what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2024-01-19

Apache Commons Text 1.9 Remote Code Execution
Posted Jan 19, 2024
Authored by Alvaro Munoz, Karthik UJ, Gaurav Jain | Site metasploit.com

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup keys interpolated by default, as opposed to what it should be, according to the documentation of the StringLookupFactory class. Those keys allow an attacker to execute arbitrary code via lookups primarily using the script key. In order to exploit the vulnerabilities, the following requirements must be met: Run a version of Apache Commons Text from version 1.5 to 1.9, use the StringSubstitutor interpolator, and the target should run JDK versions prior to 15.

tags | exploit, remote, arbitrary, vulnerability, code execution
advisories | CVE-2022-42889
SHA-256 | 3303e5c941051cbc6b4f8ddaa2c9912a8740038a8cc31a244e760936ff9694d8
Linux 5.6 io_uring Cred Refcount Overflow
Posted Jan 19, 2024
Authored by Jann Horn, Google Security Research

Linux versions 5.6 and above appear to suffer from a cred refcount overflow when handling approximately 39 gigabytes of memory usage via io_uring.

tags | exploit, overflow
systems | linux
SHA-256 | eb6cd67301b0a3753b8bd45f998819605fcd09521aac98683535cba1e70af180
Ubuntu Security Notice USN-6589-1
Posted Jan 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6589-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | 8518668a4badaa795ff43751102221732a1799bf651302c95ea7ee967ec088d0
Lepton CMS 7.0.0 Remote Code Execution
Posted Jan 19, 2024
Authored by tmrswrr

Lepton CMS version 7.0.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | e49b03d230a8b76fb8464dbbc5243150ad7d594058444b9ce7dc55ee672e6138
Red Hat Security Advisory 2024-0304-03
Posted Jan 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0304-03 - Updated images are now available for Red Hat Advanced Cluster Security 3.74. The updated images includes bug and security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-5868
SHA-256 | abba8fca96858cd7d244976eff1c9aca997ca70df2a3227599f6e7a74efa24cf
Red Hat Security Advisory 2024-0300-03
Posted Jan 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0300-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-43804
SHA-256 | 4412f703d959c59aa8a60d7a59b5e7a78dd01b8efcff48d6555296c3f35bf621
Red Hat Security Advisory 2024-0299-03
Posted Jan 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0299-03 - An update for python-requests is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-32681
SHA-256 | 9701ca8b572d6d25dfb6014a97a226ddccc462f28d27056943a62ff62a2e53fd
Red Hat Security Advisory 2024-0298-03
Posted Jan 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0298-03 - Red Hat Advanced Cluster Management for Kubernetes 2.9.2 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-49568
SHA-256 | 68d1ae256efb0cce89e808dc441cf435e32ad29a3117594ae14a932ac3609708
Red Hat Security Advisory 2024-0266-03
Posted Jan 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0266-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

tags | advisory, java, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-20918
SHA-256 | 869a73da8c9722ac48adce66f9a947eb24c4e16b9bc19da5b0295ecdc0019ced
Ubuntu Security Notice USN-6590-1
Posted Jan 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1311, CVE-2023-37536
SHA-256 | f40dc28e3c1750f24d759d3d0e4256073e4117e784f8a54448ad19d71f59eb02
Firefox 121 / Chrome 120 Denial Of Service
Posted Jan 19, 2024
Authored by Georgi Guninski

Firefox version 121 and Chrome version 120 may both suffer from a minor denial of service issue with file downloads.

tags | exploit, denial of service
SHA-256 | 87fff58ac306829b938551eaffd6ed12db00ff7e56118bf0e6a8e7d7cf6ed267
MiniWeb HTTP Server 0.8.1 Denial Of Service
Posted Jan 19, 2024
Authored by Fernando Mengali

MiniWeb HTTP Server version 0.8.1 remote denial of service exploit.

tags | exploit, remote, web, denial of service
SHA-256 | 248b2f630c31c5b087671d0e5ed5e860b24d7c946a245d40497623ce86f5a1ef
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close