exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2024-03-04

Ubuntu Security Notice USN-6673-1
Posted Mar 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.

tags | advisory, remote, denial of service, python
systems | linux, ubuntu
advisories | CVE-2023-50782, CVE-2024-26130
SHA-256 | 01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48a
BoidCMS 2.0.1 Cross Site Scripting
Posted Mar 4, 2024
Authored by Andrey Stoykov

BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.

tags | exploit, vulnerability, xss
SHA-256 | 399c7d150c74e14ff960b4352508c5f4a2a59bf2bfe1f4f390b71685d91640df
Gentoo Linux Security Advisory 202403-03
Posted Mar 4, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202403-3 - Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. Versions greater than or equal to 5.4.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2022-31116, CVE-2022-31117
SHA-256 | 00915f50ef9b76b7d10b556e97fcc528b7fe7c290fe78c3cfb37d95977815baf
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation
Posted Mar 4, 2024
Authored by Shahnawaz Shaikh

TP-Link JetStream Smart Switch TL-SG2210P version 5.0 build 20211201 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2023-43318
SHA-256 | 6bfec71761c0da72ef8e4e51471259390ab76ae5197777d2c08b7f660b7984e5
Gentoo Linux Security Advisory 202403-02
Posted Mar 4, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202403-2 - Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 3.1.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-0544, CVE-2022-0545, CVE-2022-0546
SHA-256 | c0f4d0afcf31837770fe0ca7efbef959899e3c31bd4d82b12dfdc8634700ecdc
Wallos Shell Upload
Posted Mar 4, 2024
Authored by sML

Wallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 77ba729fac9fbd6e562f329a83458d57ae71f13aaf4f55db7da1328097365d1a
Gentoo Linux Security Advisory 202403-01
Posted Mar 4, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-44847
SHA-256 | bd25f2b467d833795026292ee1d9110cf019aaca57398e04f9425d2375388e5f
Petrol Pump Management System 1.0 Shell Upload
Posted Mar 4, 2024
Authored by Shubham Pandey

Petrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.

tags | exploit, remote, shell
advisories | CVE-2024-27747
SHA-256 | 0f0040501420a8f8ddd6c7f12a7f7140cff7687749ef9d7f7d32928b820114f8
Petrol Pump Management Software 1.0 SQL Injection
Posted Mar 4, 2024
Authored by Shubham Pandey

Petrol Pump Management Software version 1.0 suffers from a remote SQL injectionvulnerability.

tags | exploit, remote, sql injection
SHA-256 | 51abe5321193658e358ef6153227465b3009062f89a267703a6584db36a564df
Petrol Pump Management Software 1.0 Cross Site Scripting
Posted Mar 4, 2024
Authored by Shubham Pandey

Petrol Pump Management Software version 1.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-27743, CVE-2024-27744
SHA-256 | 527eeaf50e15d94715035ef458538033c4f5eff926cb533e157dbed8bed874f5
Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware
Posted Mar 4, 2024
Authored by Raheem Beyah, Ryan Pickren, Tohid Shekari, Saman Zonouz

This is an interesting whitepaper called Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware. The authors present a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies.

tags | paper, web
SHA-256 | 741326e4fbc51ab41e106a049572fa380ad7b01037f9e364be260067feb5194b
Easywall 0.3.1 Remote Command Execution
Posted Mar 4, 2024
Authored by Melvin Mejia

Easywall version 0.3.1 suffers from an authenticated remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 02674567c5d503f91e947ba06aece45751ee04aeffe5b6edc3dfffb994976693
Ubuntu Security Notice USN-6672-1
Posted Mar 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23919, CVE-2023-23920, CVE-2023-2650
SHA-256 | fa597d50e9f8b5bd302a8783ff6dbb02dfd40c5672ca6442aff828f6a586c095
GL.iNet AR300M 3.216 Remote Code Execution
Posted Mar 4, 2024
Authored by Michele Di Bonaventura

