what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 9,410 RSS Feed

Web Files

Red Hat Security Advisory 2022-9065-01
Posted Dec 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9065-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-46872, CVE-2022-46874, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882
SHA-256 | d7b71f8ab7d04e3a2223e9ec51ca37914e60a8abc7014be8e347787012669878
Red Hat Security Advisory 2022-9069-01
Posted Dec 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-46872, CVE-2022-46874, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882
SHA-256 | 179b42abc7269deb75077c6b772f4862d682ae191b4b2f73be3a3a6a2b50edb6
Red Hat Security Advisory 2022-9067-01
Posted Dec 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9067-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-46872, CVE-2022-46874, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882
SHA-256 | bb538703d7a7da2f35956b5dc721c5fd9e8d48971e267c3ca7b881d369339afa
Syncovery For Linux Web-GUI Authenticated Remote Command Execution
Posted Dec 15, 2022
Authored by Jan Rude | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync and Backup Software for Linux. Successful exploitation results in remote code execution under the context of the root user. Syncovery allows an authenticated user to create jobs, which are executed before/after a profile is run. Jobs can contain arbitrary system commands and will be executed as root. A valid username and password or a session token is needed to exploit the vulnerability. The profile and its log file will be deleted afterwards to disguise the attack. The vulnerability is known to work on Linux platforms. All Syncovery versions prior to v9.48j are vulnerable including all versions of branch 8.

tags | exploit, remote, web, arbitrary, root, code execution
systems | linux
advisories | CVE-2022-36534
SHA-256 | b41779b455720b7b8cb72926f609166a1f6c239f4d750374145be32ae680ed11
Red Hat Security Advisory 2022-9047-01
Posted Dec 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9047-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2020-28851, CVE-2020-28852, CVE-2020-35525, CVE-2020-35527, CVE-2022-0561, CVE-2022-0562, CVE-2022-0865, CVE-2022-0891, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924, CVE-2022-1122, CVE-2022-1304
SHA-256 | 58d1307f76e7139a63f6f7c8afd46290dea17ded1afee0e63040db0d909d0384
Debian Security Advisory 5301-1
Posted Dec 15, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5301-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

tags | advisory, web, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2022-46872, CVE-2022-46874, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882
SHA-256 | 998d98bd85e16151c70c3c5fcc984187b5b27cda212186624cc0294f29660fcc
Red Hat Security Advisory 2022-8979-01
Posted Dec 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8979-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421
SHA-256 | 2ca106659e26399f6d4f1257e1f34b6aec180ba69766ba50dda24cb2f6fabe5c
Red Hat Security Advisory 2022-8961-01
Posted Dec 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8961-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-3782, CVE-2022-3916
SHA-256 | 5c8ce56ee1f2c86f1f8734d64eaa4d78ed918eb2953a1c166a626ba2e4dea419
Red Hat Security Advisory 2022-8965-01
Posted Dec 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8965-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-3782, CVE-2022-3916
SHA-256 | d2feea83fad64ea4d198b531bfbe9902c37d5e8a7c1d4e10d680be21e3606408
Red Hat Security Advisory 2022-8963-01
Posted Dec 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8963-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-3782, CVE-2022-3916
SHA-256 | 6fe19e9f510713b327df995e76aebdbf9fae928ee75195911d44118991bed8b9
Red Hat Security Advisory 2022-8962-01
Posted Dec 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8962-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-3782, CVE-2022-3916
SHA-256 | dbbbf9b930b66d7742d30ab946499edb4fb25e83dbcdfdc1c21d77bfb3832d11
Red Hat Security Advisory 2022-8917-01
Posted Dec 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8917-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

tags | advisory, java, web, code execution
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-2068
SHA-256 | e2ebdbaf4c79d3de91c8c304faa329eba295ed6a073effe53a962cd2f1ed5044
Red Hat Security Advisory 2022-8913-01
Posted Dec 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

tags | advisory, java, web, code execution
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-2068
SHA-256 | 3e504f38beac3d1906cd48f6f34212f6eeba7ec47f89bcdde4c10f1dd05640de
Debian Security Advisory 5298-1
Posted Dec 10, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5298-1 - Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2022-0730, CVE-2022-46169
SHA-256 | 38376423fba98ccf902e3440638ff214aa8379cbe6575ced8ec5560ad8d44180
Spitfire CMS 1.0.475 PHP Object Injection
Posted Dec 10, 2022
Authored by LiquidWorm | Site zeroscience.mk

Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.

tags | exploit, web, php
SHA-256 | 3c6793041f6ef605d3f154b6af494fe31faa2d9c2220beafffe81f474b92710d
Intel Data Center Manager 4.1 SQL Injection
Posted Dec 9, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected.

tags | exploit, web, sql injection
advisories | CVE-2022-21225
SHA-256 | a04c70c3c5d6b08862017de94ee487ead5f2b2595fd13961e1c80a947b2d275c
Intel Data Center Manager 5.1 Local Privilege Escalation
Posted Dec 9, 2022
Authored by Julien Ahrens | Site rcesecurity.com

The latest version (5.1) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate their privileges to root by abusing a weak sudo configuration for the "dcm" user.

tags | exploit, remote, web, local, root, code execution
SHA-256 | 566ceaa70e7ce9a3bd9825a0b7a97b644b608fe05fd23b30746e3017a5408ae6
Red Hat Security Advisory 2022-8840-01
Posted Dec 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-2068, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-30522, CVE-2022-31813, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221
SHA-256 | 5b7994ef1ac893da1796d6f141c46df2497e2f625c087c27f1b69c902e826051
Red Hat Security Advisory 2022-8841-01
Posted Dec 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-2068, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-30522, CVE-2022-31813, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221
SHA-256 | 222fd306b69d048e15681a3ca9c45ddbb178b2c60ccd178af9bd088b1604a60b
Red Hat Security Advisory 2022-8886-01
Posted Dec 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8886-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2022-2850
SHA-256 | 070cc2e7e028467b23d693e67b2052c2ebf2a45e6ed2cb6ca60c870c001b227f
Windows HTTP.SYS Kerberos PAC Verification Bypass / Privilege Escalation
Posted Dec 8, 2022
Authored by James Forshaw, Google Security Research

The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.

tags | exploit, web
systems | windows
advisories | CVE-2022-35756, CVE-2022-41057
SHA-256 | 73ffca14ecbbd49fef40fa8d7691f553f1cd6ed289aaa1f61656fcd866416f5a
GNUnet P2P Framework 0.19.0
Posted Dec 6, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Added function to compute channel name for notifications. Improved platform-specific includes in builds. Large refactor in order to restore some sanity with respect to private defines used in headers. Various other updates.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 468f4859ee0bd2a20fcb857446c69ada9d38ff002d7530785a5364e298e3a52f
Evernote Web Clipper Same-Origin Policy Bypass
Posted Dec 6, 2022
Authored by Tavis Ormandy, Google Security Research

Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post.

tags | advisory, web, bypass
SHA-256 | edeb6d56c9d50dfe6a6599592c18c494c4d5dc6ad6ea545586270e0e19511589
perfSONAR 4.4.4 Open Proxy / Relay
Posted Nov 30, 2022
Authored by Ryan Moore | Site github.com

perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to exfiltrate or enumerate data from internal web servers. This vulnerability was patched in perfSONAR version 4.4.5. Versions 4.x through 4.4.4 are affected. There is a whitelisting function that will mitigate, but is disabled by default.

tags | exploit, web, cgi
advisories | CVE-2022-41412
SHA-256 | 57258cc3a50359f248bba303d6a0892af6f77e5cbd93340c72b5018222e14550
Red Hat Security Advisory 2022-8643-01
Posted Nov 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8643-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-45060
SHA-256 | fb0469e9b99832b5d15fffff633cebe820a0d958f29c08a50ed459f6b8a8c531
Page 3 of 377
Back12345Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close