what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2024-09-23

Invesalius 3.1.99995 Arbitrary File Write / Directory Traversal
Posted Sep 23, 2024
Authored by Riccardo Degli Esposti

Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.

tags | exploit, arbitrary, proof of concept, file inclusion
advisories | CVE-2024-44825
SHA-256 | 3e2115a5ac5563793a0f2c821d2286084e05076d87ec7793c02b372c65ca4475
Faraday 5.7.0
Posted Sep 23, 2024
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added bulk update feature for custom attributes. Fixed hostnames not working on pipelines conditions. Allowed services to be searchable. Fixed crash on unsupported image format upload. Fixed service based jobs not working for assets.
tags | tool, rootkit
systems | unix
SHA-256 | beee684970842de8c540054542adaf530009a41ad15076dcfee818b1f25ea79d
nullcon Goa 2025 Call For Papers
Posted Sep 23, 2024
Site nullcon.net

The Call For Papers for nullcon Goa 2025 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 1st through the 2nd, 2025.

tags | paper, conference
SHA-256 | d943a5167bc531bab425de0702277f60eaf145d5ed299231ba952d4c51c62f6b
Ubuntu Security Notice USN-7028-1
Posted Sep 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7028-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47188, CVE-2022-48863, CVE-2023-52809, CVE-2024-26651, CVE-2024-26677, CVE-2024-26851, CVE-2024-27437, CVE-2024-38570, CVE-2024-38583, CVE-2024-39480, CVE-2024-39495, CVE-2024-42224
SHA-256 | 7de5ce15aa6cad3ce493ec92fd8b9feaa278435231abe1f16c95487428745116
Ubuntu Security Notice USN-7020-2
Posted Sep 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7020-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2024-41009, CVE-2024-42224, CVE-2024-42228
SHA-256 | f98c0e5a70256f65107c692a5ffbaaf185830877b966b18814d14c89fb57314e
Ubuntu Security Notice USN-7007-2
Posted Sep 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7007-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48772, CVE-2024-23848, CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-34027, CVE-2024-35247, CVE-2024-35927, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36971, CVE-2024-36972, CVE-2024-37078
SHA-256 | 41bc59a99a084c9c65f05b5595c0193c9b8ba9e8e768f5e9e410d18762dd8014
Gentoo Linux Security Advisory 202409-20
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-20 - Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. Versions greater than or equal to 8.7.1 are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2023-42619, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-2004, CVE-2024-2398, CVE-2024-2466
SHA-256 | f394b76c205156192ead8c0293e0772f5056819abf8ec95aff9c332a2bf86573
Gentoo Linux Security Advisory 202409-19
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-19 - A vulnerability has been found in Emacs and org-mode which could result in arbitrary code execution. Versions greater than or equal to 26.3-r19:26 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2024-39331
SHA-256 | 9575a688eb9e213c626695cd2690c2252477d90aa854884afb0f3862b7c45461
Gentoo Linux Security Advisory 202409-18
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-18 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions greater than or equal to 3.25.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2023-26767, CVE-2023-26768, CVE-2023-26769
SHA-256 | c78b83db1a7720e0ad364150e94e40fb64e2696c5de7f33727aa7204f7721b3f
Gentoo Linux Security Advisory 202409-17
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-41325
SHA-256 | ebb2bac7057a961878ccd319ba221e8792667cde32a65caba4fdf913bda602fa
Gentoo Linux Security Advisory 202409-16
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-16 - Multiple vulnerabilities have been discovered in Slurm, the worst of which could result in privilege escalation or code execution. Versions less than or equal to 22.05.3 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2020-36770, CVE-2023-49933, CVE-2023-49934, CVE-2023-49935, CVE-2023-49936, CVE-2023-49937, CVE-2023-49938
SHA-256 | ff2981e0c7957a84bb193ea5e001ca9c17d89f401368583d50099381b7412c6d
Gentoo Linux Security Advisory 202409-15
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-15 - Multiple vulnerabilities have been discovered in stb, the worst of which lead to a denial of service. Versions greater than or equal to 20240201 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-28021, CVE-2021-37789, CVE-2021-42715, CVE-2021-42716, CVE-2022-28041, CVE-2022-28042, CVE-2022-28048
SHA-256 | 094b5866ab07ff293c4fa7c04b4ecf062b1bc0a1fc131735bc7fcdfb2e045af0
Debian Security Advisory 5774-1
Posted Sep 23, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.

