what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2022-09-26

Ubuntu Security Notice USN-5637-1
Posted Sep 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5637-1 - It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-0034
SHA-256 | 62acfeee21a05d07af7c6e293d6841f7a19ff21ba74bd33367cd0ea77a38691a
Gentoo Linux Security Advisory 202209-15
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-15 - Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 11.0.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14664, CVE-2020-2585, CVE-2020-2755, CVE-2020-2756
SHA-256 | 030e23f792d0ed43c2b7a044f13cd2fd185aa4154ba366dd3a86cc4f5e6668a4
OpenStego Free Steganography Solution 0.8.5
Posted Sep 26, 2022
Authored by Samir Vaidya | Site github.com

OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).

Changes: Handle file size not enough in case of embed watermark operation. Handle case where some files fail processing during wildcard operations. Handle JPEGs where APP0 marker is not the first in JFIF metadata. JDK fails reading such files even if image body is fine.
tags | tool, java, encryption, steganography
SHA-256 | 278d0934e1132a352cde6f89a86018ffc35037c9cfacf1ebdfdadf1508d5ad36
GNUnet P2P Framework 0.17.6
Posted Sep 26, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Added transactional API and removed heap storage storage plugin in NAMESTORE. Added optional authentication for all REST endpoints. A few other bug fixes.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 249358ef3b10ce99810781fedaec526a6eab943c120e4bba096aedf91c1afc40
Ubuntu Security Notice USN-5636-1
Posted Sep 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5636-1 - It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-2806
SHA-256 | d1c1fc6093fc48a6f3f09a0d6da63677a743e4dce81b8351ee68f92dbe62e04f
WiFi Mouse 1.8.3.4 Remote Code Execution
Posted Sep 26, 2022
Authored by h00die, H4rk3nz0, RedHatAugust | Site metasploit.com

The WiFi Mouse (Mouse Server) from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server (cmd.exe in our case) and type commands that will be executed as the user running WiFi Mouse (Mouse Server), resulting in remote code execution. Tested against versions 1.8.3.4 (current as of module writing) and 1.8.2.3.

tags | exploit, remote, code execution
advisories | CVE-2022-3218
SHA-256 | a1eb49c803eef32a7d3986d02c20457c3afa4cb25fe942b90918d6d5bcceb6e6
Veritas Backup Exec Agent Remote Code Execution
Posted Sep 26, 2022
Authored by Alexander Korotin | Site metasploit.com

Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but had not yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized access to the BE Agent and execute an arbitrary OS command on the host with NT AUTHORITY\SYSTEM or root privileges depending on the platform. The vulnerability presents in 16.x, 20.x and 21.x versions of Backup Exec up to 21.2 (or up to and including Backup Exec Remote Agent revision 9.3).

tags | exploit, remote, arbitrary, root
advisories | CVE-2021-27876, CVE-2021-27877, CVE-2021-27878
SHA-256 | 5d2a9879ee25f3f36daab21dabc7454caa668fe4871c215806df28dda8ea3890
Gentoo Linux Security Advisory 202209-14
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-14 - Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties. Versions less than 6.4.22 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2021-36386, CVE-2021-39272
SHA-256 | 0464eed96bdd7d49cf6ef1bba542adce39a341211e8349a992dd1f3d06faf788
Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution
Posted Sep 26, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Augudor.b malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | eb63fba65d43437a287680fff71157dd2127d980055e141a70d67d2a9e75bbe9
Red Hat Security Advisory 2022-6560-01
Posted Sep 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-20107, CVE-2022-0391, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-29154, CVE-2022-30631, CVE-2022-32206, CVE-2022-32208, CVE-2022-34903
SHA-256 | d134f436fdff639de70a03b7b3975885bf861fbed06c5479cdbcb07453bd6f5d
WordPress Forym 1.5.7 Cross Site Scripting
Posted Sep 26, 2022
Authored by CraCkEr

