what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2024-10-02

CUPS Arbitrary Command Execution
Posted Oct 2, 2024
Authored by pearlmansara | Site github.com

Proof of concept remote command execution exploit for CUPS that leverages the vulnerability outlined in CVE-2024-47176.

tags | exploit, remote, proof of concept
advisories | CVE-2024-47176
SHA-256 | f82d269469017149bbd434de30b07d4526663090bd5e3ba7fda438e2b9fa9ee7
ALEOS 4.16 Denial Of Service
Posted Oct 2, 2024
Authored by 7h3w4lk3r | Site github.com

ALEOS versions 4.16 and below denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2023-40459
SHA-256 | 93e119b2d764c5aa22f0c54cf74c0369c5a4254019d26c982bb0de6d5d846df2
Suricata IDPE 7.0.7
Posted Oct 2, 2024
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 6 security fixes, 27 bug fixes, 2 optimizations, 2 features, 2 task, and 1 documentation updates.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2024-45795, CVE-2024-45796, CVE-2024-45797, CVE-2024-47187, CVE-2024-47188, CVE-2024-47522
SHA-256 | 26d0a36194d53080fc8b09b999b2b5a83c4049f40ad07ef6ae69c7225a728b86
Ubuntu Security Notice USN-7051-1
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7051-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | ce5df6d62802bddd9c18e1622465edf5bc09f0f6e0f1e2fdd958088e44de9de8
SeedDMS 6.0.28 Cross Site Scripting
Posted Oct 2, 2024
Authored by Marco Nappi

SeedDMS version 6.0.28 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-46409
SHA-256 | 75d46808d529b03da78981fcc0f2145d72906b8de2ab27a0228bbdeb84460b97
Ubuntu Security Notice USN-7047-1
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7047-1 - Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass certain validations. Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resulting in a domain hijacking attack.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-10190, CVE-2019-10191, CVE-2019-19331, CVE-2020-12667
SHA-256 | 3f46e8a516b0f9f0bbd8555823593253a66c38601d76fb92de6cea6c1ba692de
Ubuntu Security Notice USN-7050-1
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7050-1 - Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled generating multi-factor authentication codes. An attacker could possibly use this issue to generate valid multi-factor authentication codes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-43177, CVE-2024-8796
SHA-256 | 649e314e73310f27b5bbde6f947cee700c633ceec8e102f8afc658d05100d5f5
Microsoft Office NTLMv2 Disclosure
Posted Oct 2, 2024
Authored by Metin Yunus Kandemir

Microsoft Office 2019 MSO build 1808 (16.0.10411.20011) and Microsoft 365 MSO version 2403 build 16.0.17425.20176 suffer from an NTLMv2 hash disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2024-38200
SHA-256 | a515b741cb4fdee423e7ca948fc50654803bd1c926175eccc8866a749034e338
Ubuntu Security Notice USN-7043-2
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7043-2 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

tags | advisory, remote, arbitrary, local, protocol
systems | linux, ubuntu
advisories | CVE-2024-47176
SHA-256 | a09eaabe0ef1a2611294b49eb1f783c16957c290485e82b3cdd482bcfd685809
Ubuntu Security Notice USN-7049-1
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions.

tags | advisory, remote, cgi, php
systems | linux, ubuntu
advisories | CVE-2024-8925, CVE-2024-8927, CVE-2024-9026
SHA-256 | 14e6ccaf04bbc5174ed15834051334a5b30f6e99b3c0e67287922b0ab80244b4
Tourism Management System 1.0 Cross Site Scripting
Posted Oct 2, 2024
Authored by indoushka

Tourism Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c3e17922e2b266bb53516cda7f7564ad10b76a73051bd10448a3be4dfc1c45a4
TitanNit Web Control 2.01 / Atemio 7600 Code Injection
Posted Oct 2, 2024
Authored by indoushka

TitanNit Web Control 2.01 and Atemio 7600 suffer from a PHP code injection vulnerability.

tags | exploit, web, php
SHA-256 | ae322d271852c8f25de18f6d647d31c02a2bc3f366c6ee1f1c7d3ed36bff9c05
Teacher Subject Allocation Management System 1.0 Insecure Settings
Posted Oct 2, 2024
Authored by indoushka

Teacher Subject Allocation Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | f3361bf9186b472b9be8cbd6ae5f7d9d24dd48bb2c9b3fc4085a3f7ab2c6d9ac
Ubuntu Security Notice USN-6964-2
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6964-2 - USN-6964-1 fixed a vulnerability in ORC. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Noriko Totsuka discovered that ORC incorrectly handled certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-40897
SHA-256 | 2379cca9465cc096c3f11a0ee43e1be249d1c0ad024aecad3fd5165323bd6c1c
Task Management System 1.0 Code Injection
Posted Oct 2, 2024
Authored by indoushka

Task Management System version 1.0 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | 5cf8e15ce7499c6490e96ebc008271a147e725e19d95b6b79612ffe0933de18b
Ubuntu Security Notice USN-7022-2
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7022-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2021-47188, CVE-2022-48791, CVE-2024-26677, CVE-2024-26787, CVE-2024-27012, CVE-2024-42160
SHA-256 | 5e2869f9ed921d462e17d616b733317644fb32d561e9fc36d17f1dbc09c8865d
Supply Chain Management 1.0 Backup Disclosure
Posted Oct 2, 2024
Authored by indoushka

Supply Chain Management version 1.0 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | ede00ad1b8f81b125e0be45a893d89d85ad8a477424a3733200965b882b35e48
Event Management System 1.0 Insecure Direct Object Reference
Posted Oct 2, 2024
Authored by indoushka

Event Management System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | d2bb430c38acbee7a6fe6f3edb233221ef304d3aed80af6ed983ecec5bcc3d0a
Ubuntu Security Notice USN-7041-2
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7041-2 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-47175
SHA-256 | 00bb0d1161c328ea5fca70221a0d2f5a610de947f48d9998a0783ca4b84436f0
Ubuntu Security Notice USN-7003-5
Posted Oct 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7003-5 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52803, CVE-2024-36894, CVE-2024-36978, CVE-2024-38619, CVE-2024-39487, CVE-2024-39495, CVE-2024-39502, CVE-2024-39506, CVE-2024-39509, CVE-2024-40902, CVE-2024-40904, CVE-2024-40905, CVE-2024-40934, CVE-2024-40941
SHA-256 | e57d853b0390f83094b938450c8016f8fb2162c14c9c0b034d166c25cbb6646a
Student Attendance Management System 1.0 Insecure Settings
Posted Oct 2, 2024
Authored by indoushka

Student Attendance Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | 7e5ab7f730f50871718e3ec2d045bacaae8fc1f041e5ecbc52b83bfd78415851
Printing Business Records Management System 1.0 Cross Site Request Forgery
Posted Oct 2, 2024
Authored by indoushka

Printing Business Records Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 64c7b498f30407937f82c5a5d093175b8c0eb3b9248d740f693ab2cc8a761dc3
Online Eyewear Shop 1.0 Cross Site Request Forgery
Posted Oct 2, 2024
Authored by indoushka

Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 333f8e9acf88b716c8f705136df2cbeab5dd285f7a012a80e2b10300aef20534
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close