what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 65 RSS Feed

Files Date: 2023-05-09

ManageEngine ADAudit Plus Remote Code Execution
Posted May 9, 2023
Authored by Erik Wynter, Moon | Site metasploit.com

This Metasploit module exploits security issues in ManageEngine ADAudit Plus versions prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrieve the configured domain(s) and obtain the build number of the target ADAudit Plus server. If the credentials are valid and the target is vulnerable, the module creates an alert profile that will be triggered for any failed login attempt to the configured domain. For versions prior to build 7004, the payload is directly inserted in the custom alert script component of the alert profile. For versions 7004 and 7005, the module leverages an arbitrary file write vulnerability (CVE-2021-42847) to create a Powershell script in the alert_scripts directory that contains the payload. The name of this script is then provided as the value for the custom alert script component of the alert profile. This module requires valid credentials for an account with the privileges to create alert scripts. It has been successfully tested against ManageEngine ADAudit Plus builds 7003 and 7005 running on Windows Server 2012 R2. Successful exploitation will result in remote code execution as the user running ManageEngine ADAudit Plus, which will typically be the local administrator.

tags | exploit, remote, arbitrary, local, code execution
systems | windows
advisories | CVE-2021-42847
SHA-256 | c657579ebd79808c3357c4b5e393fc900557895dc6dcc36170079d336c637eba
Spryker Commerce OS 1.0 SQL Injection
Posted May 9, 2023
Authored by David Brown | Site schutzwerk.com

An SQL injection vulnerability affecting Spryker-based webshops was discovered in the order history search form. It can be exploited by authenticated attackers in order to retrieve information from the database (e.g. customer and administrator login information, order details, etc.). Depending on the configuration of the webshop, access to the file system or even execution of arbitrary commands on the database management system is possible. Version 1.0 is affected.

tags | exploit, arbitrary, sql injection
advisories | CVE-2023-27568
SHA-256 | a765642ade6e4847582e5c9765c8dc2fd16938a137cd46e64cba98b16aa564a7
OX App Suite XSS / Information Disclosure / Authorization Bypass
Posted May 9, 2023
Authored by Martin Heiland

OX App Suite has patched for sensitive information disclosure, cross site scripting, improper access control, authorization bypass, and resource consumption vulnerabilities. Some of the issues affect OX App Suite frontend version 7.10.6-rev23 and some affect OX App Suite backend version 7.10.6-rev36.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2023-24597, CVE-2023-24598, CVE-2023-24599, CVE-2023-24600, CVE-2023-24601, CVE-2023-24602, CVE-2023-24603, CVE-2023-24604, CVE-2023-24605
SHA-256 | 155ec55f6da0ebb83ce88e1e80511fb3da026e9c6a7fd7336c4fe3969b7e009a
Suricata IDPE 6.0.12
Posted May 9, 2023
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: An optimization and feature added. 18 bug fixes. 1 security fix and a couple dozen bug fixes along with a feature and a task.
tags | tool, intrusion detection
systems | unix
SHA-256 | 04b23160935b03197b085c2ccc9d80875a33f115583054d1460ab0fb66d834b3
Qualcomm Adreno/KGSL Insecure Secure Buffers
Posted May 9, 2023
Authored by Jann Horn, Google Security Research

Qualcomm Adreno/KGSL suffers from an issue where secure buffers are addressable by all GPU users. Qualcomm believes this finding has no security impact and will not address it.

tags | exploit
SHA-256 | d9b987714309cbf4e6d06626329557ab19e9a3e5c17b45b14e62e612bd881e23
Ubuntu Security Notice USN-6062-1
Posted May 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6062-1 - It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-2004
SHA-256 | 8a4f9bffe3e8760c148ca8e334c51f41aec20bc5b600602075c7fcbe4e368e35
Red Hat Security Advisory 2023-2378-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2378-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-41946
SHA-256 | 88d3fade0f954547988f8fa9d28ea778a74ed8e5b57bd349b5649a2125535bcf
Red Hat Security Advisory 2023-2259-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2259-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-38784
SHA-256 | ee5484dc4d248c9ac2956f6329ac181de066b5c1c6628e8574cf5684c7a85d16
Red Hat Security Advisory 2023-2283-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2283-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-30629, CVE-2022-41717
SHA-256 | fa8f9c6f2f7b92c08e258e78b869ef4c909c8774f55e6f5d1beb9f002f6253fc
Red Hat Security Advisory 2023-2177-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2177-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664
SHA-256 | 845cc40c6be6aa98685a39d8a5ef2a2ca22f5fbaf4a8505110784b50c6e7c391
Red Hat Security Advisory 2023-2502-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2502-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a memory leak vulnerability.

