what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31,442 RSS Feed

Remote Files

Ubuntu Security Notice USN-6754-1
Posted Apr 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6754-1 - It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2019-9511, CVE-2019-9513, CVE-2023-44487, CVE-2024-28182
SHA-256 | 5cf8f575ba3f618cd1a7ba459257c95bf26180fa995bf1e705ddd3bb811a5c3e
Ubuntu Security Notice USN-6753-1
Posted Apr 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6753-1 - Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-46233
SHA-256 | 9b59079ffc816463d7133b64a1e0918a00b6e29ba9a8c0f1321f133a3a7f8bb4
Ubuntu Security Notice USN-6751-1
Posted Apr 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6751-1 - It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting attacks.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2022-35229
SHA-256 | aca65a6b1e51cfb0dd46b906420ebb846f14557c539fa2fa267bbee51159cbed
Ubuntu Security Notice USN-6752-1
Posted Apr 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6752-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2024-32658
SHA-256 | 702e8249c383680f94def92bffb7af2a05d557c2c7231374395c96333198b803
Ubuntu Security Notice USN-6657-2
Posted Apr 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6657-2 - USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP packet size as required by DNS Flag Day 2020. This issue only affected Ubuntu 23.10.

tags | advisory, remote, denial of service, udp, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-28450, CVE-2023-50387, CVE-2023-50868
SHA-256 | 1fe74e528f9c677caecbbdfcd678431e4752e4565e8a9eb7cd614192a3dcc6e0
Ubuntu Security Notice USN-6749-1
Posted Apr 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6749-1 - It was discovered that FreeRDP incorrectly handled certain context resets. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-22211, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460
SHA-256 | 3624c911bf5bf2f7589ea259742919993e0067e4732c1ecb641749c0cc060fdd
Apache Solr Backup/Restore API Remote Code Execution
Posted Apr 24, 2024
Authored by jheysel-r7, l3yx | Site metasploit.com

Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the classpath and load some classes from it. The backup function of the Collection can export malicious class files uploaded by attackers to the directory, allowing Solr to load custom classes and create arbitrary Java code. Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution.

tags | exploit, java, remote, arbitrary, code execution, file upload
advisories | CVE-2023-50386
SHA-256 | 982c87ed2032bff9e2a889f42db78ed065aa2707c068813f76b1c3875193d49d
Relate Learning And Teaching System SSTI / Remote Code Execution
Posted Apr 24, 2024
Authored by kai6u

Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Batch-Issue Exam Tickets function.

tags | exploit, remote, code execution
SHA-256 | fbbdfe373b7e6dd2a583a85798dfb1937651c42dbb791999bca4e6961e2b78e0
Nmap Port Scanner 7.95
Posted Apr 23, 2024
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added 336 fingerprints, bringing the new total to 6036. Integrated over 2500 service/version detection fingerprints submitted since June 2020. The signature count went up 1.4% to 12089, including 9 new softmatches. Four new NSE scripts. Various other improvements and bug fixes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
SHA-256 | e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution
Posted Apr 23, 2024
Authored by Spencer McIntyre, jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQL injection vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe which is responsible for translating requests and sending them to the database. In the message header of a specific request sent between the two services, the FCTUID parameter is vulnerable to SQL injection. It can be used to enable the xp_cmdshell which can then be used to obtain unauthenticated remote code execution in the context of NT AUTHORITY\SYSTEM. Upgrading to either 7.2.3, 7.0.11 or above is recommended by FortiNet. It should be noted that in order to be vulnerable, at least one endpoint needs to be enrolled / managed by FortiClient EMS for the necessary vulnerable services to be available.

tags | exploit, remote, code execution, sql injection
advisories | CVE-2023-48788
SHA-256 | 5dc08a7c993a962915dd2867b371b86d2696d585975c16dd1ce9c50691286b53
Gambio Online Webshop 4.9.2.0 Remote Code Execution
Posted Apr 23, 2024
Authored by h00die-gr3y, usd Herolab | Site metasploit.com

