what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2024-10-30

Debian Security Advisory 5800-1
Posted Oct 30, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2024-9632
SHA-256 | 7de4b646e251e2d19beaff13447bea9203d84dff1252032449a7a84e3fe4b164
Ubuntu Security Notice USN-7085-1
Posted Oct 30, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-9632
SHA-256 | bbf083f3d2d1406b17c352954c3eb9443be7fb0019d52c848f3b9d5be201e1e4
Ubuntu Security Notice USN-7084-1
Posted Oct 30, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7084-1 - It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2024-37891
SHA-256 | 29ff94c3d9e8abedc1bc6ca7386296e337966fbed2dbee657de8625b278ef2ef
WordPress WP-Automatic SQL Injection
Posted Oct 30, 2024
Authored by Valentin Lobstein, Rafie Muhammad | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

tags | exploit, remote, arbitrary, code execution, sql injection
advisories | CVE-2024-27956
SHA-256 | ee57dce5428a24a7b498257e3bc5ee22dadff0bd6e92b4746a779384b38532cb
ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication, attackers can gain unauthorized insights into valid usernames.

tags | exploit, php
SHA-256 | 876239c6ba18bd17cf52cea349bc4116a278ec0160c9a365202602eb0c5d0e08
ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized information disclosure in the jsonProxy.php endpoint. An unauthenticated attacker can retrieve sensitive system information, including system time, uptime, memory usage, and network load statistics. The jsonProxy.php endpoint proxies these requests to internal services without requiring authentication, allowing attackers to obtain detailed system status data, which could aid in further attacks by revealing operational characteristics and resource utilization.

tags | exploit, php, info disclosure
SHA-256 | 54ba1ca2869094716720e73937f51fe840979ccab5472dbfb97b23f87b366ff1
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized SSH service configuration changes via the jsonProxy.php endpoint. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php script proxies requests to localhost without enforcing authentication, allowing attackers to modify SSH settings and potentially gain further unauthorized access to the system.

tags | exploit, php
SHA-256 | 3e98b4b396141e37a68a75be90c6aec7e9ecbd76dd24b82d33c08641bd3c4863
ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to localhost without requiring authentication, enabling attackers to disrupt system availability by repeatedly triggering server restarts.

tags | exploit, java, denial of service, php
SHA-256 | bcacda1a1bffa6ee6d70a54beaff09b511b2a7ae2d1b536e862440ab2a2c5dd7
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying requests to localhost (AspectFT Automation Application Server), granting remote attackers unauthorized access to internal Java servlets. This exposes potentially sensitive project data and configuration details without requiring authentication.

tags | exploit, java, remote, php
SHA-256 | daeb2790f0aa17137e230e9743c822114097df90c546bcf21d4fe680c859fd52
ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple java servlets without authorization, potentially exposing sensitive system functions and information.

tags | exploit, java, remote, arbitrary, php
SHA-256 | a08a2149099c34ec40fd07e93366c624394f11cf20f4846541af94c2dc635080
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to disclose credentials in plain-text.

tags | exploit
SHA-256 | e32550b0bd6a59d7a54347d6baf48647e2265dd21c439c982e1c9264a16942cb
ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting
Posted Oct 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameters query and application is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, xss
SHA-256 | a0ecb721f44718ac0888eed9bd376599009ff218720ee24ca8060a52f93a3ef9
Red Hat Security Advisory 2024-8617-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8617-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2021-47383
SHA-256 | e5a4066563c2f840bbcc60ffb9224876640a9a68b520e13044d7d7a14606eb5e
Red Hat Security Advisory 2024-8616-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8616-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-48773
SHA-256 | 691be1a1db06df157ae0cf32b6ee2ebd69606477506089158d9a64c472c28818
Red Hat Security Advisory 2024-8614-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8614-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-47384
SHA-256 | 484351ee2477bf9e52586c3165461737117803069fe452f47b89617b3a802cf5
Red Hat Security Advisory 2024-8613-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8613-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-47384
SHA-256 | 27c9fe72758b99357de54c01de159e5227c6921e57c6e54b7612b81015a9fbcb
Red Hat Security Advisory 2024-8577-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8577-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-3596
SHA-256 | ba836b1f571a1be6f6f04ac01d04cea90f4977aa956a8d82ae932118455fe944
Red Hat Security Advisory 2024-8572-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8572-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-38286
SHA-256 | ea233c07171cf7dad56f848e06e358f9ff79980a270356c7f270a1b7086e0547
Red Hat Security Advisory 2024-8567-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8567-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-38286
SHA-256 | c8fb17ade725edde397023c4277b397c0a90874a0cb27a0041a35d0db02f8791
Red Hat Security Advisory 2024-8563-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8563-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-9675
SHA-256 | 6218ceead2a862abfe6f14caf64689d8fe561ef58acda507479d3de43198f670
Red Hat Security Advisory 2024-8546-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8546-03 - Red Hat Advanced Cluster Management for Kubernetes 2.9.5 General Availability release images, which fix bugs and update container images.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-42459
SHA-256 | 8fff60dfb64638ac683b6a4c794eb8f9024ddcc0a6e13c89bcf6c5df78e64d97
Red Hat Security Advisory 2024-8543-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8543-03 - An update for the pki-core:10.6 and pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-38286
SHA-256 | eac8a8c1caab3ca9ae4c9096331124f3d3870b249494632d4f6b39460ccf41f9
Red Hat Security Advisory 2024-8534-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8534-03 - An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2024-10033
SHA-256 | 65bfbdf47b7b3ef0832fde85370b1282cfbfe60dc0ce626eb629b080616d5d4f
Red Hat Security Advisory 2024-8533-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8533-03 - Multicluster Engine for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-42459
SHA-256 | 575a74d3bcaac7ab6c39b707168000ca9439851ec33d7ff240d70578cb2f27fd
Red Hat Security Advisory 2024-8528-03
Posted Oct 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8528-03 - An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-38286
SHA-256 | 2fb744c63c3d969ba1a284da9fc98e527ab28bd6d87c57979e6d8b44a03a4e2e
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close