hat Security Advisory 2023-0333-01
Posted Jan 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0333-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2022-32221
SHA-256 | bd289a2fa2e1a33cbfb8e8eba477c0aa660f2e89cda2d1d059db45b1930f32cf
Ubuntu Security Notice USN-5816-1
Posted Jan 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2023-23597, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23604, CVE-2023-23606
SHA-256 | fc001643a6e5b7c0b2a05ecbee48a78fcb234cb56c2c6ca5347f8ad3e4ce89ab
Red Hat Security Advisory 2023-0288-01
Posted Jan 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | 42ffb63a49095d8ee149f774976094f19968a0792fd304aa41ac09aef23cbf7c
Red Hat Security Advisory 2023-0285-01
Posted Jan 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | 3b1592820bbef193d075e1f870ea6136f7164b3d9d1035ab9b0a4ed30b84d808
Red Hat Security Advisory 2023-0286-01
Posted Jan 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | a37de55d70917803971d4d395a27286d31189d6db7e26297aeb1a6c1aa260d80
Red Hat Security Advisory 2023-0295-01
Posted Jan 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | f885933cc426c44b869b00f992c2be8404a34f40a48bdb337b1dc4cca61cd2e3
Red Hat Security Advisory 2023-0296-01
Posted Jan 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0296-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | f131ce619ab7f571bc3f1cad93ca9f7c57b463c9f6830ee5a7c65cb9cb0d6fe2
Debian Security Advisory 5322-1
Posted Jan 19, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5322-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605
SHA-256 | eb4baacbcf64fe1cdd00c7283b49fcb3f7f1bbde124afc14c22a6e4c843a15ee
Ubuntu Security Notice USN-5806-1
Posted Jan 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 75ea48c38a96b7594dbd0877d422b431f6c885a45730d787e0fa46952d38d26c
Debian Security Advisory 5316-1
Posted Jan 12, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5316-1 - Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.

tags | advisory, java, web, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915
SHA-256 | d79e44dc740a4bdba61067f17bc2f8d1870d872798afcbc0a4bdd6ffab09ccdd
eCart Web 5.0.0 Cross Site Scripting
Posted Jan 12, 2023
Authored by CraCkEr

eCart Web version 5.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | e72f56a0b136ad4d7215662fb4e94fa28b79b57e199ed4353a8831db37b3da89
Ubuntu Security Notice USN-5798-1
Posted Jan 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5798-1 - Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-21538
SHA-256 | 6f04e95fb87ef0a2799772fb3d4c02ce94894556c53f409d710c5dc07039eaa0
eCart Web 4.0.0 Insecure Settings
Posted Jan 11, 2023
Authored by indoushka

eCart Web version 4.0.0 appears to leave a default administrative account in place post installation.

tags | exploit, web
SHA-256 | 5f4831484c2a6347bfd3953e993fa0b0c543702e4b64f7aae13418bbf440e002
Ubuntu Security Notice USN-5797-1
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-42852, CVE-2022-46698
SHA-256 | 7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cd
GNUnet P2P Framework 0.19.2
Posted Jan 9, 2023
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This is a bugfix release for gnunet 0.19.1.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 86034d92ebf8f6623dad95f1031ded1466e064b96ffac9d3e9d47229ac2c22ff
Debian Security Advisory 5311-1
Posted Jan 9, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5311-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling, cache poisoning or denial of service.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2022-32749, CVE-2022-37392
SHA-256 | 990cbc4c27bc00413fc821fd5e596736910270440e68916352b4cf984d9ea06a
Page 1 of 376
Back12345Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close