WordPress Forym plugin version 1.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9098a88f216244d26aece5715f65327ef4cb3938af59970db2d4b6054763dadd
Gentoo Linux Security Advisory 202209-13
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-13 - Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service. Versions less than or equal to 2.0.2-r3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-7603, CVE-2017-7604, CVE-2017-7605
SHA-256 | 77c49924ec9e5b62c262a88429d862b90625c3033d60984030a7ffc22b76e78f
WordPress Sabai Discuss 1.4.13 Cross Site Scripting
Posted Sep 26, 2022
Authored by CraCkEr

WordPress Sabai Discuss plugin version 1.4.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 89f5ed0fd301c5179d5c7e7b897151915e046831ba89d38f7fe464fece6e2463
Gentoo Linux Security Advisory 202209-12
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-12 - Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Versions less than 2.06 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2021-3981, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735, CVE-2022-28736, CVE-2022-28737
SHA-256 | 6ed9c7fcb103a96def8481a7caf238738ec32577a4a9992f019f98348d8786ac
Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload
Posted Sep 26, 2022
Authored by Yousef Alraddadi

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.

tags | exploit, remote, shell, sql injection, bypass
SHA-256 | a9a666adc9b5791a812164167d20c4ced022f91eed35188667143b4e7b0ee94e
Gentoo Linux Security Advisory 202209-11
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-11 - Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution. Versions less than 4.4.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-45931, CVE-2022-33068
SHA-256 | fcab7df28d3ef304ed8fe7a721ed0ce5b1ba413ba835ad8b93caf849762bcdd9
WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting
Posted Sep 26, 2022
Authored by CraCkEr

WooCommerce plugin BRW Booking Rental version 1.3.1 from Ovatheme suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dfe1cdd557607de5f92a6a88e09b22e7cde7affb9a23004ed5c5615dd5fb84d4
Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential
Posted Sep 26, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Psychward.b malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 4a196172d709119bf5c9fd8264d2064a406a4232f965f914f828caf704ad4124
Gentoo Linux Security Advisory 202209-10
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-10 - A vulnerability has been discovered in Logcheck's ebuilds which could allow for root privilege escalation. Versions less than or equal to 1.3.23 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2017-20148
SHA-256 | aa98c006ed7286f0640e95c22bca0d5dc8e2af534e7dbdcc233ab4f91e9694d0
Gentoo Linux Security Advisory 202209-09
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-9 - Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution. Versions less than 4.2.1 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2018-25047, CVE-2021-21408, CVE-2021-29454, CVE-2022-29221
SHA-256 | 8a9753a3318c6302ef6528cd85e6f858a3e8e25c2174e9c1bdaf58ea02e08e97
Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential
Posted Sep 26, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bingle.b malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 2071a5c002ce27b0ea6b560999d5a672774467ed9490813fdbb0280c50591569
Ubuntu Security Notice USN-5635-1
Posted Sep 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5635-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2021-33655, CVE-2022-2318, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33743, CVE-2022-33744, CVE-2022-34494, CVE-2022-36946
SHA-256 | 659df738a1290534fb4de396b00a3b37c0db9cd653e811b0b0daf576c904b263
Active eCommerce CMS 6.3.0 Cross Site Scripting
Posted Sep 26, 2022
Authored by th3d1gger

Active eCommerce CMS version 6.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f51e5c579856d6d8fa09e372f8f6b12ff91605bb22a15f16b8caa488351dcb3f
Active eCommerce CMS 6.3.0 Arbitrary File Download
Posted Sep 26, 2022
Authored by th3d1gger

Active eCommerce CMS version 6.3.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 4036be9f28862cc4e0346638cd293b4cbcd82af4741e2fa269b30a31d2b7fd7c
Gentoo Linux Security Advisory 202209-08
Posted Sep 26, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-8 - Multiple vulnerabilities have been discovered in Smokeping, the worst of which could result in root privilege escalation. Versions less than or equal to 2.7.3-r1 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2017-20147
SHA-256 | 6e3fcee3fe1f1e7e0baf4975b253d383008542bce7b60e7fd3ab9f30c21bbae3
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close