what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2024-02-22 to 2024-02-23

The KeyTrap Denial-of-Service Algorithmic Complexity Attacks On DNS
Posted Feb 22, 2024
Authored by Niklas Vogel, Haya Schulmann, Michael Waidner, Elias Heftrig | Site athene-center.de

In this paper, the authors show that the design of DNSSEC is flawed. Exploiting vulnerable recommendations in the DNSSEC standards, they developed a new class of DNSSEC-based algorithmic complexity attacks on DNS, they dubbed KeyTrap attacks. All popular DNS implementations and services are vulnerable. With just a single DNS packet, the KeyTrap attacks lead to a 2.000.000x spike in CPU instruction count in vulnerable DNS resolvers, stalling some for as long as 16 hours. This devastating effect prompted major DNS vendors to refer to KeyTrap as "the worst attack on DNS ever discovered". Exploiting KeyTrap, an attacker could effectively disable Internet access in any system utilizing a DNSSEC-validating resolver.

tags | paper, encryption
SHA-256 | 4c1743e665520f276be83b47e7a1ae86496ca84f1935e9197aa5b5736fc57eb4
Debian Security Advisory 5627-1
Posted Feb 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5627-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
SHA-256 | fecc020dcddb2184341c57558aa3f486e8ee301dd59c165be89472e03edd082b
Gentoo Linux Security Advisory 202402-29
Posted Feb 22, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-29 - Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. Versions greater than or equal to 7.5.9.2 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-6185, CVE-2023-6186
SHA-256 | dd6e66d7eafddfab7d5156af7a48ea9c2e0fe469f1184c2f3d3a13a501c9039a
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
Posted Feb 22, 2024
Authored by Spencer McIntyre, jheysel-r7, sfewer-r7 | Site metasploit.com

There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. The vulnerable endpoint is the quick.cgi component, exposed by the device's web based administration feature. The quick.cgi component is present in an uninitialized QNAP NAS device. This component is intended to be used during either manual or cloud based provisioning of a QNAP NAS device. Once a device has been successfully initialized, the quick.cgi component is disabled on the system. An attacker with network access to an uninitialized QNAP NAS device may perform unauthenticated command injection, allowing the attacker to execute arbitrary commands on the device.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2023-47218
SHA-256 | 512c538bc485b9095fb0fb14daba0e91a985496262d3017dc3aaf05f8005e9ad
Ubuntu Security Notice USN-6649-1
Posted Feb 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6649-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-1546, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1554, CVE-2024-1555, CVE-2024-1556, CVE-2024-1557
SHA-256 | 915d1dd9c871ef5fa18727920f32a507f24302608c703c4e810bc2c237c6b315
CMS Made Simple 2.2.19 Server-Side Template Injection
Posted Feb 22, 2024
Authored by tmrswrr

CMS Made Simple version 2.2.19 suffers from a server-side template injection vulnerability.

tags | exploit
SHA-256 | 678bb66608e7b41c5cd05528ea7219cf35638614441463568f81ba0d9dab3df4
CMS Made Simple 2.2.19 Cross Site Scripting
Posted Feb 22, 2024
Authored by tmrswrr

CMS Made Simple version 2.2.19 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aaabe1d02e7411b3fdb5bd9220f8bd34a7c9e15203321299cabd15dca9372cde
Ubuntu Security Notice USN-6648-1
Posted Feb 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6648-1 - It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-51781, CVE-2023-6915, CVE-2024-0565, CVE-2024-0646
SHA-256 | 74220a0b0c8b546e1843028c546fb7b9f332ab5279db8baa8ddaf07d3915746e
CMS Made Simple 2.2.19 / 2.2.21 Remote Code Execution
Posted Feb 22, 2024
Authored by tmrswrr

CMS Made Simple versions 2.2.19 and 2.2.21 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 1fba8dc39f6eab628cec63c1efe79d88f846728e2cc5c0253884d3ade1777638
SitePad 1.8.2 Cross Site Scripting
Posted Feb 22, 2024
Authored by tmrswrr

SitePad version 1.8.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 48e6c1331a13411ebde677abf495089e3693574074e2831d427d7943a6dded2a
Dotclear 2.29 Cross Site Scripting
Posted Feb 22, 2024
Authored by tmrswrr

Dotclear version 2.29 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 48697a04e731c5ea3f3bb5bbf9027809e1f2b25c54b903adb00f897d6247d1e6
Red Hat Security Advisory 2024-0937-03
Posted Feb 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0937-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-6546
SHA-256 | 53876467f9ebca4e456042e6c4c0da9077be705693c4f66d286ed5227191e05f
Red Hat Security Advisory 2024-0934-03
Posted Feb 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0934-03 - An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2024-0822
SHA-256 | 82f813d2c5260af55329640b24210beacb0a418fd53acfeabcd781b5a646c380
Red Hat Security Advisory 2024-0853-03
Posted Feb 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0853-03 - Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-26159
SHA-256 | 83d3e13a79ac7d00bf72ee5d0fcb0eaea63e6e35d0ed933647b0c96a58562b38
FreeIPA 4.10.1 Denial Of Service / Information Disclosure
Posted Feb 22, 2024
Authored by Robb Gatica

FreeIPA version 4.10.1 has an issue where specially crafted HTTP requests potentially lead to denial of service or data exposure.

tags | exploit, web, denial of service, info disclosure
advisories | CVE-2024-1481
SHA-256 | ed1964cddf58cd1a3b007267cb1f6a3b11008a5d76ebdb87f9a639382cd73688
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close