what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2022-03-10 to 2022-03-11

Dirty Pipe Local Privilege Escalation
Posted Mar 10, 2022
Authored by timwr, Max Kellermann | Site metasploit.com

This Metasploit module exploits a vulnerability that has been in the Linux kernel since version 5.8. It allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the payload, executing it, and then writing the original data back. There are two major limitations of this exploit: the offset cannot be on a page boundary (it needs to write one byte before the offset to add a reference to this page to the pipe), and the write cannot cross a page boundary. This means the payload must be less than the page size (4096 bytes).

tags | exploit, kernel
systems | linux
advisories | CVE-2022-0847
SHA-256 | 95e39ce5f94de2996183947c580313fe0356df719e22343a89d095b460489c7a
Falco 0.31.1
Posted Mar 10, 2022
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: 2 major changes. 2 minor changes. 4 bug fixes. 11 rule changes. 7 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 207b875c5b24717ecc9a5c288ff8df703d5d2a9ad00533f798d530e758f8ae42
Zabbix 5.0.17 Remote Code Execution
Posted Mar 10, 2022
Authored by Hussien Misbah

Zabbix version 5.0.17 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | ebc3165e97e60d9bd46503f07408149675fc7f713f4d3e0501cf3ac3498e18b8
Siemens S7-1200 4.5 Unauthenticated Access
Posted Mar 10, 2022
Authored by RoseSecurity

Siemens S7-1200 versions 4.5 and below have an unauthenticated CPU start/stop command vulnerability.

tags | exploit, bypass
SHA-256 | 88f2803fc2e5b53b6f08e265637da1495e7da749c19ccbe44164c5f1225850e9
Ubuntu Security Notice USN-5320-1
Posted Mar 10, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5320-1 - USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315
SHA-256 | f73ffaf6eb03b92ee8fa616e8b96fe44c883861c77e20c470a4a5a8c89b228da
WOW21 5.0.1.9 Unquoted Service Path
Posted Mar 10, 2022
Authored by Antonio Cuomo

WOW21 version 5.0.1.9 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | dd3790169d6ed36986ad50b78130b908b3afd0bfc81309448db2fec5970807fd
Sandboxie-Plus 5.50.2 Unquoted Service Path
Posted Mar 10, 2022
Authored by Antonio Cuomo

Sandboxie-Plus version 5.50.2 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | c11e7ad42d8bfa9e14b092d5fce628e76aa5c16a926d44c5e66ffe8de045f235
McAfee Safe Connect VPN Unquoted Service Path
Posted Mar 10, 2022
Authored by Saud Alenazi

McAfee Safe Connect VPN suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 5502da1c6d1cd3f45b148e073ebac251aa5385dbc8b2be76e1f2a220bbe458f1
BattlEye 0.9 Unquoted Service Path
Posted Mar 10, 2022
Authored by Saud Alenazi

BattlEye version 0.9 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | b96d0cfc1479d79b17eca435c513eb44002d31fb0fbcc2c759667534968b52c7
Sony Playmemories Home Unquoted Service Path
Posted Mar 10, 2022
Authored by Saud Alenazi

Sony Playmemories Home suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | da76cfffc8e00970cf818236c584198ba40bb3a6290a63f1ea4d74bdd5b9dc4e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close