Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.
36e1c6ff0f104cd3b9632850a092a8a5455e29cb191ef477cb08e06cd0f97920Ubuntu Security Notice 5501-1 - It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information.
4226740ffbdef1621e074a3b90f2515414d0c57aaa3e50985b920fb14506e04cUbuntu Security Notice 5500-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Lin Ma discovered that the NFC Controller Interface implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
26f8b5d9a0364dbb795cb33f990b3fec7f85de6777150062853968f2a27f1eb2Ubuntu Security Notice 5493-2 - It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
c8f525108fa7be13c257cf7500504a9d9cd5bc3541289a85c422b676e908bc56Ubuntu Security Notice 5485-2 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.
06d422dc8a4dfc17f18d1b50b015d7dc501edc86fbfb85076e004602dbe8d1beGlobal Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
0c246a23964f65220f171fb5fb32f9599d9fd5c6b1251bd8b3a4e7869fb3669fThis script is a great tool for pentesters needing to create reverse shells using either bash or netcat.
6fa1de2937ad42cc30d32f1a0d8144e64791a2c154a8baa4dad7d30634eb9f38Lockbit ransomware version 3.0 apparently now requires a password to execute as noted by "@vxunderground", but does not properly check bounds for both the -pass and -k arguments. Supplying a long string of characters for either flag will trigger a unicode stack buffer overflow overwriting the ECX register and structured exception handler (SEH).
06a133f3bc4006162df18df2401be464873b516bcdfcc7cac2c75f2ef63c8d53DouPHP version 1.2 Release 20141027 suffers from a remote SQL injection vulnerability.
711a671a5c76dc94743337c512da436c6a81463a866d1a7ca0ea20942e51957cPaymoney version 3.3 suffers from a cross site scripting vulnerability.
5cc7c6a3d00e691e2a81d9cf0db8ad5e6b88fc993d898fd9d54b3c0511bcc5e3Stock Management System 2020 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d6c52659dd4d4a38c172dce61ef92e867b79231a4489a981a9b96b56bbe47c9b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed