what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 9,905 RSS Feed

Web Files

Debian Security Advisory 5646-1
Posted Mar 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5646-1 - Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection.

tags | advisory, web, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2023-39360, CVE-2023-39513, CVE-2023-49084, CVE-2023-49085, CVE-2023-49086, CVE-2023-49088, CVE-2023-50250, CVE-2023-50569
SHA-256 | d9158a48c8ed071329b9eb3eddd4e00641007c015236908127fc8e2d8c7008c6
Debian Security Advisory 5645-1
Posted Mar 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5645-1 - Manfred Paul discovered a flaw in the Mozilla Firefox web browser, allowing an attacker to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.

tags | advisory, web, arbitrary, javascript
systems | linux, debian
advisories | CVE-2024-29944
SHA-256 | 4f5d9a853e227dab14b126ce8536d5e0bccc071fc1e3eea740c201c1d75a9146
Debian Security Advisory 5643-1
Posted Mar 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5643-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2023-5388, CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616
SHA-256 | a448517a42a8f898647c5aa7c7b1e0258fff75928a056aa5b3eb6c5fe41ab76b
Red Hat Security Advisory 2024-1431-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1431-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621
SHA-256 | 042d689fc8cb50b8ece70559d244a1def7afed86f869acf6f24510d0752ca7e1
GNUnet P2P Framework 0.21.1
Posted Mar 19, 2024
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Communicator and connectivity bugfixes.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 2faf30a7c965ee27488aa615351736f44a121eeb9316eea19a0fa4904265c2c5
Red Hat Security Advisory 2024-1325-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1325-03 - Red Hat JBoss Web Server 6.0.1 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat, windows
advisories | CVE-2023-5678
SHA-256 | 540b7b318053beca6c43ca6421f58215e773d779e7565d7f8f9ce37a4534795f
Red Hat Security Advisory 2024-1324-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1324-03 - An update is now available for Red Hat JBoss Web Server 6.0.1 on Red Hat Enterprise Linux versions 8 and 9. Issues addressed include HTTP request smuggling, denial of service, and open redirection vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-41080
SHA-256 | 14ca96f0778716067a0fd01e90283cd0c4b4c9ae95ab2ef80f68617412beec80
Red Hat Security Advisory 2024-1319-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1319-03 - Red Hat JBoss Web Server 5.7.8 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat, windows
advisories | CVE-2023-5678
SHA-256 | deeb75081668151356b5819e0c3c816565bd06d4cde4092321e55c63446fff67
Red Hat Security Advisory 2024-1318-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1318-03 - An update is now available for Red Hat JBoss Web Server 5.7.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-5678
SHA-256 | ccd1b28c9aee226c114d792746a7fab0634a491860a7089d7537686112c22c88
Red Hat Security Advisory 2024-1317-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1317-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include buffer overflow, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2023-5678
SHA-256 | f294fa960eaa587cdc822bf85f430e02ab8f0e2a474d3eea8a845e287ccba797
Red Hat Security Advisory 2024-1316-03
Posted Mar 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1316-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Issues addressed include cross site scripting, information leakage, and out of bounds read vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2023-5678
SHA-256 | d3c2a05ee1dd54a907b571ffbc3225f134472eba748786b00d048f19d0a52a7f
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
Posted Mar 12, 2024
Authored by chebuya

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.

tags | exploit, web, javascript, xss
advisories | CVE-2024-28741
SHA-256 | e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1
TP-Link TL-WR740N Buffer Overflow / Denial Of Service
Posted Mar 11, 2024
Authored by Anish Feroz

There exists a buffer overflow vulnerability in the TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request.

tags | exploit, web, denial of service, overflow
SHA-256 | 1ffb14b7cc151eb147dfc888b64259bdf2c04d3a6a304b037e87c8e84424acb5
Debian Security Advisory 5637-1
Posted Mar 8, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

tags | advisory, remote, web, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2023-46724, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7
Ubuntu Security Notice USN-6682-1
Posted Mar 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6682-1 - ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2020-11076, CVE-2020-11077, CVE-2022-23634, CVE-2022-24790, CVE-2023-40175, CVE-2024-21647
SHA-256 | 17369ac09ff469d577917f6a11d6b237c679de121e53f191d4d051615739e955
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation
Posted Mar 6, 2024
Authored by Jim Becher | Site korelogic.com

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.

tags | exploit, web, root
advisories | CVE-2024-2055
SHA-256 | 4e458aef9f797d0714e86e3cbbbe7fdd8225fa1b68b23cd60a66a992d28a4eb5
Artica Proxy 4.50 Unauthenticated PHP Deserialization
Posted Mar 6, 2024
Authored by Jaggar Henry | Site korelogic.com

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630
Ubuntu Security Notice USN-6649-2
Posted Mar 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6649-2 - USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service. Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie response headers in multipart HTTP responses. An attacker could potentially exploit this issue to inject arbitrary cookie values. Gary Kwong discovered that Firefox incorrectly generated codes on 32-bit ARM devices, which could lead to unexpected numeric conversions or undefined behaviour. An attacker could possibly use this issue to cause a denial of service. Ronald Crane discovered that Firefox did not properly manage memory when accessing the built-in profiler. An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-1546, CVE-2024-1548, CVE-2024-1551, CVE-2024-1552, CVE-2024-1555, CVE-2024-1556
SHA-256 | 57493f4eb5405080e87d75b58868c8d0c8ea4844948fc6ac9afc75823a5e7a6f
Red Hat Security Advisory 2024-1134-03
Posted Mar 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1134-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-46589
SHA-256 | 9a81153a104aad1e11caad5121684b4f2b581244c55931558e6c262084aa7073
Red Hat Security Advisory 2024-1092-03
Posted Mar 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1092-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-46589
SHA-256 | 95e054ee219be1ca26cda4b413601eae9272f7ce16f7e06dd96c6194da4f0a90
Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware
Posted Mar 4, 2024
Authored by Raheem Beyah, Ryan Pickren, Tohid Shekari, Saman Zonouz

This is an interesting whitepaper called Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware. The authors present a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies.

tags | paper, web
SHA-256 | 741326e4fbc51ab41e106a049572fa380ad7b01037f9e364be260067feb5194b
Multilaser RE160V / RE160 URL Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160V web management interface versions 12.03.01.08_pt and 12.03.01.09_pt along with RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through URL manipulation.

tags | exploit, web, bypass
advisories | CVE-2023-38945
SHA-256 | e1156731f7c82aa391ee5895789afc5a989d3554ac5a410747604791d0f5fdcc
Multilaser RE160V Header Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160V web management interface versions 12.03.01.09_pt and 12.03.01.10_pt suffer from an access control bypass vulnerability through header manipulation.

tags | exploit, web, bypass
advisories | CVE-2023-38944
SHA-256 | c6cf3a65cbce62dca49ea866ac9a7ace5aa59a5dad1fb6abba12d3e96e453625
Ubuntu Security Notice USN-6671-1
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.

tags | advisory, remote, web, php
systems | linux, ubuntu
advisories | CVE-2023-29197
SHA-256 | 27772bf11ba58e6506ed22ecdca799a5cc5144ec12da1e50691c8a33285fc90d
Ubuntu Security Notice USN-6670-1
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.

tags | advisory, remote, web, php
systems | linux, ubuntu
advisories | CVE-2022-24775
SHA-256 | f678a48ca90812aa9d2b76350886677e9b4c1db467f139d16a69adc2ef646f7c
Page 3 of 397
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close