what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2023-08-14

Ubuntu Security Notice USN-4897-2
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4897-2 - USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-20270, CVE-2021-27291
SHA-256 | 0229f770d8874a0513c2166bf3e303d5654a0a18244de156ea9264cde333f0cd
Ubuntu Security Notice USN-6287-1
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6287-1 - Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-4235, CVE-2022-3064
SHA-256 | ff302540a68948d05ae6233fae6500513305acbb977068850f9628c22134174e
Ubuntu Security Notice USN-6280-1
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6280-1 - It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-36810
SHA-256 | 1bea4c8076bd6e5ab60c9f0179df73b1cf5eeb858149ac4a60e59726f0ba0fc9
Ubuntu Security Notice USN-6286-1
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6286-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. It was discovered that some Intel Xeon Processors did not properly restrict error injection for Intel SGX or Intel TDX. A local privileged user could use this to further escalate their privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2022-41804, CVE-2023-23908
SHA-256 | c0c75d64309f39dd0c71d8e92d6ad8cf29041158c1a43956be78cc32f0d30aa2
Debian Security Advisory 5476-1
Posted Aug 14, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5476-1 - Multiple vulnerabilities were discovered in the RealMedia demuxers for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
SHA-256 | 45d6e8fe829f87a9d45b74ad980ae09595dfedfcd4a24f1d353c0ff0b264dcaf
jSQL Injection 0.91
Posted Aug 14, 2023
Authored by ron190 | Site github.com

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

Changes: Added Stacked strategy. Added Stacked mode to Boolean strategies. Added Stacked payloads to Error strategies. Added file and privilege queries to SQL Engine. Improved bulk scan result. Improved cookies processing. Improved CSRF and Digest handshake processing. Improved H2 and PostgreSQL injection. Switched PHP SQL shell to mysqli_connect. One bug fix.
tags | tool, scanner, sql injection
systems | linux, unix
SHA-256 | f10e3bf405f1fc962e8bef1980943cec5018e07f66ce5260c0f04edd579c6bff
Ubuntu Security Notice USN-6283-1
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6283-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2002, CVE-2023-2269, CVE-2023-3141, CVE-2023-32248, CVE-2023-32254, CVE-2023-3268, CVE-2023-3312, CVE-2023-3317, CVE-2023-35823, CVE-2023-35824, CVE-2023-35826, CVE-2023-35828, CVE-2023-35829
SHA-256 | d89ea852ace9ebfc7bd58b09a638e52edb508a4626f5a1fe5c5fc2bf4bbdc318
Ubuntu Security Notice USN-6284-1
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6284-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672, CVE-2022-4269, CVE-2023-0590, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2124, CVE-2023-2194, CVE-2023-28466, CVE-2023-30772, CVE-2023-3111
SHA-256 | ec651fa855268fc14d26e263a73563801aeb8755bc99a7ff2e1209758b7c0a17
Ubuntu Security Notice USN-6285-1
Posted Aug 14, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6285-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48502, CVE-2023-2640, CVE-2023-2898, CVE-2023-31248, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-38430, CVE-2023-38432, CVE-2023-3863
SHA-256 | c7303f43ba77d16cc931ee8b1c0d2f16d00a561cedb386fa837bfed417cd59f3
Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting
Posted Aug 14, 2023
Authored by T. Weber, A. Resanovic, T. Etzenberger, M. Bineder, R. Haas | Site cyberdanube.com

Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-4202, CVE-2023-4203
SHA-256 | c3a6cbea79ff546db8165bd3b5e329dfc66aec81cd06ea79d913dda8ae9f889b
Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption
Posted Aug 14, 2023
Authored by T. Weber, S. Stockinger, A. Resanovic, T. Etzenberger | Site cyberdanube.com

Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
advisories | CVE-2023-3526, CVE-2023-3569
SHA-256 | a587bb9bbd0a7bc6b304a09099ebed341f33e4b48fa43bcad73ec180522c55d2
Microsoft Azure Subdomain Scanner / Enumerator
Posted Aug 14, 2023
Authored by RoseSecurity | Site metasploit.com

This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more!

tags | exploit
SHA-256 | ccd5eff55c0f2d978fd9aeb246beff5116650ca8cf92390516addb006dcf5583
Qualys RSA Usage Issue
Posted Aug 14, 2023
Authored by Paul Szabo