GL.iNet AR300M versions 3.216 and below suffer from an OpenVPN client related remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-46456
SHA-256 | 0bc765cb78e3663fd69f067daec79c26a082e75d184e6d211c3b136d90337022
GL.iNet AR300M 4.3.7 Remote Code Execution
Posted Mar 4, 2024
Authored by Michele Di Bonaventura

GL.iNet AR300M versions 4.3.7 and below suffer from an OpenVPN client related remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-46454
SHA-256 | 9270490cd001ef107453c4f557a02b7ca323b54f6f7cbe828cf79a16dc19810e
GL.iNet AR300M 4.3.7 Arbitrary File Write
Posted Mar 4, 2024
Authored by Michele Di Bonaventura

GL.iNet AR300M versions 4.3.7 and below suffer from an arbitrary file writing vulnerability.

tags | exploit, arbitrary
advisories | CVE-2023-46455
SHA-256 | e817323e271309d595fea12a346185c0f2533237f054e543a5166f1f7881c859
Ubuntu Security Notice USN-6669-1
Posted Mar 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6669-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-0741, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0755, CVE-2024-1546, CVE-2024-1547, CVE-2024-1549, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
SHA-256 | 63ee0e6f83b4e9f77d873f79cf50c1f02a046461e6ad8e93392c9da32d118bfc
SumatraPDF 3.5.2 DLL Hijacking
Posted Mar 4, 2024
Authored by Krishna Vamshi Katta Rokkaiah

SumatraPDF version 3.5.2 suffers from a DLL hijacking vulnerability using CRYPTBASE.DLL. DLL hijacking in this version was already discovered by Ravishanka Silva in February of 2024 but the findings did not include this DLL.

tags | exploit
systems | windows
advisories | CVE-2024-25884
SHA-256 | b54fc4aa8aa9cd1b68c0fee0e8f8f071f44a503ec283e0947fb0c29cce53475a
Employee Management System 1.0-2024 SQL Injection
Posted Mar 4, 2024
Authored by nu11secur1ty

Employee Management System version 1.0-2024 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

tags | exploit, remote, sql injection
SHA-256 | 01f9a437e502773164c42d18db293d6d010978a568703d9945cb9bfe002238b5
TPC-110W Missing Authentication
Posted Mar 4, 2024
Authored by Amirhossein Bahramizadeh

TPC-110W suffers from a missing authentication vulnerability.

tags | exploit
SHA-256 | a465de4bea0a0f0a26e4a6e310952a40f118cba393cb00abfccd1bb894d688f8
Boss Mini 1.4.0 Local File Inclusion
Posted Mar 4, 2024
Authored by nltt0

Boss Mini version 1.4.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2023-3643
SHA-256 | fd1ebe20ccdc11bd1897608c2ab131c580b9a7fdc758f3d4c292f49e3840ee1b
Multilaser RE160 Cookie Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through cookie manipulation.

tags | exploit, bypass
advisories | CVE-2023-38946
SHA-256 | ba0ed12285ef51b34ae0d6988481e8d4fc6959295d9775d1e956a211d68153e0
Multilaser RE160V / RE160 URL Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160V web management interface versions 12.03.01.08_pt and 12.03.01.09_pt along with RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through URL manipulation.

tags | exploit, web, bypass
advisories | CVE-2023-38945
SHA-256 | e1156731f7c82aa391ee5895789afc5a989d3554ac5a410747604791d0f5fdcc
Multilaser RE160V Header Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160V web management interface versions 12.03.01.09_pt and 12.03.01.10_pt suffer from an access control bypass vulnerability through header manipulation.

tags | exploit, web, bypass
advisories | CVE-2023-38944
SHA-256 | c6cf3a65cbce62dca49ea866ac9a7ace5aa59a5dad1fb6abba12d3e96e453625
A-PDF All To MP3 Converter 2.0.0 Overflow
Posted Mar 4, 2024
Authored by George Washington

A-PDF All to MP3 Converter version 2.0.0 overflow exploit with DEP Bypass with HeapCreate + HeapAlloc + some_memory_copy_function ROP chain.

tags | exploit, overflow
SHA-256 | 3c931f40a432f8d268a05e73fd1bde4398f9391c878c54188ea6c0121b2ebc59
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close