what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 66 RSS Feed

Files Date: 2023-05-16

Ivanti Avalanche FileStoreConfig Shell Upload
Posted May 16, 2023
Authored by Shelby Pace, Piotr Bazydlo | Site metasploit.com

Ivanti Avalanche versions prior to 6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve remote command execution as NT AUTHORITY\SYSTEM.

tags | exploit, remote, web, root
advisories | CVE-2023-28128
SHA-256 | 2d460c161e59ed0128cbce4a78b4bddc06c84edf0d04e1d6643a9c60b4012dc5
Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload
Posted May 16, 2023
Authored by Fabian Densborn, Bernhard Grundling | Site sec-consult.com

Kiddoware Kids Place Parental Control Android App versions 3.8.49 and below suffer from weak hashing, cross site request forgery, cross site scripting, and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload, csrf
advisories | CVE-2023-28153, CVE-2023-29078, CVE-2023-29079
SHA-256 | b33a2a364778cd72fba75e79c7bdf844aa87c6638b73e7e53fb94bf760948718
Telegram On macOS TCC Bypass
Posted May 16, 2023
Authored by Dan Revah | Site danrevah.github.io

This article focuses on a weakness in the Telegram application on macOS that allows for the injection of a Dynamic Library (or Dylib for short). The article will cover several basic concepts in macOS to provide the relevant background that will help the reader understand the process of identifying the weakness and writing an exploit that will gain a local privilege escalation by getting access to the camera through the permissions that were previously granted to the Telegram application.

tags | exploit, local
advisories | CVE-2023-26818
SHA-256 | ff2c92c6de4309a150cf45e77231bdbfd2d4e121543c5abfa55fd4e59bdc5704
VideoStream Local Privilege Escalation
Posted May 16, 2023
Authored by Dan Revah | Site danrevah.github.io

This blog post discusses a local privilege escalation vulnerability discovered within the macOS Videostream application. They author walks you through the process of identifying the vulnerability and shares how they crafted an exploit to leverage it for gaining escalated local privileges.

tags | exploit, local
advisories | CVE-2023-25394
SHA-256 | 3002fbeabb52c31d66e7c2256d465be61d929766d1ffad4af54f345f3647cbe0
GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection
Posted May 16, 2023
Authored by nu11secur1ty

GaanaGawaana Music Platform PHP Script version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
SHA-256 | a82fb377371d1856a3f37cb5f375bdcdf4cec2a963adf0fc1fe40ca4153275e7
Not-Too-Safe Boot
Posted May 16, 2023
Authored by Zero-Day Zone | Site zerodayzone.com

In this paper, the authors provide an in-depth analysis of the Not-Too-Safe Boot technique, which has been designed to bypass Endpoint Security Solutions like antivirus (AV), endpoint detection and response (EDR) and anti-tampering mechanisms remotely. This method builds on a local execution technique first published in 2007 and later utilized in a real world scenario by a ransomware in 2019.

tags | paper, local
SHA-256 | 4ab12a59151aa94280a3b9d4b96f18a83bea50df9c1d7059e19c8266fbd31001
Ubuntu Security Notice USN-6077-1
Posted May 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6077-1 - Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968
SHA-256 | e55b8ae2444473529159e92a21b7de23ff79ac167ebabd54e20dcb07f03f0efc
Ubuntu Security Notice USN-6080-1
Posted May 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6080-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118, CVE-2023-1513, CVE-2023-20938, CVE-2023-2162, CVE-2023-32269
SHA-256 | 93ed89539e4f6a0904390e085d7eac73b19389661a8b7ebc0e5c39f0a474ec7a
Ubuntu Security Notice USN-6079-1
Posted May 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6079-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-36280, CVE-2022-3707, CVE-2022-4129, CVE-2022-4842, CVE-2022-48423, CVE-2022-48424, CVE-2023-0210, CVE-2023-0394, CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075
SHA-256 | c55226f642efc261a275c77b949560f51ecbee738f4b1ae410a64e9ef5623271
Ubuntu Security Notice USN-6081-1
Posted May 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6081-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0459, CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269
SHA-256 | 42559a1aa2d8343ea6e84d32be754ce75354fbe046e2bd5e07f19747c9361b5a
Ubuntu Security Notice USN-6078-1
Posted May 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6078-1 - Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-1999
SHA-256 | 99fe43716a9a23c0343467babea169fb8c83d3207c94af57936eb6370c7cdfa8
Red Hat Security Advisory 2023-2863-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2863-01 - Ctags is a C programming language indexing and cross-reference tool.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-4515
SHA-256 | 7c5dd1f850efecf9180e6c73980a44facc4b69ae34c71ce851468ecaa7627010
Red Hat Security Advisory 2023-3067-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3067-01 - AutoTrace is a program for converting bitmaps to vector graphics. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-32323
SHA-256 | dba02147a3c3dce91b68026b5af36362dd56bb3b74d65c5cec898294d2e249ce
Red Hat Security Advisory 2023-3097-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3097-01 - The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Issues addressed include memory leak and out of bounds read vulnerabilities.

