Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
c6525e829bd24525ee699aa207ecd27c50646d64263a669671badfb71cd99620This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.
036b2591e4ef8beb3558c821f06ea5bf7c27f8226edd7019163d2a719de158acA heap out-of-bounds write affecting Linux since version 2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption) through user name space. Kernels up to and including 5.11 are vulnerable.
7caefc49d920cc0b0d58e9ad762b7ffbd02e62e1e3225217c8586f8867ea42e8Ubuntu Security Notice 5105-1 - It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests.
e5d7921a9f3cce00a72278d4f2e6e98ea665d137288f18073245a145f13bc6d8Online Traffic Offense Management System version 1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Justin White in August of 2021.
7cc05456c41b598b673942619347e3fd1ef4bb3aec178caa9dc6af5ba949d971Online Traffic Offense Management System version 1.0 suffers from persistent and reflective cross site scripting vulnerabilities.
8fe47efe4ae3e273d70f6a28bc37866a5974f0a4d07c32cd8529fa977f8ef09eOnline Traffic Offense Management System version 1.0 suffers from multiple remote shell upload vulnerabilities.
f12a952b62540fdd484377f26c5406d160c2eefe9cbf56553111f4570c03f894Ubuntu Security Notice 5106-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
e6f1f8e07840dd321cac128c3e684c8a455cc504df4df29a372d0a536fd65241Simple Online College Entrance Exam System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e94df23eb345d74ed4b60f73281e0e2c812b83cb270e9cec29d0e316cf97b0a2Online DJ Booking Management System version 1.0 suffers from a cross site scripting vulnerability.
0cfdbe3612aa2104f53abcc359160e8ca7823b8eaada2ed65ef2d8895e9084afRed Hat Security Advisory 2021-3743-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
af81190265ca9bed00ca3cfa52cd17dc3d28d5cb3b9e6d99b18f17a484b7b256Windows/x86 bind TCP shellcode / dynamic PEB and EDT method null-free shellcode. This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.
7dd9706d9d60f259d8e6ef790111d2ef99c07abddaae6debfdc64b5c0856ce2fGoogle SLO-Generator versions 2.0.0 and below suffer from a code execution vulnerability.
ef94b5f22ec4aaf3de18b8a4935785e2137c7be8dc066b6be1310c18aab93b6f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed