what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 305 RSS Feed

Files Date: 2023-12-01 to 2023-12-31

Apache OFBiz 18.12.09 Remote Code Execution
Posted Dec 29, 2023
Authored by Jacques Leroux

Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-49070
SHA-256 | eb4458f535e94d51c6b4bf1779dd9da7aa903e2ad0a85e32eb0811983d7d8aaa
Debian Security Advisory 5591-1
Posted Dec 28, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5591-1 - Several vulnerabilities were discovered in libssh, a tiny C SSH library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2023-48795, CVE-2023-6004, CVE-2023-6918
SHA-256 | f815049b2837197686b4875cddb418f75a8e54d47afc59fdafc4741b2b0cb015
Debian Security Advisory 5590-1
Posted Dec 28, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5590-1 - Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling or information disclosure.

tags | advisory, web, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2023-40225, CVE-2023-45539
SHA-256 | a26862fd9c15261a0556762eeff6b4507c638df9bea58642fe40caded089f310
Gentoo Linux Security Advisory 202312-16
Posted Dec 28, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-16 - Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to code execution. Versions greater than or equal to 0.10.6 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-48795, CVE-2023-6004
SHA-256 | 475da9d4074fee95dd103c9e4072c2a5bae6c16622c02660f94da00f23ad5f16
Gentoo Linux Security Advisory 202312-17
Posted Dec 28, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-17 - Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution. Versions greater than or equal to 9.6_p1 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-48795, CVE-2023-51385
SHA-256 | ba995f8d24608fff3aaab0d0ad90892e7d28d73639eaace76ba4733a544b788c
Debian Security Advisory 5589-1
Posted Dec 28, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559, CVE-2023-38552, CVE-2023-39333
SHA-256 | 99cc458c7d37e5ed3bbb9cd1ecafd2849b5c2bd6325b06e8297be7edef82db88
Microsoft Windows PowerShell Code Execution / Event Log Bypass
Posted Dec 28, 2023
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.

tags | exploit, arbitrary, code execution
systems | windows
SHA-256 | 135e14fd69533eeb6ad57b35ae864360f36364f43f82818935023a4f7ee929ca
Lot Reservation Management System 1.0 Shell Upload
Posted Dec 28, 2023
Authored by Elijah Mandila Syoyi

Lot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e412e93388798209ade400aff41a77ff351847f86f63f4e81db78a35ca5ddef3
Lot Reservation Management System 1.0 File Disclosure
Posted Dec 28, 2023
Authored by Elijah Mandila Syoyi

Lot Reservation Management System version 1.0 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | bf774e0f7e0060a8015abbc023b9dab676d3d7e67b08feb98176fcc69b64b2b2
WhatACart 2.0.7 Cross Site Scripting
Posted Dec 27, 2023
Authored by tmrswrr

WhatACart version 2.0.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c17cc364b4eb7461dafb8d263042b8f90e6b4194e4c0b4ddd1f2d5702491ef84
Gentoo Linux Security Advisory 202312-15
Posted Dec 27, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | 40da540c38bd337ca3d0a368d288902ef88dd450d5f78bccef5cef2ef2758381
ShopSite 14.0 Cross Site Scripting
Posted Dec 26, 2023
Authored by tmrswrr

ShopSite version 14.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f34fa6a72905f01bb41aaa658d65a5fcc525f2bfd0fd6925a5b8b8f32fc69080
FreeSWITCH 1.10.10 Denial Of Service
Posted Dec 26, 2023
Authored by Sandro Gauci | Site enablesecurity.com

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

tags | exploit, denial of service, protocol
advisories | CVE-2023-51443
SHA-256 | 42111d854609afb4221ff75af6db4e27c366baa1bf5886242bf637a8ab822f76
Debian Security Advisory 5588-1
Posted Dec 26, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5588-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2021-36367, CVE-2023-48795
SHA-256 | 7af4170ad4031fd3d2a9ee78c01336ac9376c0590df4e88dd4e5550f0258ed24
Debian Security Advisory 5587-1
Posted Dec 26, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5587-1 - Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk.

tags | advisory
systems | linux, debian
advisories | CVE-2023-46218, CVE-2023-46219
SHA-256 | ee8b5da3ccedc4ad611c77989a7b82094859da7f9354c5d153f42704a855a11a
Gentoo Linux Security Advisory 202312-14
Posted Dec 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-33815, CVE-2021-38171, CVE-2021-38291, CVE-2022-1475, CVE-2022-3964, CVE-2022-3965, CVE-2022-48434
SHA-256 | 0922bfbde257cc0b18058668376d2cab6f85025fca60b1954a14670568bf0216
Gentoo Linux Security Advisory 202312-13
Posted Dec 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-13 - Multiple vulnerabilities have been discovered in Gitea, the worst of which could result in information leakage. Versions greater than or equal to 1.20.6 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2023-3515
SHA-256 | 5a6fbc4b9762dddb1dc427ba9447ed15f97e4c9557de3f0888ae48ae8e114088
Gentoo Linux Security Advisory 202312-12
Posted Dec 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-12 - Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. Versions greater than or equal to 1.14.4 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2021-21381, CVE-2021-41133, CVE-2021-43860, CVE-2022-21682, CVE-2023-28100, CVE-2023-28101
SHA-256 | 3018a3aaac2e8e504bce240edb2f33466f227c0b15ee1ce0adb6bbddcdceb2ca
Gentoo Linux Security Advisory 202312-11
Posted Dec 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-11 - A vulnerability has been found in SABnzbd which allows for remote code execution. Versions greater than or equal to 4.0.2 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2023-34237
SHA-256 | 414698e4e9ba87a0138f321143a42ff3dd88e6bf81dd242518d6c09de60a3092
Gentoo Linux Security Advisory 202312-10
Posted Dec 26, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-10 - A vulnerability has been found in Ceph which can lead to root privilege escalation. Versions greater than or equal to 17.2.6 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2022-3650
SHA-256 | daf313bfa471e6c911b744215f7deaf8540dd85955b1584a4642d7487964ba48
Craft CMS 4.4.14 Remote Code Execution
Posted Dec 22, 2023
Authored by h00die-gr3y, chybeta, Thanh | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14.

tags | exploit, remote, code execution
advisories | CVE-2023-41892
SHA-256 | 09b5c0daee44baa94e38827531c7e5e3a16030ad3bd658700d439138930a1243
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
Posted Dec 22, 2023
Authored by Louise Ng, Chris Chan

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection, file upload
advisories | CVE-2020-26627, CVE-2020-26628, CVE-2020-26629, CVE-2020-26630
SHA-256 | 4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9
GilaCMS 1.15.4 SQL Injection
Posted Dec 22, 2023
Authored by Louise Ng, Chris Chan

GilaCMS versions 1.15.4 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-26623, CVE-2020-26624, CVE-2020-26625
SHA-256 | 73c5a34456c9dc83524cdea6fd790c6eac1c9f507a29917a6b2476535df6f2a6
Gentoo Linux Security Advisory 202312-09
Posted Dec 22, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-9 - Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.16.01 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-8343, CVE-2020-21528, CVE-2022-44370
SHA-256 | 6c8abaff0e71ae8e95b4a8c44f57bcad513a93fc3d2495d0c5507fb13359884d
Gentoo Linux Security Advisory 202312-08
Posted Dec 22, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-8 - A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash. Versions greater than or equal to 0.21.1-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2023-1729
SHA-256 | 06e868d02c6df3bd10c1a22492d4d300885f803e0ee7c3135a6df46242f5ad36
Page 1 of 13
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close