Qualys scanners use the ssh-rsa algorithm for pubkey signing in its attempt of SSH login. Modern SSHD servers reject pubkey login with ssh-rsa, so Qualys is unable to scan up-to-date Linux e.g. Debian12 or RHEL9. Qualys does not check the list of pubkey signing algorithms accepted by SSHD servers, and therefore cannot notify about any insecure ones.

tags | advisory
systems | linux
SHA-256 | 9cc12364accc88c8da5dc14fcda696933b5a5d17343558cadfdb7480fa60e6fa
Red Hat Security Advisory 2023-4627-01
Posted Aug 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2021-46877, CVE-2022-41721, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2022-41854, CVE-2022-41881, CVE-2022-4492, CVE-2023-1667, CVE-2023-2283, CVE-2023-22899, CVE-2023-24329, CVE-2023-24532
SHA-256 | 528c9d58b6e45e077bc24566369ae07e0edd29ac2d852cf5fcdab7f12d8ed270
Red Hat Security Advisory 2023-4625-01
Posted Aug 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4625-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2828, CVE-2023-35941, CVE-2023-35943, CVE-2023-35944
SHA-256 | 523284018ab36eaf368af6109e2b337f6b0d5a8bd5908b3fe50a6989ebeb6a7e
Red Hat Security Advisory 2023-4623-01
Posted Aug 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4623-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-27487, CVE-2023-27488, CVE-2023-27491, CVE-2023-27492, CVE-2023-27493, CVE-2023-27496
SHA-256 | 8d3e367ab18305b5a0b96bb1244608306a68e1e59432663f9a25f0f05f5c0e6a
Red Hat Security Advisory 2023-4624-01
Posted Aug 14, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4624-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2023-2828, CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944, CVE-2023-35945
SHA-256 | e0f5c7eca180931c2dd41e9bf1359f55373aefa75a8399a487be13af264d36ef
BookingWizz 6.0.1 Information Disclosure
Posted Aug 14, 2023
Authored by indoushka

BookingWizz version 6.0.1 suffers from an information leakage vulnerability.

tags | exploit, info disclosure
SHA-256 | 14dc808fba0c29bec381b92941a79a68db7e7dccd2b66351dfa0ae504f014329
E-commerce Growisei CMS 2.0 Insecure Settings
Posted Aug 14, 2023
Authored by indoushka

E-commerce Growisei CMS version 2.0 appears to leave default credentials installed after installation.

tags | exploit
SHA-256 | b549c22479bc881ac0ce28a4c4ceea4ae7a1618e0f8e14ffc39e65010f3dc20f
DBCInfoTech CMS 2.0 Administrator Reinstall
Posted Aug 14, 2023
Authored by indoushka

DBCInfoTech CMS version 2.0 suffers from an unauthenticated administrator reinstall vulnerability.

tags | exploit
SHA-256 | ee4695049fa78cdc4416bf9c9d888b2f016dd969d8de33f1716e9c35a8c42a9f
Education Time Indonesian School CRM 1.7 Cross Site Scripting
Posted Aug 14, 2023
Authored by indoushka

Education Time Indonesian School CRM version 1.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 77618beacec0c289a4aea53e4b0a7defb69006eae75c7aa9569481269ddcd23d
Eden CMS 1.02 Cross Site Scripting
Posted Aug 14, 2023
Authored by indoushka

Eden CMS version 1.02 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 630fc795c3e5190be18343a06f18966cff7b4b647a208473387fd510f0ff5a90
Ecommerce Responsive 1.2 Insecure Direct Object Reference
Posted Aug 14, 2023
Authored by indoushka

Ecommerce Responsive version 1.2 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 564898b789a9a93cde9f20cbbc717b9082bd02138f74c6c760f6a3b3ee5915e6
E-Biz CMS 2.0 Cross Site Request Forgery
Posted Aug 14, 2023
Authored by indoushka

E-Biz CMS version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0051b3ec1334ec05af6d228c8a79d4a9b5645a0e801b6a2ea22a9b8fb0623d1d
EasyPX CMS 06.02.04 Cross Site Scripting
Posted Aug 14, 2023
Authored by indoushka

EasyPX CMS version 06.02.04 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a3f28c088ff341f6a0fa5681eaba61ef33b9b9c90cbf2bcc812fbe88658d9da3
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close