tags | advisory, protocol, memory leak
systems | linux, redhat
advisories | CVE-2022-2928, CVE-2022-2929
SHA-256 | 4ae900c389010ce37f150156b7143cb116264368cfc06bc59b8a8b27602204e3
Red Hat Security Advisory 2023-2234-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2234-01 - The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-39377
SHA-256 | 01696b7cc14e7164b72839cad84a551cb3b9f45985439bb4fd9e22921f1442c0
Red Hat Security Advisory 2023-2626-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-2491
SHA-256 | 8e347e252bc4e31d4f8993ab4abd1a1c3adc3901f361d93686442f4682770896
Red Hat Security Advisory 2023-2204-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2204-01 - Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717
SHA-256 | 6ec169c1f0d0f724af4154a32732f4fc5c348e2a8ee3490c10a9bdc39ffc1378
Red Hat Security Advisory 2023-2148-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2148-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-26341, CVE-2021-33655, CVE-2022-1462, CVE-2022-1789, CVE-2022-1882, CVE-2022-20141, CVE-2022-21505, CVE-2022-2196, CVE-2022-2663, CVE-2022-28388, CVE-2022-3028, CVE-2022-33743, CVE-2022-3435, CVE-2022-3522
SHA-256 | 6bb9ce98c5ca5dc774537375166af3e798834e2da1f2c0b13a4afe3ba747e53e
Red Hat Security Advisory 2023-2458-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2458-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-26341, CVE-2021-33655, CVE-2022-1462, CVE-2022-1789, CVE-2022-1882, CVE-2022-20141, CVE-2022-21505, CVE-2022-2196, CVE-2022-2663, CVE-2022-28388, CVE-2022-3028, CVE-2022-33743, CVE-2022-3435, CVE-2022-3522
SHA-256 | b58a384a712b94d52e42ea512d4e07fd1f095c48a71c4ad8aa3f7089d090a83a
Red Hat Security Advisory 2023-2256-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-32886, CVE-2022-32888, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-42826, CVE-2022-42852, CVE-2022-42863, CVE-2022-42867, CVE-2022-46691, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699
SHA-256 | c78b6b040671645ff6447422206821720744b5b0c57d3fee6c3de3b6593dcdbb
Red Hat Security Advisory 2023-2367-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2367-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-30629, CVE-2022-41717
SHA-256 | 47d08e3e04595cc78315ddd8ea8cfc4ded44f62cb5398d848ac7e69aa1ac0824
Red Hat Security Advisory 2023-2370-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2370-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-3204
SHA-256 | aaaa571e1e499719f20a34ab9fc9ca6db9dfe0d4d513c6c85789aa933af5b97b
Red Hat Security Advisory 2023-2165-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2165-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-38578, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 066a0b8b887b807496ca5e4cab3ba9a903e29113186a10b4fa2c79670fcb6c9c
Red Hat Security Advisory 2023-2366-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2366-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-45939
SHA-256 | b23fd10dffc3617f6dc38158123f6e78945de406798a1b1089436d761abe6e28
Red Hat Security Advisory 2023-2258-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2258-01 - Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2022-40023
SHA-256 | 8a1932a0ad8967405027de8ff827b78f50db08251dc5455cd924c86221a810f2
Red Hat Security Advisory 2023-2621-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2621-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-21594, CVE-2022-21599, CVE-2022-21604, CVE-2022-21608, CVE-2022-21611, CVE-2022-21617, CVE-2022-21625, CVE-2022-21632, CVE-2022-21633, CVE-2022-21637, CVE-2022-21640, CVE-2022-39400, CVE-2022-39408, CVE-2022-39410
SHA-256 | 853970a37c76e53298b1d74d95f2a7f12094ba1681688151b3d9c3d8d13fd2b7
Red Hat Security Advisory 2023-2260-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2260-01 - GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122
SHA-256 | e9ee9e0d3387bf6c64581b5f6b650acff2077673b786cb5376c2f4dc863e5546
Red Hat Security Advisory 2023-2293-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2293-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2393
SHA-256 | 56225dee65997d6a4e5cb5635af5645aa88c29a1691c7802d72a03842bbb2352
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close