tags | advisory, ruby
systems | linux, debian
advisories | CVE-2024-45409
SHA-256 | 240177159ce0b76270aa0280d1ee5b1c3ee1ab29b2d1a466aa814c291e161d28
Linux i915 PTE Use-After-Free
Posted Sep 23, 2024
Authored by Jann Horn, Google Security Research

Linux i915 suffers from an out-of-bounds PTE write in vm_fault_gtt() that leads to a PTE use-after-free vulnerability.

tags | exploit
systems | linux
advisories | CVE-2024-42259
SHA-256 | 1823d9d4f6feebcd5eb07b8d171404b0ef201f506b2f82c58803bb51a4f92f10
Gentoo Linux Security Advisory 202409-14
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-14 - Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service. Versions greater than or equal to 2.28.7 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2022-46392, CVE-2022-46393, CVE-2023-43615, CVE-2023-45199, CVE-2024-23170, CVE-2024-23775
SHA-256 | c39110a508d640140269a45e62b4d73c71bf5d63d281f69666dd0e64f45aa664
Gentoo Linux Security Advisory 202409-13
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122
SHA-256 | 7bc85386edd9b978a19ae7e18d7b6e122bdd51c917e8a894f59215c2328567e5
Registration And Login System 1.0 SQL Injection
Posted Sep 23, 2024
Authored by indoushka

Registration and Login System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 2e35be6bb3e35b83df484b398806d8bfeabf871143cdfbe23a59f0b553cfe4a3
Ubuntu Security Notice USN-6992-2
Posted Sep 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6992-2 - USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Seunghyun Lee discovered that Firefox contained a type confusion vulnerability when handling certain ArrayTypes. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-8381, CVE-2024-8383, CVE-2024-8384, CVE-2024-8385
SHA-256 | 1a31056260cf5d6929e1518e2f1e7a41fcf2b1abd7a44adf996edaa600d232bf
Gentoo Linux Security Advisory 202409-12
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-12 - Multiple vulnerabilities have been discovered in pypy and pypy3, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 7.3.3_p37_p1-r1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2020-27619
SHA-256 | 67a72a29541dfe1a339c4c120bfd5675850548ab51544d12bd451de53da4c45d
Gentoo Linux Security Advisory 202409-11
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-11 - Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which could lead to privilege escalation. Versions greater than or equal to 7.0.12 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2023-22098, CVE-2023-22099, CVE-2023-22100
SHA-256 | a54a8cc736cdbb448591b5f38b0b1e063247df013ee9209b98329ee2c0643512
SPIP BigUp 4.3.1 Code Injection
Posted Sep 23, 2024
Authored by indoushka

SPIP BigUp version 4.3.1 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | 96ef343134222af92ba1ed0f8190e233e165263a1824d6f93b058f803eb81603
Gentoo Linux Security Advisory 202409-10
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-10 - Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2022-42336, CVE-2022-4949, CVE-2023-28746, CVE-2023-34319, CVE-2023-34320, CVE-2023-34321, CVE-2023-34322, CVE-2023-34323, CVE-2023-34324, CVE-2023-34325, CVE-2023-34327, CVE-2023-34328, CVE-2023-46835, CVE-2023-46836
SHA-256 | 8b158b4b14fabb37b107389483696ee806809c7a28b87657efca564110fdb8a3
Gentoo Linux Security Advisory 202409-09
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-9 - A vulnerability has been discovered in Exo, which can lead to arbitrary code execution. Versions greater than or equal to 4.17.2 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2022-32278
SHA-256 | 712d5b1aa7545c51fe1bef12d8c237d73ae50f03edf1af67b3c8ca6e08f91339
Gentoo Linux Security Advisory 202409-08
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2022-0547, CVE-2023-46849, CVE-2023-46850
SHA-256 | 845e07a967854ba9249cd7ad779d329d4ab74df98fb814e200427249cb1a5191
RecipePoint 1.9 Insecure Settings
Posted Sep 23, 2024
Authored by indoushka

RecipePoint version 1.9 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | 28a459c4f3d13646dcfba73db4bfab53df28525a4bad145470b4fe191697426a
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close