A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. The insecure deserialization vulnerability in Gambio poses a significant risk to affected systems. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2024-23759
SHA-256 | b039dd6352f7639972110e6885da153c2438aa56b1f4c40dc395f737607363b4
Ubuntu Security Notice USN-6738-1
Posted Apr 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6738-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | d77b141e270c41154b29de186352132905dedeb534b3e7d82e7b08b98259c5f4
LRMS PHP 1.0 SQL Injection / Shell Upload
Posted Apr 22, 2024
Authored by nu11secur1ty

LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, shell, php, vulnerability, sql injection
SHA-256 | cd29b75f4fc26669967838b2cacc350651afd70ebc41fa183a818a2044008a19
SofaWiki 3.9.2 Shell Upload
Posted Apr 22, 2024
Authored by Ahmet Umit Bayram

SofaWiki version 3.9.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 0f96734c2d9102385c242ff25bcaeda5c50413756e19e450e1bcbfe8ae166734
FlatPress 1.3 Shell Upload
Posted Apr 19, 2024
Authored by Ahmet Umit Bayram

FlatPress version 1.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 95b37bcd0ee004b10ed07d1d5449e20f0b6c896143d3d34e105388324e4c71e6
WordPress Background Image Cropper 1.2 Shell Upload
Posted Apr 19, 2024
Authored by Milad Karimi

WordPress Background Image Cropper plugin version 1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 7fde3f2c891e83214995aac3e02a1bffb22561963731277fa9a9d738f179af92
Relate Learning And Teaching System SSTI / Remote Code Execution
Posted Apr 19, 2024
Authored by kai6u

Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Markup Sandbox function.

tags | exploit, remote, code execution
SHA-256 | dc9ebb411726c774da4987d54d2ba2f224359e747d24c55618c19978e8b73e8a
Debian Security Advisory 5664-1
Posted Apr 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.

tags | advisory, java, remote, web, denial of service, tcp
systems | linux, debian
advisories | CVE-2024-22201
SHA-256 | f811fdb59918d1ff6c0f69e7c41be61c5a9681f083aca6ccdb106ccc1fb89b43
Ubuntu Security Notice USN-6729-2
Posted Apr 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
SHA-256 | 48e8f6ab38e454ffe37a65ae74aa96cb5b3942a28276a0cc0f3a974d4716ae83
Ubuntu Security Notice USN-6726-3
Posted Apr 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52444, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52454, CVE-2023-52470, CVE-2023-52612, CVE-2024-0607, CVE-2024-23851
SHA-256 | fbdef91004d190c96cf4e043eaae82ae1153ee17c38e14e93c908daa2a909e66
Ubuntu Security Notice USN-6726-2
Posted Apr 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52444, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52454, CVE-2023-52470, CVE-2023-52612, CVE-2024-0607, CVE-2024-23851
SHA-256 | 729c2c491401a2ba3cbcc24fc7e792dce6e1d41caac420160758655bfe67ca27
Ubuntu Security Notice USN-6725-2
Posted Apr 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-1194, CVE-2023-32254, CVE-2023-32258, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431, CVE-2023-3867, CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52442, CVE-2023-52444
SHA-256 | 6d7cd6326721629b499ff1a4ed3916c1134b9cf7a03933ebb2aad8ffbd18a71d
Centreon 23.10-1.el8 SQL Injection
Posted Apr 16, 2024
Authored by Cody Sixteen | Site code610.blogspot.com

Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434
Ubuntu Security Notice USN-6735-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
SHA-256 | 68173f83f0f09f1ae43ac3a78cd02b33b6ccf09520b2e1d1d103a308c74bddd3
Ubuntu Security Notice USN-6733-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2024-28834, CVE-2024-28835
SHA-256 | dfebcedb7a860d4a621a8d974617128c42cd5bb110089a91567169351a2f584d
Page 1 of 1,258
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    16 Files
  • 26
    Apr 26th
    14 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close