what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 493 RSS Feed

Files Date: 2024-05-01 to 2024-05-31

Aquatronica Control System 5.1.6 Password Disclosure
Posted May 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords. This can lead to unauthorized access and control over the aquarium controller, compromising its security and potentially allowing attackers to manipulate its settings.

tags | exploit, remote, php, tcp
SHA-256 | 156dd012b72f45fad1f98bb1e1e9d6db89c8dfc2181bfdb205566cd6e184f365
Progress Flowmon 12.3.5 Local sudo Privilege Escalation
Posted May 30, 2024
Authored by Dave Yesland | Site metasploit.com

This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it can be used to elevate privileges to root. Progress Flowmon up to at least version 12.3.5 is vulnerable.

tags | exploit, root, php
SHA-256 | 4d7c5d9c8f90f2082d79d0b216623a4757503aa44c96d6dd6a02243cececec08
Falco 0.38.0
Posted May 30, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 3 breaking changes, 14 major changes, 13 minor changes, 8 bug fixes, and 5 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 9e5759e0d9d047326efdff5085c60e099c504e9bdbb0c1540ffd77ceb2e82e91
Debian Security Advisory 5700-1
Posted May 30, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5700-1 - An SQL injection was discovered in pymysql, a pure Python MySQL driver.

tags | advisory, sql injection, python
systems | linux, debian
advisories | CVE-2024-36039
SHA-256 | 9327b88d4263400201612dd920f846d1a80857a43d9803b4e3a6335b15e6b885
Akaunting 3.1.8 Client-Side Template Injection
Posted May 30, 2024
Authored by tmrswrr

Akaunting version 3.1.8 suffers from a client-side template injection vulnerability.

tags | exploit
SHA-256 | 6491bd0abf8f5259e515a3521918faa0c048b25866f715b84bb84d8ae1c92170
Akaunting 3.1.8 Server-Side Template Injection
Posted May 30, 2024
Authored by tmrswrr

Akaunting version 3.1.8 suffers from a server-side template injection vulnerability.

tags | exploit
SHA-256 | a378ee9c1785e1e7d1980af6982f2f8c7d5e2cc4af0975a15adbb1c3dbea4c6e
Ubuntu Security Notice USN-6798-1
Posted May 30, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6798-1 - It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-4453
SHA-256 | 4acac72a3dfe0373fc6b22e1840f610eab5b9380f0c2cfc854223027ec48278c
ORing IAP-420 2.01e Cross Site Scripting / Command Injection
Posted May 30, 2024
Authored by T. Weber | Site cyberdanube.com

ORing IAP-420 version 2.01e suffers from remote command injection and persistent cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss
advisories | CVE-2024-5410, CVE-2024-5411
SHA-256 | 28abb60f6782915fe5d445adb98b15cb9953faaf9cc843956f9c44bd40922a89
Ubuntu Security Notice USN-6796-1
Posted May 30, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6796-1 - Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. Jurgen Repp and Andreas Fuchs discovered that TPM2 Software Stack did not validate the quote data after deserialization. An attacker could generate an arbitrary quote and cause TPM2 Software Stack to have unknown behavior.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-22745, CVE-2024-29040
SHA-256 | dcfbc23cf3c552a9a4744b58987227f1e79944f37c015bfecba48473b02cb673
Ubuntu Security Notice USN-6799-1
Posted May 30, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6799-1 - It was discovered that the debugger in Werkzeug was not restricted to trusted hosts. A remote attacker could possibly use this issue to execute code on the host under certain circumstances.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2024-34069
SHA-256 | 6253fe97a3f9aa6695dda53da23eeb3620f1cfe1f93ea17380c239efc3fce21b
Red Hat Security Advisory 2024-3486-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3486-03 - An update for gdisk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-0256
SHA-256 | 5071fe072a035f7e1282d477062951ba1027ea5414bd56ad01a44f38f23c5c06
Red Hat Security Advisory 2024-3483-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3483-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-29483
SHA-256 | ae8fcbd3385455e57b8a2c6e880bbfcb883ee85387c5d4bfbf01b75fe0432e1e
Red Hat Security Advisory 2024-3479-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3479-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 for RHEL 8.4. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-37788
SHA-256 | 45b15e08ee6f9162e0436ff10e444d356fa774f64b913ea9d301680c31f73eeb
Red Hat Security Advisory 2024-3475-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3475-03 - An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-31989
SHA-256 | 269525e4c3a50bc76e8c1076b9607d481198ce32c310dc7dbe3f3890ea244784
Red Hat Security Advisory 2024-3473-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3473-03 - Red Hat OpenShift Virtualization release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-45857
SHA-256 | f13305d5d89807a97398a59ca6965e520ea320b5e1b9bfe82ad3f1e9983f9b0d
Red Hat Security Advisory 2024-3472-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3472-03 - An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-27983
SHA-256 | efee70da78a9658e0e9f37e842cc17d3110d37b3d14e68617ac3a5a1ee7c0187
Red Hat Security Advisory 2024-3467-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3467-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.1 on Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39318
SHA-256 | e9cee77eb5e84d1ebda562c86a74fcdee76f777941f932eaef8175320f8e5abe
Red Hat Security Advisory 2024-3466-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3466-03 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-6597
SHA-256 | 1dc104ec4a1d9d073ddad0e16e92fe1219ab88b770bca4ab0dcb3e9c13b43386
Red Hat Security Advisory 2024-3351-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3351-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28180
SHA-256 | 4f25494f5f1e498f94aec265d3ed60092dbe47440e73a76108dfa9b952855f47
Red Hat Security Advisory 2024-3331-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3331-03 - Red Hat OpenShift Container Platform release 4.14.27 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 03d93a3c9b85c62831ca12e31990c8783f9b1c3425f6b0d4eb243e44d23aa923
Red Hat Security Advisory 2024-3327-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3327-03 - Red Hat OpenShift Container Platform release 4.15.15 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-45288
SHA-256 | 77917c31c0c47e4bfe377b617d5beb180f4ed59a67ba72d9ead5c6c0c87247df
Red Hat Security Advisory 2024-2728-03
Posted May 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2728-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 for RHEL 9.2. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39326
SHA-256 | 0fa656c0793cc98c9ba36d6078d1fad3667742c198c002307eab44e39b9c39ff
Flowmon Unauthenticated Command Injection
Posted May 29, 2024
Authored by Dave Yesland | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02.

tags | exploit
advisories | CVE-2024-2389
SHA-256 | f262ccf117a7326996b9db1324d65098a3eea5a5882162d9f1ec432434054948
Ubuntu Security Notice USN-6797-1
Posted May 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6797-1 - It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. It was discovered that some Intel® Atom® Processors did not properly clear register state when performing various operations. A local attacker could use this to obtain sensitive information via a transient execution attack. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2023-22655, CVE-2023-28746, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490, CVE-2023-45733, CVE-2023-46103, CVE-2023-47855
SHA-256 | 1ae00687dcd8bf9e9f41102f5446e293b7f0e18dbc2d69d9941f2b35474397b5
Ubuntu Security Notice USN-6787-1
Posted May 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6787-1 - It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting attack.

tags | advisory, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2024-34064
SHA-256 | 5fb19612eaef3e824fef107b74a6791c85cf91717d71f96ab90d4a98e0def10e
Page 1 of 20
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close