what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2024-07-31

OpenMediaVault rpc.php Authenticated Cron Remote Code Execution
Posted Jul 31, 2024
Authored by Brandon Perry, h00die-gr3y | Site metasploit.com

OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.

tags | exploit, arbitrary, root, php
advisories | CVE-2013-3632
SHA-256 | 977b68b131bff0d949e6b913d2598f3af7e54c6447c2599729d421f769bac029
Readymade Real Estate Script SQL Injection / Cross Site Scripting
Posted Jul 31, 2024
Authored by OoN_Boy

Readymade Real Estate Script suffers from remote blind SQL injection and cross site scripting vulnerabilities. This was last validated on the build available as of July 12, 2024.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 69386793e89cd8dd66c1d690fdd8aaaa1e52413aa12dedc645d9ef84ac9279a6
Ubuntu Security Notice USN-6934-1
Posted Jul 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6934-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2024-20996, CVE-2024-21130, CVE-2024-21163, CVE-2024-21177
SHA-256 | 8e19ddfa7b465f3b22bb3e9d4a490937544b8838c05cfd5ad6de902d90a2f085
Ubuntu Security Notice USN-6932-1
Posted Jul 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE-2024-21147
SHA-256 | 92b1bafe6e5d4ee4b322aaab6a609d8615a3bfbb3a543f0940ed55bcc0c2a5b5
Ubuntu Security Notice USN-6931-1
Posted Jul 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145, CVE-2024-21147
SHA-256 | b3e5f81d7594d4e27286cdf314c3ba39afa280b68b40db8274bd9a6fb236d9a4
Ubuntu Security Notice USN-6930-1
Posted Jul 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-2024-21145, CVE-2024-21147
SHA-256 | 64ed7468d6981b59402fc69e4b058670397d166eba644ba4e17b84199bc55681
AMPLE BILLS 1.0 Cross Site Scripting
Posted Jul 31, 2024
Authored by indoushka

AMPLE BILLS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5058deb5a1cc69ff116aa38a8a8e12d52904972c6285fe8c8a0fcc30aabf4c26
Ubuntu Security Notice USN-6929-1
Posted Jul 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6929-1 - It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 8 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-2024-21145, CVE-2024-21147
SHA-256 | f4e9c4f3c7e69bd458944b9f132afa2f82f2fb0cc5990844424b460d546df0bd
Aero CMS 0.0.1 Cross Site Request Forgery
Posted Jul 31, 2024
Authored by indoushka

Aero CMS version 0.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | d177460484605e92448747eb5276d4dbc65842e8466efab16cfdeff8b9e1e531
Ubuntu Security Notice USN-6928-1
Posted Jul 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6928-1 - It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered "private" or "globally reachable". This could possibly result in applications applying incorrect security policies.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2024-0397, CVE-2024-4032
SHA-256 | 6348aa6c803c2cb2243ee6f79a4a4964ae3836831f2a5635d54e6852bb5e11d9
SchoolPlus LMS 1.0 SQL Injection
Posted Jul 31, 2024
Authored by indoushka

SchoolPlus LMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 22013989000d479ea07e76db9eff79fd7621f97874918eb37a3342e24fbd35df
AccPack Khanepani 1.0 Insecure Direct Object Reference
Posted Jul 31, 2024
Authored by indoushka

AccPack Khanepani version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 760d2e5184238b42e8f1ba299d632f9a683af578d5af3fd433dd135eb0ceb06b
Red Hat Security Advisory 2024-4938-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4938-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-38474
SHA-256 | d452de2aa6e75076d2f3e8721c8b90b0bf1571959bdebabac8478415e805eb13
Red Hat Security Advisory 2024-4937-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4937-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-30156
SHA-256 | 4c2604fdae44be754d8a0513c7e63395b67fbfe9f90be45ce51de9fb3da3e457
Red Hat Security Advisory 2024-4936-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4936-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-3596
SHA-256 | e6d2c41175a0acd5861cc6a0c8176462281813df777cca58381e3fac1b9650a3
Red Hat Security Advisory 2024-4935-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4935-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-3596
SHA-256 | 2532e6dcb2d4da08b107649950751c606f734cf85dd66630e015ec8b37417713
Red Hat Security Advisory 2024-4934-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4934-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 12fb5d6e5d2cdec776f8c371f3506e5c0f6387296d6267bb3de1a9c532930402
Red Hat Security Advisory 2024-4933-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4933-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 55a61d1ba52b8b71b73acd02d2c990f7576342720ed726606929af825dd44ed1
AccPack Cop 1.0 SQL Injection
Posted Jul 31, 2024
Authored by indoushka

AccPack Cop version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | a27d6ecbb685d624f010c47638973a78a91c45496e0c3d8256ad20eeb76f2222
Red Hat Security Advisory 2024-4928-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4928-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include a null pointer vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-47459
SHA-256 | d85c1911157700d246f802349435694ee3fd873de2f76eb6b9c87f5544c9f2fe
Red Hat Security Advisory 2024-4922-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4922-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 96baa5beae39a868e494284fbcfeb38307eb17a3a70b7bcfa63f53577cdc2dc6
Red Hat Security Advisory 2024-4913-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4913-03 - An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-3596
SHA-256 | 8b38e606db35992e5ab109b5e7053084677124debd879c04f500e3f14ad132c8
Red Hat Security Advisory 2024-4912-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4912-03 - An update for freeradius is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-3596
SHA-256 | ddcfed84eceadbd19ceaf0a618b0d733d7ecb7c7ed690c29be91bc5ade7697f7
AccPack Buzz 1.0 Arbitrary File Upload
Posted Jul 31, 2024
Authored by indoushka

AccPack Buzz version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 26ba3578925635eec579c27afdcf5dfe641d09db3c89b0df1e695a98b9056176
Red Hat Security Advisory 2024-4911-03
Posted Jul 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4911-03 - An update for freeradius is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-3596
SHA-256 | 5686026f5780c87171eee9bd7ea8374d174b7ae8b314289fb9dac9e8ad1d9885
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close