what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 618 RSS Feed

Files Date: 2024-08-01 to 2024-08-31

Google Chrome V8 Type Confusion
Posted Aug 30, 2024
Authored by mistymntncop, buptsb | Site github.com

Google Chrome versions prior to 125.0.6422.112 V8 type confusion proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2024-5274
SHA-256 | 788ea39c0477eb3c46d9338780f690985742a96415f3fd4f64358b8315057dfa
Cacti Arbitrary File Write / Remote Code Execution
Posted Aug 30, 2024
Authored by StopThatTalace | Site github.com

Cacti versions prior to 1.2.27 suffer from an arbitrary file write vulnerability that allows for remote code execution.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2024-25641
SHA-256 | 80820ebe13be856fb0d05567e282846937b66d01888688fa767e21ec96a41b52
GNUnet P2P Framework 0.22.0
Posted Aug 30, 2024
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: New logging API to print/parse hex bytes. Added RFC9180 HPKE and associated KEMs. Replaced oneshot PKE and KEM APIs with HPKE. New Elligator KEM. Namestore API allows multiple records to be inserted in a single transaction. New ECDH API that uses KDFs instead of hash. Renamed GNUNET_CRYPTO_hkdf to GNUNET_CRYPTO_hkdf_gnunet. Added new standard SHA256-based HKDF APIs. New hostlist bootstrap domain.
tags | tool, web, udp, tcp, peer2peer
SHA-256 | 3263e6bd50751dadccfae19ff8c3d5cd91022890218bd95f0dd6aae993ea8926
Debian Security Advisory 5761-1
Posted Aug 30, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5761-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
SHA-256 | b688330f4468b4808fd77edb3135ca2d428c6005bd049af00064e8aeef66f188
Debian Security Advisory 5760-1
Posted Aug 30, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5760-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2024-29506, CVE-2024-29507, CVE-2024-29508, CVE-2024-29509
SHA-256 | dd9d422dae718c0b789d54196b65433ebecfb376f5e7c28d295903bcf097a6ff
Water Billing Management System 1.0 Cross Site Request Forgery / File Upload
Posted Aug 30, 2024
Authored by indoushka

Water Billing Management System version 1.0 suffers from a cross site request forgery that enables an arbitrary file upload.

tags | exploit, arbitrary, file upload, csrf
SHA-256 | b2b6b9ccd306227cb678af1bbff8e4fca60932e849a1f798914a7c8e6a43a1de
Red Hat Security Advisory 2024-6054-03
Posted Aug 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-6054-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes security and bug fixes. Issues addressed include deserialization and memory exhaustion vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2024-3727
SHA-256 | f260f41722b9252174fb9e0e3db069e7bd52f2cfe783948bba934157544c9d65
Webpay E-Commerce 1.0 Directory Traversal
Posted Aug 30, 2024
Authored by indoushka

Webpay E-Commerce version 1.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 95d09ce8c5598b697d3b00aaac726a002f69525139a53abe89bf0d0c71fcfd96
Red Hat Security Advisory 2024-6044-03
Posted Aug 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-6044-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-25883
SHA-256 | 71e8d9d2404770982066ef6b149539318f218b5e1a8838dfd1904fbc4ab0e065
SPIP 4.2.6 Code Execution
Posted Aug 30, 2024
Authored by indoushka

SPIP version 4.2.6 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | b55ee69cff2b52a3928d68025095257d9298d4424c268e0674f9dc31d0398866
WordPress GetYourGuide Ticketing 1.0.6 Cross Site Scripting
Posted Aug 30, 2024
Authored by indoushka

WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dcd22c45ffe7169dcb5e713498bc6fad3ab5097f2e800f6255a9b1b944a8c7ac
WordPress SeatReg 1.54.0 Open Redirection
Posted Aug 30, 2024
Authored by indoushka

WordPress SeatReg plugin version 1.54.0 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | d3f2de26873d9182b6ab45239143b8dc520934d272e05f0be3d919904dab860a
WordPress WP Event Manager 3.1.44 Cross Site Scripting
Posted Aug 30, 2024
Authored by indoushka

WordPress WP Event Manager plugin version 3.1.44 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 84a90a0eb3f40dda41212275dcb4ece9cd5dfc794dab04f6cf1e99ecbb9d523d
pgAdmin 8.4 Remote Code Execution
Posted Aug 29, 2024
Authored by M.Selim Karahan, Ayoub Mokhtar, Mustafa Mutlu | Site metasploit.com

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2024-3116
SHA-256 | 63ed0fcb6853adbac916564a39cabd9a37b97dc0119ebfdac97ec042356d36e4
WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution
Posted Aug 29, 2024
Authored by Julien Ahrens, Valentin Lobstein, EQSTSeminar, Villu Orav | Site metasploit.com

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2024-5932
SHA-256 | e3b0f075dd3c67bb401766241b1a40088cf8f52a33b79fe6c2ea5b667c1296f2
vTiger CRM 7.4.0 Cross Site Scripting
Posted Aug 29, 2024
Authored by Marco Nappi

vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-44777, CVE-2024-44778, CVE-2024-44779
SHA-256 | d9025e02ef6a363801fc7c5e851c41ef9b220bc58ddf23135770c3a709cde894
vTiger CRM 7.4.0 Open Redirection
Posted Aug 29, 2024
Authored by Marco Nappi

An open redirection vulnerability in the page parameter of vTiger CRM version 7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.

tags | advisory
advisories | CVE-2024-44776
SHA-256 | 1ad0cb6785fe9f19ed8c5597cdd0806bba847585167c6c70c31e675249f0513e
Wireshark Analyzer 4.4.0
Posted Aug 29, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 4.4.0 is the new stable release of Wireshark.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | ead5cdcc08529a2e7ce291e01defc3b0f8831ba24c938db0762b1ebc59c71269
Faraday 5.6.1
Posted Aug 29, 2024
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Resolved an issue with filtering by Custom Attributes.
tags | tool, rootkit
systems | unix
SHA-256 | b7c200cda1471eef944b3d0fbe277b9ef6fc68f020c51665a6df168efbced035
Microsoft Windows IPv6 CVE-2024-38063 Checker / Denial Of Service
Posted Aug 29, 2024
Authored by Photubias

Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.

tags | exploit, denial of service, proof of concept, python
systems | windows
advisories | CVE-2024-38063
SHA-256 | 04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185a
Gitea 1.22.0 Cross Site Scripting
Posted Aug 29, 2024
Authored by Catalin Iovita, Alexandru Postolache

Gitea version 1.22.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-6886
SHA-256 | 679d63e8928338a2795080c2e8acf6c63870fd815e5470dd05c9c71ca4c12184
Notemark 0.13.0 Cross Site Scripting
Posted Aug 29, 2024
Authored by Alessio Romano

Notemark versions 0.13.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-41819
SHA-256 | 5412263751c127d8cb7add8025ce80555d79296e588f9ff7d5b2a2c6c1a17c8a
Ubuntu Security Notice USN-6972-4
Posted Aug 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6972-4 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-52470, CVE-2023-52760, CVE-2023-52806, CVE-2024-22099, CVE-2024-24860, CVE-2024-26600, CVE-2024-26654, CVE-2024-35835, CVE-2024-36901, CVE-2024-36940, CVE-2024-39292
SHA-256 | d6b50c131f18f6b9b7c0f2300ad92a70f2206c0991d489417cdd16254ef44e85
Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference
Posted Aug 29, 2024
Authored by indoushka

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 0abd7e5d887d9e2204c565886d418ad0656b2616bb80e508761e6e23aa8bf66f
SPIP 4.2.5 Code Execution
Posted Aug 29, 2024
Authored by indoushka

SPIP version 4.2.5 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 77218719c0c92a7eedc2d716ea5ddbdf673525e68dd101d544452cbe514d03dc
Page 1 of 25
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close