what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2023-10-09

Ubuntu Security Notice USN-6421-1
Posted Oct 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6421-1 - It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-3341
SHA-256 | 16de65c7aa51273ab7badf3eb25eb0e019362a758426776599b21be001099910
Ubuntu Security Notice USN-6420-1
Posted Oct 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6420-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-3234, CVE-2022-3256, CVE-2022-3297, CVE-2022-3324, CVE-2022-3491, CVE-2022-3520, CVE-2022-3591, CVE-2022-3705, CVE-2022-4293
SHA-256 | 19c540acc5fd7d8746f07b092b83ebdd2213c5c327acab8774789ac8cbc44831
Gentoo Linux Security Advisory 202310-09
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-9 - Multiple vulnerabilities have been discovered in c-ares the worst of which could result in Denial of Service. Versions greater than or equal to 1.19.1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
SHA-256 | dba467e1cac9309374c23a8d2f24d647cbf257865cdcc88db8600f113e7af9c7
Gentoo Linux Security Advisory 202310-08
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-8 - A root privilege escalation through setuid executable and cron job has been discovered in man-db. Versions greater than or equal to 2.8.5 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2018-25078
SHA-256 | e4aabe866e1c6ec648f354ecbe47520ee91be112fc27b1f17b9e4e613a3bc3ab
Gentoo Linux Security Advisory 202310-07
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-7 - Multiple vulnerabilities have been discovered in VirtualBox, leading to compromise of VirtualBox. Versions greater than or equal to 7.0.6 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2023-21884, CVE-2023-21885, CVE-2023-21886, CVE-2023-21889, CVE-2023-21898, CVE-2023-21899
SHA-256 | 6f07aa54ccb53955aad4a9ce1685618ec85d82ad34574be40610e01e5006b879
Gentoo Linux Security Advisory 202310-06
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-14870, CVE-2021-44758, CVE-2022-3437, CVE-2022-3671, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640, CVE-2022-44758, CVE-2022-45142
SHA-256 | 27611271da9764cfeb6bf4345cc8b0a457073005b818ba42fe2a3f1b4b278d83
Gentoo Linux Security Advisory 202310-05
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-5 - A vulnerability has been found in dav1d which could result in denial of service. Versions greater than or equal to 1.2.0 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2023-32570
SHA-256 | 15db8575893577faba1443afe44bf9503964d5dac132c98026322f40f9dd86cf
Debian Security Advisory 5519-1
Posted Oct 9, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5519-1 - Maxim Suhanov discovered multiple vulnerabilities in GURB2's code to handle NTFS filesystems, which may result in a Secure Boot bypass.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2023-4692, CVE-2023-4693
SHA-256 | 69c6c2e6aac12f53f91896003b4bf1c34f93099bdaab89e3995c3c1a344d85ba
Kibana Prototype Pollution / Remote Code Execution
Posted Oct 9, 2023
Authored by h00die, Alex Brasetvik | Site metasploit.com

Kibana versions prior to 7.6.3 suffer from a prototype pollution bug within the Upgrade Assistant. By setting a new constructor.prototype.sourceURL value you can execute arbitrary code. Code execution is possible through two different ways. Either by sending data directly to Elastic, or using Kibana to submit the same queries. Either method enters the polluted prototype for Kibana to read. Kibana will either need to be restarted, or collection happens (unknown time) for the payload to execute. Once it does, cleanup must delete the .kibana_1 index for Kibana to restart successfully. Once a callback does occur, cleanup will happen allowing Kibana to be successfully restarted on next attempt.

tags | exploit, arbitrary, code execution
SHA-256 | 7b00b8eea8f510a8a337e334be1bacd682e8cb1dc1f59ad886193ba45fa3094d
Botan C++ Crypto Algorithms Library 3.2.0
Posted Oct 9, 2023
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Added support for post-quantum secure key exchange in TLS 1.3. Added support for TLS PSK. Added a first class interface for XOFs. Added KMAC from NIST SP 800-185. Added cSHAKE XOF. Added improved APIs for key encapsulation. Many other updates, fixes, and improvements listed in the release notes.
tags | library
SHA-256 | 049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3
Simple Packet Sender 5.0
Posted Oct 9, 2023
Authored by Hohlraum | Site sites.google.com

Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.

Changes: Dozens of updates as this is the first release since 2015.
tags | tool, udp, scanner, tcp
systems | linux, unix
SHA-256 | 27655eb9a3a11f0253a3989eedbe5dd12a1cb92bbb5594ec4c58e5663a454db3
eClass Junior 4.0 SQL Injection
Posted Oct 9, 2023
Authored by indoushka

eClass Junior version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fe25bf20628b95e728482b08a8d3f9ce6bd4e732844de33554a5951468322a2a
eClass IP 2.5 SQL Injection
Posted Oct 9, 2023
Authored by indoushka

eClass IP version 2.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b711babfc66671ea5103fe26d521747c60621f2c26be69bc9fb4ef7463b6da31
Chicv Management System Login 4.5.6 Insecure Direct Object Reference
Posted Oct 9, 2023
Authored by indoushka

Chicv Management System Login version 4.5.6 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | a1f22b058663bc8da61360fc44754976f6b505a75676b87d6ab966e195c4f96c
Aicte India LMS 3.0 Cross Site Scripting
Posted Oct 9, 2023
Authored by indoushka

Aicte India LMS version 3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d6bdd519cdbf391aa1f466dbf921113b4bbdfc1dadd6a058a7f32ab5384d6235
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close