what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 9,832 RSS Feed

Web Files

Ubuntu Security Notice USN-6671-1
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.

tags | advisory, remote, web, php
systems | linux, ubuntu
advisories | CVE-2023-29197
SHA-256 | 27772bf11ba58e6506ed22ecdca799a5cc5144ec12da1e50691c8a33285fc90d
Ubuntu Security Notice USN-6670-1
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.

tags | advisory, remote, web, php
systems | linux, ubuntu
advisories | CVE-2022-24775
SHA-256 | f678a48ca90812aa9d2b76350886677e9b4c1db467f139d16a69adc2ef646f7c
Debian Security Advisory 5627-1
Posted Feb 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5627-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
SHA-256 | fecc020dcddb2184341c57558aa3f486e8ee301dd59c165be89472e03edd082b
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
Posted Feb 22, 2024
Authored by Spencer McIntyre, jheysel-r7, sfewer-r7 | Site metasploit.com

There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. The vulnerable endpoint is the quick.cgi component, exposed by the device's web based administration feature. The quick.cgi component is present in an uninitialized QNAP NAS device. This component is intended to be used during either manual or cloud based provisioning of a QNAP NAS device. Once a device has been successfully initialized, the quick.cgi component is disabled on the system. An attacker with network access to an uninitialized QNAP NAS device may perform unauthenticated command injection, allowing the attacker to execute arbitrary commands on the device.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2023-47218
SHA-256 | 512c538bc485b9095fb0fb14daba0e91a985496262d3017dc3aaf05f8005e9ad
FreeIPA 4.10.1 Denial Of Service / Information Disclosure
Posted Feb 22, 2024
Authored by Robb Gatica

FreeIPA version 4.10.1 has an issue where specially crafted HTTP requests potentially lead to denial of service or data exposure.

tags | exploit, web, denial of service, info disclosure
advisories | CVE-2024-1481
SHA-256 | ed1964cddf58cd1a3b007267cb1f6a3b11008a5d76ebdb87f9a639382cd73688
Red Hat Security Advisory 2024-0797-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0797-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and memory leak vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2023-0809
SHA-256 | fdbbd57607f130b4c54c0800d0beaa175779ea55ec23b8708b91d7e8a5db788e
Ubuntu Security Notice USN-6631-1
Posted Feb 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2024-23206
SHA-256 | 4b6f4fc061a2d62f4bfc4c023b3a9687f579682d0d0d93b1e1032a14339c54da
WyreStorm Apollo VX20 Incorrect Access Control
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.

tags | exploit, remote, web
advisories | CVE-2024-25736
SHA-256 | 71ed0ed4b76f256b8bd1404c82d84f6ea9cb5e1dc7d524c924f1e48e87fda240
WyreStorm Apollo VX20 Credential Disclosure
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.

tags | exploit, web
advisories | CVE-2024-25735
SHA-256 | a6feae36b231357c01d0981614dd1286ff4a68f77ee073b39519e2b9ab1fa9aa
Debian Security Advisory 5618-1
Posted Feb 9, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, debian, apple
advisories | CVE-2024-23206, CVE-2024-23213, CVE-2024-23222
SHA-256 | 6da18f2f63505ce1e7bc16caeda8561a73818bb23b24d17427a1f16b8fcfce64
GoAhead Web Server 2.5 HTML Injection
Posted Feb 2, 2024
Authored by Syed Affan Ahmed

GoAhead Web Server version 2.5 suffers from an html injection vulnerability.

tags | exploit, web
SHA-256 | 24379e92a45cc4550d65aa00b2c98eadf098d5bae864bf1e06214b44e2d34384
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
Posted Feb 2, 2024
Authored by ItsSixtyN3in

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

tags | exploit, web, arbitrary, shell, protocol
advisories | CVE-2023-42222
SHA-256 | 697050685574d8cbeaf2f42aaa7b87535a8f6cf1ec1ce436dac7c65634057623
Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling
Posted Feb 1, 2024
Authored by xer0dayz | Site sn1persecurity.com

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable.

tags | exploit, web
advisories | CVE-2024-21733
SHA-256 | 9daa4b224c94ad0336e94e92c1982742af04bc736d61fa10874a83b9c581e7c5
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.

tags | exploit, web
SHA-256 | 4ca01a27bd0ca6409f7d71dc7c9c036577b1fa85f80f0723476544a5ed69de48
TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.

tags | exploit, remote, web, root, code execution
SHA-256 | 46341d10fda6afba8c75a394bb4b32d1f7ec8fe113f6eab57560a1e8d79ab38a
Mirth Connect 4.4.0 Remote Command Execution
Posted Jan 31, 2024
Authored by r00t, Spencer McIntyre, Naveen Sunkavally | Site metasploit.com

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was patched in Mirth Connect version 4.4.1. This Metasploit module has been tested on versions 4.1.1, 4.3.0 and 4.4.0.

tags | exploit, web
advisories | CVE-2023-37679, CVE-2023-43208
SHA-256 | c858fd93ded0a54a221c8cbb76027c1a54979c692f2f5ec5173f8b90a63ff30f
Red Hat Security Advisory 2024-0579-03
Posted Jan 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0579-03 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory, web, perl
systems | linux, redhat
advisories | CVE-2023-31486
SHA-256 | 305dc2f086ab6e0e53625586d951b53484607a613c38d21f967e4be258a875b9
Red Hat Security Advisory 2024-0539-03
Posted Jan 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0539-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-46589
SHA-256 | fa8e47d23f41893222add00ec7a6bbf4aed63207797d5557aa4db12b1466b6e9
Red Hat Security Advisory 2024-0532-03
Posted Jan 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0532-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-46589
SHA-256 | dce485660d40f94ccbc089e2371032d2c58c266c738cd21080e6323e780ef70b
Atlassian Confluence SSTI Injection
Posted Jan 26, 2024
Authored by Spencer McIntyre, Harsh Jaiswal, Rahul Maini | Site metasploit.com

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

tags | exploit, web
advisories | CVE-2023-22527
SHA-256 | 39194aa16a97418685a42e7cf82542a18f6236bb69aa758c9c1945fa2ea34f1e
Red Hat Security Advisory 2024-0422-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0422-03 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory, web, perl
systems | linux, redhat
advisories | CVE-2023-31486
SHA-256 | e4957a0a123d4ead65bccbb63ecc1372120a026d69b2cd8599a332bb5bf561d2
Debian Security Advisory 5606-1
Posted Jan 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5606-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, phishing, clickjacking, privilege escalation, HSTS bypass or bypass of content security policies.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
SHA-256 | 62d054980f489d3898ce1066f25faf04fd13bf8be86866e7e9ef0b8a86cbb08d
MiniWeb HTTP Server 0.8.19 Denial Of Service
Posted Jan 24, 2024
Authored by Fernando Mengali

MiniWeb HTTP Server version 0.8.19 remote denial of service exploit.

tags | exploit, remote, web, denial of service
SHA-256 | 806cf14b7bfbe59afa0635741b17030d35d81c1c23dfffe46710ae798f71c671
Ubuntu Security Notice USN-6594-1
Posted Jan 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6594-1 - Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP request parsing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-49285, CVE-2023-49286, CVE-2023-50269
SHA-256 | db3db3f46c79cee5c6cf7b45a6f9a763efc55e8e7951b7556929117aafe4bdb0
Ubuntu Security Notice USN-6590-1
Posted Jan 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1311, CVE-2023-37536
SHA-256 | f40dc28e3c1750f24d759d3d0e4256073e4117e784f8a54448ad19d71f59eb02
Page 1 of 394
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close