exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2024-11-18

Cable .NET Post Exploitation Tool
Posted Nov 18, 2024
Site github.com

Cable is a simple post-exploitation tool used for enumeration and further exploitation of Active Directory environments. This tool was primarily created to learn more about .NET offensive development in an Active Directory context.

tags | tool, scanner
systems | unix
SHA-256 | 458a872c342755e93082c07fb043a34150e44308454825841810949f373c7797
Pyload Remote Code Execution
Posted Nov 18, 2024
Authored by Spencer McIntyre, jheysel-r7 | Site metasploit.com

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.

tags | exploit, remote, arbitrary, javascript, code execution, python
advisories | CVE-2024-28397, CVE-2024-39205
SHA-256 | 80427d657de061fee48a9f5adbb6c131d9fca4ddd53f67cf67ca1b3ed439fddd
Gentoo Linux Security Advisory 202411-09
Posted Nov 18, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202411-9 - Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected.

tags | advisory, arbitrary, perl, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-36770, CVE-2023-31486, CVE-2023-47038
SHA-256 | 3595d9ddc5c7b57b0fc6a001f6671c27b47cdadd1a00fb459436bae50b95624c
Gentoo Linux Security Advisory 202411-08
Posted Nov 18, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202411-8 - A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083, CVE-2024-9632
SHA-256 | 9271c063b90a591200750bcb35bab19393e368ea5f07f2bd018a4463936416d0
Gentoo Linux Security Advisory 202411-07
Posted Nov 18, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202411-7 - A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution. Versions greater than or equal to 10.3.0 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2024-28219
SHA-256 | f33ea09ad2289f635434f7ee97a896c3bcb59965736b5163ab8e08d19639a6af
Debian Security Advisory 5814-1
Posted Nov 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5814-1 - A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages.

tags | advisory
systems | linux, debian
advisories | CVE-2024-11159
SHA-256 | f4443ed9384523d3abd4c6e094c23140071005acad52f74522bbc76a50c61b13
Debian Security Advisory 5813-1
Posted Nov 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5813-1 - Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass.

tags | advisory, php
systems | linux, debian
advisories | CVE-2024-51996
SHA-256 | e9c9a8326794040dd9177127445ba714c9333b88e1f6e6b41a6df5985ba53e3e
SOPlanning 1.52.01 Remote Code Execution
Posted Nov 18, 2024

SOPlanning version 1.52.01 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | aa2b0281cd44426371fcd74740cdc742a4967b78355a65e5c712e22f50b852b6
Debian Security Advisory 5812-1
Posted Nov 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5812-1 - Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
SHA-256 | abb6dfdb39e0f1210c77d3a3255391005a7200482ed21d2007d66c5cb1de9267
Ubuntu Security Notice USN-7108-1
Posted Nov 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7108-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation.

tags | advisory, remote, shell
systems | linux, ubuntu
advisories | CVE-2023-46445, CVE-2023-46446
SHA-256 | 879c1bba1c6e49f095f223b8a2b416c8ae15269b5259350aefb2b128068cebe4
Ubuntu Security Notice USN-7106-1
Posted Nov 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7106-1 - It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2024-23672
SHA-256 | a7e1f25fa58014ab4990b4ca73018677dc891d2ab83b50bc02c672928853008f
Red Hat Security Advisory 2024-9680-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-32885
SHA-256 | 5e84fedd1a55610efb37e4cd55c473c8354b2e43c61a8e55f36a6a31453cb759
Red Hat Security Advisory 2024-9654-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9654-03 - An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 14a8714878a1421638c275067af274c146cde9a20961b22b0ac264e25c73719e
Red Hat Security Advisory 2024-9653-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-32885
SHA-256 | af16f2d0ab8f93277bad9bab810989371c95502791998f695a259f331e3215e3
Red Hat Security Advisory 2024-9644-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9644-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-23638
SHA-256 | ccba95ea7d6d262441aa0ee08c9f1e6839cd97ce7b32abadedb753c95f08a29d
Red Hat Security Advisory 2024-9637-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9637-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-44185
SHA-256 | dd81cc0fd25b17a1982c81914b4c5a21c402a7aec9516bc2553be200b3e14972
Red Hat Security Advisory 2024-9627-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9627-03 - Red Hat OpenShift Service Mesh Containers for 2.6.3. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-21536
SHA-256 | 68f97204f8cd7e3ac2d5e745721ad7b2f01bd97b51e704342951937d12e03cba
Red Hat Security Advisory 2024-9624-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9624-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-45802
SHA-256 | 63c7f449362d4a294c2a7f58bbbf3e1dc01ab14e30dc5b33711f1e8d8a666102
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close