exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 9,114 RSS Feed

Web Files

Ubuntu Security Notice USN-5642-1
Posted Sep 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-32886
SHA-256 | a741c88fdbcebba263f141b68dade06af9876160b8164996177be9bce2fc3196
Red Hat Security Advisory 2022-6700-01
Posted Sep 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6700-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962
SHA-256 | dafd72b7bf734bd717bfdaaa1708062cbc777b989ed3ead8a2faae336c84214b
Red Hat Security Advisory 2022-6701-01
Posted Sep 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6701-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962
SHA-256 | 8a3f8b8dd7b904179e1e01a7b08baf64d701dca8e3ee20438188b8c5c63fc174
Red Hat Security Advisory 2022-6702-01
Posted Sep 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6702-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962
SHA-256 | 73a0682f3f98723c147cfcc89e3db902a5b3cf9182352ac9259f96d35799e22b
Red Hat Security Advisory 2022-6703-01
Posted Sep 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6703-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962
SHA-256 | ff4a5e3549c4462110159ecbcce0fd4073eb03774df527b5fe04d7ac754c1608
Red Hat Security Advisory 2022-6707-01
Posted Sep 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6707-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962
SHA-256 | 0eb702c98a55fad0b0385f6e44077d9d9e6cf389b638f971717a1c6cda58d996
Red Hat Security Advisory 2022-6711-01
Posted Sep 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6711-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962
SHA-256 | e44fb9e20b1093c6e6940033d2ccfdb7d433b1ded504ff393ec662153f9a979d
GNUnet P2P Framework 0.17.6
Posted Sep 26, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Added transactional API and removed heap storage storage plugin in NAMESTORE. Added optional authentication for all REST endpoints. A few other bug fixes.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 249358ef3b10ce99810781fedaec526a6eab943c120e4bba096aedf91c1afc40
Ubuntu Security Notice USN-5629-1
Posted Sep 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5629-1 - It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic.

tags | advisory, web, python
systems | linux, ubuntu
advisories | CVE-2021-28861
SHA-256 | 8ed17abf4d4b43b1e2bb7cde1858817522b51ed63ec4e2aa8a769c70b7853ef1
WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting
Posted Sep 23, 2022
Authored by UnD3sc0n0c1d0

WordPress 3dady Real-Time Web Stats plugin version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 9bc44384be766635f2fbfc237ec0aeb19285a6e3efb8c861d02d2212924dd3fe
Unified Remote Authentication Bypass / Code Execution
Posted Sep 21, 2022
Authored by h00die, H4rk3nz0 | Site metasploit.com

This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the web page is not accessible, exploitation will be tried blindly. This module has been successfully tested against version 3.11.0.2483 (50) on Windows 10.

tags | exploit, remote, web, protocol
systems | windows
advisories | CVE-2022-3229
SHA-256 | 6c2eb4ad5b1e41ad931f1a7eef24882ce7a6fe92ea15f97c143643b989a7e758
Red Hat Security Advisory 2022-6595-01
Posted Sep 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-28469, CVE-2020-7788, CVE-2021-33502, CVE-2021-3807, CVE-2022-29244, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-33987
SHA-256 | a6961a3c20a833fe5635cad7db7c48ff9a47c9caef6c3b83e0adc20879e8427d
Red Hat Security Advisory 2022-6634-01
Posted Sep 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6634-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2022-32893
SHA-256 | c6157b35e3ae9c1fa9369166194aee93eb2e2b468608edc2bca8eb7131772eec
Red Hat Security Advisory 2022-6541-01
Posted Sep 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6541-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | 31e06af192874dd30d3a85b7cb09c29d3a3dcfb884ab079d8e1ed05690b96675
SAP SAPControl Web Service Interface Local Privilege Escalation
Posted Sep 16, 2022
Authored by M. Li | Site sec-consult.com

SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition.

tags | exploit, web
advisories | CVE-2022-29614
SHA-256 | 5f21a47194e596c49a31455b6731ab60cd1e4e77d9094e16a002d5a7d296e114
Chrome LinkToTextMenuObserver::CompleteWithError Heap Use-After-Free
Posted Sep 16, 2022
Authored by Google Security Research, Glazvunov

A use-after-free issue exists in Chrome 104 and earlier versions. Processing maliciously crafted web content may lead to arbitrary code execution in the browser process. LinkToTextMenuObserver holds a raw pointer to a RenderFrameHost object, but is not owned by the frame host and does not watch for frame host destruction events. Therefore, if an attacker manages to destroy the frame host right after the observer is created but before the timeout task posted in StartLinkGenerationRequestWithTimeout() is executed, use-after-free will occur.

tags | exploit, web, arbitrary, code execution
advisories | CVE-2022-2998
SHA-256 | 071c2f32b441a15bf0f0c6db3397a3899a646938aeb7df15abb5fc345c9589e8
Red Hat Security Advisory 2022-6542-01
Posted Sep 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6542-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
SHA-256 | 68bf1d235da93117cff40ab6ea814ef4085f0dc2038277e7f4087fb2b57977d3
Red Hat Security Advisory 2022-6540-01
Posted Sep 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6540-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2022-32893
SHA-256 | 16ea8802f04a81921830d729cbaa965cc7e23d61bb310c9c77b6c22890aa8ea0
Ubuntu Security Notice USN-5611-1
Posted Sep 14, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5611-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-32893
SHA-256 | 60c330fa46368709ea406625c1ec1cc6436b536d6444eecbfa7d1d45aa1defad
Red Hat Security Advisory 2022-6448-01
Posted Sep 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-33987
SHA-256 | 77059a5029e5fa0f7d043f17c6d1f94d86241739d27ad64bf098f71c62c37a97
Red Hat Security Advisory 2022-6449-01
Posted Sep 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-3807, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-33987
SHA-256 | cb5e66f8d412a46f5aff9c83c590b5c65a0a1bb01a1496c984882a20d23a1261
Red Hat Security Advisory 2022-6429-01
Posted Sep 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-13435, CVE-2020-14155, CVE-2020-15586, CVE-2020-16845, CVE-2020-24370
SHA-256 | 97d00be8290b2a65989161b47f8aa4313ba4132452bc72e5a92601cc91b50aa6
Hydra Network Logon Cracker 9.4
Posted Sep 8, 2022
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian. Small fix for weird RTSP servers. Added "2=" optional parameter to http-post-form module to tell hydra that a "302" HTTP return code means success. Replaced wait3 with waitpid for better compatibility.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | c906e2dd959da7ea192861bc4bccddfed9bc1799826f7600255f57160fd765f8
Red Hat Security Advisory 2022-6389-01
Posted Sep 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-33987
SHA-256 | 49695c2ea32250dc6f60d34ea01d791f6c7a8d449b5c3c62b72f902aedb970b1
Cisco ASA-X With FirePOWER Services Authenticated Command Injection
Posted Sep 5, 2022
Authored by jbaines-r7 | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access to this diverted traffic as well. This module requires ASDM credentials in order to traverse the ASDM interface. A similar attack can be performed via Cisco CLI (over SSH), although that isn't implemented here. Finally, it's worth noting that this attack bypasses the affects of the lockdown-sensor command (e.g. the virtual machine's bash shell shouldn't be available but this attack makes it available). Cisco assigned this issue CVE-2022-20828. The issue affects all Cisco ASA that support the ASA FirePOWER module (at least Cisco ASA-X with FirePOWER Service, and Cisco ISA 3000). The vulnerability has been patched in ASA FirePOWER module versions 6.2.3.19, 6.4.0.15, 6.6.7, and 7.0.21. The following versions will receive no patch: 6.2.2 and earlier, 6.3.*, 6.5.*, and 6.7.*.

tags | exploit, web, shell, root, bash
systems | cisco, linux
advisories | CVE-2022-20828
SHA-256 | 68e16d3ce86c6321808a38fd985d56e82e3e74f93b1ebe13be653fa09e00432e
Page 1 of 365
Back12345Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close