exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2023-02-08

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution
Posted Feb 8, 2023
Authored by Christophe de la Fuente, Khoa Dinh, horizon3ai | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ADSelfService Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2022-47966
SHA-256 | d8eddc86e85e280575b3c444dc67513d0413d6724e92fd8d3128dd9cc8bc1a4b
Nagios XI 5.7.5 Remote Code Execution
Posted Feb 8, 2023
Authored by Matthew Mathur | Site metasploit.com

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2021-25296, CVE-2021-25297, CVE-2021-25298
SHA-256 | e1e14a22eb63b8baf6d8bc7b7a7a42d07a444dd4ad650863cfe3c7cce4239771
Mandos Encrypted File System Unattended Reboot Utility 1.8.16
Posted Feb 8, 2023
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Server related bug fix to start client checkers after a random delay.
tags | tool, remote, root
systems | linux, unix
SHA-256 | e301007184eafc99517bdaa09f3c8d3f42027b9aae335158f14cfcee60bfe108
OpenSSL Toolkit 3.0.8
Posted Feb 8, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

Changes: Fixed NULL dereference during PKCS7 data verification. Fixed X.400 address type confusion in X.509 GeneralName. Fixed NULL dereference validating DSA public key. Fixed invalid pointer dereference in d2i_PKCS7 functions. Fixed use-after-free following BIO_new_NDEF. Fixed double-free after calling PEM_read_bio_ex. Fixed timing oracle in RSA decryption. Fixed X.509 Name Constraints read buffer overflow. Fixed X.509 policy constraints double locking.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2022-3996, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401
SHA-256 | 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
OpenSSL Toolkit 1.1.1t
Posted Feb 8, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

Changes: Fixed X.400 address type confusion in X.509 GeneralName. Fixed a use-after-free following BIO_new_NDEF. Fixed a double-free after calling PEM_read_bio_ex. Fixed a timing oracle in RSA decryption.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b
Red Hat Security Advisory 2023-0663-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0663-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2023-0494
SHA-256 | 86b0e9d934701c53f72e7dd5b26a50e5d21743f95864345f957fb5a67cecb60b
Red Hat Security Advisory 2023-0661-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0661-01 - A security update for Fuse 7.11.1 is now available for Red Hat Fuse on EAP.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-36437
SHA-256 | 4931eda18115f092c75ace770dff893af35be2f7e672a00d29003ca71c073c38
Red Hat Security Advisory 2023-0664-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0664-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2023-0494
SHA-256 | 3901a5f6dad284a258f3bf381157268c7e3be093ad04065e0b7846fa07b3c8c4
Red Hat Security Advisory 2023-0665-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2023-0494
SHA-256 | 7c09d74037ecdc48aa9f89c90d148e348bcf5592b41c0837c4582afa60f5a006
Red Hat Security Advisory 2023-0662-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0662-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2023-0494
SHA-256 | 2f35b0cfb78a8ce71f23b78febbdfbbfebdaa133cb1e29fbe67c6c1e49c23efc
Ubuntu Security Notice USN-5849-1
Posted Feb 8, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5849-1 - Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-45142
SHA-256 | 40e1798aa051314d4df9335d5889b4b0cbb28ebebc46ab65c4e6225cd7e62e8b
Debian Security Advisory 5344-1
Posted Feb 8, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5344-1 - Helmut Grohne discovered a flaw in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. The backports of fixes for CVE-2022-3437 accidentally inverted important memory comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check handlers for gssapi, resulting in incorrect validation of message integrity codes.

tags | advisory
systems | linux, debian
advisories | CVE-2022-45142
SHA-256 | 7c5ace0a61c41b914bf85d0ce46cb1382133026bec34cdba70e3112755a5d2d6
Red Hat Security Advisory 2023-0637-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0637-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-38023
SHA-256 | c387661ce4a7c6a99cac0be604ebbc6fda803a9304391df10124845f83cf16d8
Red Hat Security Advisory 2023-0638-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0638-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-38023
SHA-256 | 2c9a2fc60c69082a8faf237219b746237d146a80090c5f2f72acaea5340d88f3
Red Hat Security Advisory 2023-0639-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0639-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-38023
SHA-256 | a57c6311df04803b7e781c7dd24bfc7b4949ab8f3fce30501e06ea567f345ac5
Red Hat Security Advisory 2023-0569-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0569-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-4235, CVE-2021-4238
SHA-256 | ba9a904a7a2a7ba3b35dd690ad11a741b017ba60a95cfbb6b3f744aac2ddb712
Red Hat Security Advisory 2023-0570-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0570-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-4235
SHA-256 | 85b01e72986f8895ce19fc2f415c043b95542043338e3a1e5deedb11e9cecac0
Ubuntu Security Notice USN-5845-2
Posted Feb 8, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5845-2 - USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-0215, CVE-2023-0286
SHA-256 | 67a3d1a9bc75eca956543ffdc9d3b1fdcdc888e804a0e86b65b6c5211c98fa7b
Red Hat Security Advisory 2023-0622-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0622-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2023-0494
SHA-256 | 28b21b02a4c24ced42136bef40c7daf07e756a3888e608f1f5b3b9a98b2da483
Red Hat Security Advisory 2023-0627-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0627-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | d1c78f399852540080aa090aa576f2525e75012047691ad8df73e3f05bbe920a
Red Hat Security Advisory 2023-0628-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0628-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 991961c149a2621ec132085f733a3ee77062eb5b7f41d156043563fd9512bcc6
Red Hat Security Advisory 2023-0623-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0623-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2023-0494
SHA-256 | 529d3ccdb53d8e0578959db01024b346f8d75406d28dd292758a05167217fae7
Red Hat Security Advisory 2023-0625-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0625-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-47629
SHA-256 | 2b24f2ef45f74b729531df82ce0fd188c424c2c435d8fdd0d26140b812fb4f69
Red Hat Security Advisory 2023-0624-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0624-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-47629
SHA-256 | 9d6bef2deb5f11b073fedfce9cd22d496b10a19981e8d4b6b570075937c4a23d
Red Hat Security Advisory 2023-0626-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0626-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-47629
SHA-256 | 85ef86c00041dc48f8cafda5dbb135f19f1ef3dd10e1caa2b63d3361c2551e95
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close