what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2023-07-25

Ubuntu Security Notice USN-6243-1
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6243-1 - It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information.

tags | advisory, remote, web, xss
systems | linux, ubuntu
advisories | CVE-2017-18638, CVE-2022-4729, CVE-2022-4730
SHA-256 | 1d0995a05bfb6ad2fa8ac23ac764746cf96df2b01811ed35e84375f6e0de6041
WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution
Posted Jul 25, 2023
Authored by h00die-gr3y, Mateus Machado Tesser | Site metasploit.com

WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.

tags | exploit, remote, web, php, code execution
advisories | CVE-2023-2068
SHA-256 | 70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403
WordPress WP Brutal AI Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress WP Brutal AI plugin versions prior to 2.0.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-2605
SHA-256 | 9b902c28a8a46ad41c167f3df132b5da7347a25965fce41179a3b9b17e208354
Ubuntu Security Notice USN-6242-1
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-38408
SHA-256 | fdcfbae1f5c8e13e234b05f8f69b7089d4be15d583f61718c883176d63f0c044
WordPress WP Brutal AI Cross Site Request Forgery / SQL Injection
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress WP Brutal AI plugin versions prior to 2.0.0 suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2023-2601
SHA-256 | ad3eae1b3379d903bddc81a19b2f208837108120f8db3f5bd63cada77306823c
WordPress SEO Alert 1.59 Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress SEO Alert plugin versions 1.59 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-2225
SHA-256 | 6b08af4e5dc0e4ba5e429a89a19e83daa730dc717623a3e43ee5c244c0eca941
WordPress WP Brutal AI Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress WP Brutal AI plugin versions prior to 2.06 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-2606
SHA-256 | f0fe10550341a549f41e0bbc187064bdd166943b60a5efc5282b037ad1af5e87
WordPress PrePost SEO 3.0 Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress PrePost SEO plugin versions 3.0 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-2029
SHA-256 | c7c3871990b66327a25119c4c7dd8203cea43e79f6436c78fea1d171809dceb9
Ubuntu Security Notice USN-6240-1
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6240-1 - It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-3748
SHA-256 | 23d0c59663a9800c421af882cd089b84e712e688776650fec3d19c573aecaa2c
WordPress Tablesome Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress Tablesome plugin versions prior to 1.0.9 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-1890
SHA-256 | 8d34ca979d3351395c44ea8fcf0d676735c2b2a08d622d02af367591811fd5cf
WordPress Login Rebuilder Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress Login Rebuilder plugin versions prior to 2.8.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-2223
SHA-256 | e4c890bd10b036bc28ddba1b8cd33d4e1e3c00136bc0365e79bfff66d6ce7dd0
WordPress Seo By 10Web Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress Seo By 10Web plugin versions prior to 2.8.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-2224
SHA-256 | 063b994605694ed231a4af358c6208017c3920debf819f30c828810a843b4be3
jSQL Injection 0.90
Posted Jul 25, 2023
Authored by ron190 | Site github.com

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

Changes: Fixed URL encoding during connection test.
tags | tool, scanner, sql injection
systems | linux, unix
SHA-256 | c104d54e5f523941ed7f4f29c4b40ad95b160a268c4a7ed95433316d2c244c60
WordPress Login Configurator 2.1 Cross Site Scripting
Posted Jul 25, 2023
Authored by Taurus Omar

WordPress Login Configurator plugin version 2.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-1893
SHA-256 | e5e253464a546f3e0cfcdbce34ae6cc91a22cf463dad24650461e839cfe11b27
Google Chrome 115.0.5790.102 Memory Corruption
Posted Jul 25, 2023
Authored by Jean Pereira

Google Chrome version 115.0.5790.102 WebGPU use-after-free memory corruption proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 8d8a37ec6a9723c095e854941ee699a99d052bf1885ef10eb39b13deb719ce3d
Ubuntu Security Notice USN-6203-2
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6203-2 - USN-6203-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 ESM. Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-36053
SHA-256 | b887c1bee14d859a651cafd1f5c9fe0eb9aa2103052f27c21f69c71fa9ba27f3
Joomla VirtueMart Shopping-Cart 4.0.12 Cross Site Scripting
Posted Jul 25, 2023
Authored by CraCkEr

Joomla VirtueMart Shopping-Cart extension version 4.0.12 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9f5ac10afca18a008b7b2f1cdb9b2a76b15a112ae99d53ad00af6dd9e3c4c6ab
Joomla HikaShop 4.7.4 Cross Site Scripting
Posted Jul 25, 2023
Authored by CraCkEr

Joomla HikaShop extension version 4.7.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4a640ebc95c61f7de9b73e8609aacf419c4ada6b11f9acd82eff51a3c9f16fd4
Apple Security Advisory 2023-07-24-1
Posted Jul 25, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2023-38133, CVE-2023-38572, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597, CVE-2023-38600, CVE-2023-38611
SHA-256 | 2b9c86c0981c6cb849514c3a50af9f2290b7101e67e4681c2c882186a7f80d10
Ubuntu Security Notice USN-6241-1
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 660a72fb20d31d9e227a37eb72a70d3cbe73b618e8e1c7d54df8413161c9a724
WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting
Posted Jul 25, 2023
Authored by indoushka

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 13a1ca560e74613eb2d4517f0addb6da665a264ecdfd2a0a3388354bd3480ea9
WordPress Page Builder KingComposer 2.8.1 Cross Site Scripting
Posted Jul 25, 2023
Authored by indoushka

WordPress Page Builder KingComposer plugin version 2.8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 77662abf0776375201ff60f781da8c55a661a3ddfbb935e265a40435e5c6cd90
WordPress Duplicator 3.8.7 Backup Disclosure
Posted Jul 25, 2023
Authored by indoushka

WordPress Duplicator plugin version 3.8.7 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure
SHA-256 | 8f7867098777bfb7d7988fcc7cf6d15c45a7a00aa260411393d341e6ecc3e473
Red Hat Security Advisory 2023-4262-01
Posted Jul 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4262-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1281, CVE-2023-32233
SHA-256 | c2107d44997a315d2fc4dcb96db78c2276e181339b5e26f7e8bea82df6d598cf
Red Hat Security Advisory 2023-4256-01
Posted Jul 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4256-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1281, CVE-2023-32233
SHA-256 | 00264b65a8b6babbd8ab84242cb20a330e5e0d88f344f11ebfdaa64459ccfc7c
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close