what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2024-11-01

Ping Identity PingIDM 7.5.0 Query Filter Injection
Posted Nov 1, 2024
Authored by Miguel García Martín, Ksandros Apostoli | Site sec-consult.com

Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user's passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim's user password details (encrypted object or plaintext string).

tags | exploit
advisories | CVE-2024-23600
SHA-256 | 794244004a3908d9cf0034a1a70db151caa9281755a9275a47220eac8338d52f
ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass
Posted Nov 1, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.

tags | exploit, php, file upload
SHA-256 | accf80983115dc5908f4545001f436450bd05752c8b5b6b674a1efd83446277b
Packet Storm New Exploits For October, 2024
Posted Nov 1, 2024
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 128 exploits added to Packet Storm in October, 2024.

tags | exploit
SHA-256 | c5d403957b806b59fb6166e8d1326d5963ba8bbcdb7a6478a93b1ba29c457234
Debian Security Advisory 5801-1
Posted Nov 1, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5801-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.

tags | advisory, web, arbitrary, spoof, xss, info disclosure
systems | linux, debian
advisories | CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467
SHA-256 | 7663ad350ea4147d8c339e47d4e4c09f18b27dab1f732df508fa0ac88122a418
Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow
Posted Nov 1, 2024
Authored by Enrico Weigelt

Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.

tags | advisory, overflow
advisories | CVE-2024-9632
SHA-256 | e1d1c90f3bed32a3621cdec6499a0799dd3782078452bf7dc1d063ca25c1e2f0
Ubuntu Security Notice USN-7090-1
Posted Nov 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7090-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39487, CVE-2024-41015, CVE-2024-41019, CVE-2024-41020, CVE-2024-41021, CVE-2024-41023, CVE-2024-41025, CVE-2024-41030, CVE-2024-41033, CVE-2024-41034, CVE-2024-41035
SHA-256 | 6a9d3a1e4a4fbe85e4992cff08c3e238393e2444832e21faf50c67f89ed19bf6
Ubuntu Security Notice USN-7089-1
Posted Nov 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7089-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39487, CVE-2024-41007, CVE-2024-41015, CVE-2024-41018, CVE-2024-41019, CVE-2024-41020, CVE-2024-41022, CVE-2024-41025, CVE-2024-41028, CVE-2024-41030, CVE-2024-41032
SHA-256 | ddf1e0bbd10d1ef692ad8303eb3ecdabeb9f0701fc3cf00afbec1c110f39b6a2
SmartAgent 1.1.0 Remote Code Execution
Posted Nov 1, 2024
Authored by Alter Prime

SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.

tags | exploit, remote, php, code execution
SHA-256 | d1c79ff390d1eddef9aea5b0debce0087e67faf0b8c82c4f6c4ee4fde8484a34
SmartAgent 1.1.0 Server-Side Request Forgery
Posted Nov 1, 2024
Authored by Alter Prime

SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.

tags | exploit
SHA-256 | c819a531ddac42276178e8777f908cca9b2430a5fef86c2ac4c3be219a2bd9e3
SmartAgent 1.1.0 SQL Injection
Posted Nov 1, 2024
Authored by Alter Prime

SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 454076f23b89f57e45086d97afc09d37ad082fe918f4d6e98b97f0605eece69e
Ubuntu Security Notice USN-7088-1
Posted Nov 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47212, CVE-2022-36402, CVE-2023-52918, CVE-2024-26607, CVE-2024-26641, CVE-2024-26668, CVE-2024-26669, CVE-2024-26891, CVE-2024-27051, CVE-2024-36484, CVE-2024-38602, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017
SHA-256 | 45049820bd4e0d7ebd34214af28ac0de01bc1555af2b52dcd9fceee216485cbb
Apple Security Advisory 10-29-2024-1
Posted Nov 1, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.

tags | advisory
systems | apple
advisories | CVE-2024-44229, CVE-2024-44244, CVE-2024-44259, CVE-2024-44296
SHA-256 | 0dd01065224021561e127b177e2c1247b87c84d4c78ddb4a6c229ce1b1475210
Red Hat Security Advisory 2024-8729-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8729-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | 892ea6d1885a9c4a5fd9df199719bc81c7706b42115f8c0445600a83674d35fe
Red Hat Security Advisory 2024-8728-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8728-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | dcffc6dcf0a0828fcfb4d8fb6ad618b0bd9aecf0defd2dd77d1328627aa737ab
Red Hat Security Advisory 2024-8727-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8727-03 - An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | 2f92d8a982d1250cbda8b06a268b4794e340c8705b5867a7aaff14e7a6d8a00d
Red Hat Security Advisory 2024-8726-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8726-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | 93f3e2a4112ced58b9c3cbdfe1d1fe4cef3b189e36b25c82e2dfd9004417b003
Red Hat Security Advisory 2024-8725-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8725-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | f1f682088049da35eed59619974632a2d6cb13ac55b4925f134e9a48fb2d93e7
Red Hat Security Advisory 2024-8724-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8724-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | 330bc51b9bb432e7ddd876dccba1b9d135f5ba9d47cd1e04477ad61e05ebc573
Red Hat Security Advisory 2024-8723-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8723-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | 0c7bb3b6696f06060ce2409dec1cb1a60a1843a09dd118416287b8738a2748a4
Red Hat Security Advisory 2024-8722-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8722-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | de7958e92ea46cc20aedc374ab8c5a9bf8531b25404f2dafd4055b3af0876da2
Red Hat Security Advisory 2024-8721-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8721-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | 117152477b45be16ad962165d5ad4e331674d8fb133bd5677bc073b487ceb082
Red Hat Security Advisory 2024-8720-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8720-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10458
SHA-256 | 4abc10777235f30c78096188f53828f632e679bbaeaf3c43cf93a04820c05178
Red Hat Security Advisory 2024-8719-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8719-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a memory leak vulnerability.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2024-8376
SHA-256 | ced91abff3a01fc30596af392dbc9492e4b32c12b735f0b59eca208c20102e10
Red Hat Security Advisory 2024-8718-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8718-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a memory leak vulnerability.

tags | advisory, memory leak
systems | linux, redhat
advisories | CVE-2024-8376
SHA-256 | b20a69134d03eb3f4ba3bf687e91fd29a7bcf7103f20bf92b861624eeae10f69
Red Hat Security Advisory 2024-8717-03
Posted Nov 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8717-03 - Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-8553
SHA-256 | 12ea27fee07cf7b22eea1789d401da0f7e222d1902f2688c8d8dbc94a60bf833
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close