exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2023-12-12

Debian Security Advisory 5575-1
Posted Dec 12, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2023-42916, CVE-2023-42917
SHA-256 | fb2b3e50ddbe9455517494418af65058e060ac8c36d2bcce67a49bffceb3b808
Debian Security Advisory 5574-1
Posted Dec 12, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5574-1 - Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2023-6185, CVE-2023-6186
SHA-256 | 213eb449b719ea3918fe5b9547405966d36fc8f530f2d761e55375d63d105631
Splunk XSLT Upload Remote Code Execution
Posted Dec 12, 2023
Authored by h00die, Valentin Lobstein, nathan | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.

tags | exploit, remote, arbitrary, shell, code execution
advisories | CVE-2023-46214
SHA-256 | ea31fbcf387f710ebb5a4b9243ec8009edb093af5bce5d17f8b759e679c83bdf
Ubuntu Security Notice USN-6550-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2022-29221, CVE-2022-31129, CVE-2023-28447
SHA-256 | 63590f2a95686afe65ce57bda6bffeb19c1b4db5f13381940d89cd04952491fd
Ubuntu Security Notice USN-6549-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754, CVE-2023-5158, CVE-2023-5178, CVE-2023-5717
SHA-256 | 0a9053db00b3d18766045707f877cd0acf8a50d5ecb0aa473dcdada6eba1c983
Ubuntu Security Notice USN-6548-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178, CVE-2023-5717, CVE-2023-6176
SHA-256 | b151f8b1c0e89b126e52b50cb36a0892dbb13b53ad032fb9ccca75e4147b0865
Ubuntu Security Notice USN-6547-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6547-1 - it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2023-41105
SHA-256 | 8c7bb5b6bcb90779a8426f3dd40d8e11e83442d02ec24171e656ecd3e87d2dcc
Ubuntu Security Notice USN-6546-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6546-1 - Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. Reginaldo Silva discovered that LibreOffice incorrectly handled certain non-typical hyperlinks. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary scripts.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-6185, CVE-2023-6186
SHA-256 | 01fab37c05cd681d38f4c0f1e488e1ac1bd4fefddc1383235b51249b5b081a76
Ubuntu Security Notice USN-6545-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-42916
SHA-256 | ed8f1270abdbd4bf7807cfa9dd7fc1ef9156b37591e7a5e6e09c1c6727c271f3
WordPress Backup Migration 1.3.7 Remote Code Execution
Posted Dec 12, 2023
Authored by Nex Team | Site wordfence.com

WordPress Backup Migration plugin versions 1.3.7 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-6553
SHA-256 | 203e34e920d3b9a7fe4d03e187ec4eba212c533383031415d2c9a09ba3f9606c
Red Hat Security Advisory 2023-7730-03
Posted Dec 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7730-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-5557
SHA-256 | 61b85ae2e691f9f55e53cb2b720c6b2d1753c975118cfb9b749df441e585077a
Red Hat Security Advisory 2023-7725-03
Posted Dec 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7725-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-39222
SHA-256 | ce2887c4aa6c3d380271fdd43ea09382303ba8eb1cb6f684ddd05e3193098874
Red Hat Security Advisory 2023-7716-03
Posted Dec 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7716-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-42917
SHA-256 | d3109a89a560cdaa260c574b07d6a406d5c23265e5bca754b5dfe3c4fdbd5f86
Red Hat Security Advisory 2023-7715-03
Posted Dec 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7715-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-42917
SHA-256 | bc42ce6fc4194047f76975d311d726d129355768f0240d627eb8cbf9db4bddfd
Red Hat Security Advisory 2023-7714-03
Posted Dec 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7714-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2023-5868
SHA-256 | 3d26c4f99aebd1731f51d03f611a872f688dfd65f0f3c294529dd09f9a67a62b
Red Hat Security Advisory 2023-7713-03
Posted Dec 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7713-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-5557
SHA-256 | dec71fa9c65bfd3df5c642c927f61839c4694ef7fd60d905f2a511c0699b1124
Red Hat Security Advisory 2023-7712-03
Posted Dec 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7712-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-5557
SHA-256 | cc6a6541d6428a24b54442ca94d86c83c60bd2d9e6cdee93935628db291c1901
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close