tags | advisory, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2023-25563, CVE-2023-25564, CVE-2023-25565, CVE-2023-25566, CVE-2023-25567
SHA-256 | 847c8312f217e99ed415b61db0699adeda1300a006d99e9eddf28f3508c0c38d
Red Hat Security Advisory 2023-2883-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2883-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-3627, CVE-2022-3970
SHA-256 | 1b33341c642038f685d139887402dfeb46b7deede844f84926a28fb40efc7579
Red Hat Security Advisory 2023-2948-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2948-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include an insecure handling vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-41973
SHA-256 | 0fb27ffbbbfb86c99eb7e715c0678e8fbb649e90ca20fedf5e4a409012e16a35
Red Hat Security Advisory 2023-2870-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2870-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include an information leakage vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2022-41859, CVE-2022-41860, CVE-2022-41861
SHA-256 | 5dcd0c4bb0f4f10348c30f906552cb4dad4cb220a143873adf3775eaf4415af8
Red Hat Security Advisory 2023-3082-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3082-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-27530, CVE-2023-27539
SHA-256 | a920e9ff3f0c42d4782888059daf662dae368004217af1cf8daec6934f0e037b
Red Hat Security Advisory 2023-2834-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-32886, CVE-2022-32888, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-42826, CVE-2022-42852, CVE-2022-42863, CVE-2022-42867, CVE-2022-46691, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699
SHA-256 | 6a679e9dc0d3212115b238f42e43baea6a5e8542be4f1c84823386414d8836cb
Red Hat Security Advisory 2023-2792-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2792-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2022-2795, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924
SHA-256 | 50c83c451bb40556edd3e4cf24d8c488c12b1f5a3da18c7b2f4a812f7642130c
Red Hat Security Advisory 2023-2963-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2963-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include file download and use-after-free vulnerabilities.

tags | advisory, web, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2022-35252, CVE-2022-43552
SHA-256 | 006feb222afe5b1a95cbfec0de94409663f53491d7e4f71e806fdb198dcc2aea
Red Hat Security Advisory 2023-2802-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2022-1705, CVE-2022-1962, CVE-2022-27664, CVE-2022-28131, CVE-2022-2989, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189, CVE-2022-41717, CVE-2023-0778
SHA-256 | e47c4f8b21275ef5c2cc58d0d337046d3976f3de650141265c4f04536b01624e
Red Hat Security Advisory 2023-2867-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2867-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 66ff1eb7b433ae2b436f4b465d0883283cfb57b801d546cf7ad83b07feda0618
Red Hat Security Advisory 2023-2771-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2771-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-3204
SHA-256 | 07ee66e6a1ef1500e2da6d2433b6fc0d689987b652a25cc7a612e57f1c40b15d
Red Hat Security Advisory 2023-2851-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2851-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, remote, overflow, vulnerability, protocol
systems | linux, redhat, windows
advisories | CVE-2022-39282, CVE-2022-39283, CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347, CVE-2022-41877
SHA-256 | f0379894be6666fb53be81f0b55090e4710e35af72a8be9b1039e7b2dbfe5ce8
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close