Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.
3e2115a5ac5563793a0f2c821d2286084e05076d87ec7793c02b372c65ca4475Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
beee684970842de8c540054542adaf530009a41ad15076dcfee818b1f25ea79dThe Call For Papers for nullcon Goa 2025 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 1st through the 2nd, 2025.
d943a5167bc531bab425de0702277f60eaf145d5ed299231ba952d4c51c62f6bUbuntu Security Notice 7028-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
7de5ce15aa6cad3ce493ec92fd8b9feaa278435231abe1f16c95487428745116Ubuntu Security Notice 7020-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f98c0e5a70256f65107c692a5ffbaaf185830877b966b18814d14c89fb57314eUbuntu Security Notice 7007-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
41bc59a99a084c9c65f05b5595c0193c9b8ba9e8e768f5e9e410d18762dd8014Gentoo Linux Security Advisory 202409-20 - Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. Versions greater than or equal to 8.7.1 are affected.
f394b76c205156192ead8c0293e0772f5056819abf8ec95aff9c332a2bf86573Gentoo Linux Security Advisory 202409-19 - A vulnerability has been found in Emacs and org-mode which could result in arbitrary code execution. Versions greater than or equal to 26.3-r19:26 are affected.
9575a688eb9e213c626695cd2690c2252477d90aa854884afb0f3862b7c45461Gentoo Linux Security Advisory 202409-18 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions greater than or equal to 3.25.0 are affected.
c78b83db1a7720e0ad364150e94e40fb64e2696c5de7f33727aa7204f7721b3fGentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.
ebb2bac7057a961878ccd319ba221e8792667cde32a65caba4fdf913bda602faGentoo Linux Security Advisory 202409-16 - Multiple vulnerabilities have been discovered in Slurm, the worst of which could result in privilege escalation or code execution. Versions less than or equal to 22.05.3 are affected.
ff2981e0c7957a84bb193ea5e001ca9c17d89f401368583d50099381b7412c6dGentoo Linux Security Advisory 202409-15 - Multiple vulnerabilities have been discovered in stb, the worst of which lead to a denial of service. Versions greater than or equal to 20240201 are affected.
094b5866ab07ff293c4fa7c04b4ecf062b1bc0a1fc131735bc7fcdfb2e045af0Debian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.
240177159ce0b76270aa0280d1ee5b1c3ee1ab29b2d1a466aa814c291e161d28Linux i915 suffers from an out-of-bounds PTE write in vm_fault_gtt() that leads to a PTE use-after-free vulnerability.
1823d9d4f6feebcd5eb07b8d171404b0ef201f506b2f82c58803bb51a4f92f10Gentoo Linux Security Advisory 202409-14 - Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service. Versions greater than or equal to 2.28.7 are affected.
c39110a508d640140269a45e62b4d73c71bf5d63d281f69666dd0e64f45aa664Gentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.
7bc85386edd9b978a19ae7e18d7b6e122bdd51c917e8a894f59215c2328567e5Registration and Login System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2e35be6bb3e35b83df484b398806d8bfeabf871143cdfbe23a59f0b553cfe4a3Ubuntu Security Notice 6992-2 - USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Seunghyun Lee discovered that Firefox contained a type confusion vulnerability when handling certain ArrayTypes. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
1a31056260cf5d6929e1518e2f1e7a41fcf2b1abd7a44adf996edaa600d232bfGentoo Linux Security Advisory 202409-12 - Multiple vulnerabilities have been discovered in pypy and pypy3, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 7.3.3_p37_p1-r1 are affected.
67a72a29541dfe1a339c4c120bfd5675850548ab51544d12bd451de53da4c45dGentoo Linux Security Advisory 202409-11 - Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which could lead to privilege escalation. Versions greater than or equal to 7.0.12 are affected.
a54a8cc736cdbb448591b5f38b0b1e063247df013ee9209b98329ee2c0643512SPIP BigUp version 4.3.1 suffers from a remote PHP code injection vulnerability.
96ef343134222af92ba1ed0f8190e233e165263a1824d6f93b058f803eb81603Gentoo Linux Security Advisory 202409-10 - Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.
8b158b4b14fabb37b107389483696ee806809c7a28b87657efca564110fdb8a3Gentoo Linux Security Advisory 202409-9 - A vulnerability has been discovered in Exo, which can lead to arbitrary code execution. Versions greater than or equal to 4.17.2 are affected.
712d5b1aa7545c51fe1bef12d8c237d73ae50f03edf1af67b3c8ca6e08f91339Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.
845e07a967854ba9249cd7ad779d329d4ab74df98fb814e200427249cb1a5191RecipePoint version 1.9 suffers from an ignored default credential vulnerability.
28a459c4f3d13646dcfba73db4bfab53df28525a4bad145470b4fe191697426a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed