exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 10,201 RSS Feed

Web Files

Ubuntu Security Notice USN-7126-1
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7126-1 - It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
SHA-256 | cdd94a4f3569687a23d5f90580cbb143f94576b6385e0c33dfac46abdac253a6
Ubuntu Security Notice USN-7127-1
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7127-1 - It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
SHA-256 | 8eab9b3c18eec9367e7c8330678731ff248eafd1a6652553de40ab2d374e7f6e
Ubuntu Security Notice USN-6988-2
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6988-2 - USN-6988-1 fixedCVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Ben Kallus discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2024-41671
SHA-256 | 9f6c4ac3ae0181ed5637fe932441a9acc8aa722c23b40f44fc27316ef8f338d3
Red Hat Security Advisory 2024-10208-03
Posted Nov 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-10208-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and server-side request forgery vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-7238
SHA-256 | 1be50ed3f0a1d5e14687d762fbbe47df06e17f66fd138daa3f501a9c0ccab181
Ubuntu Security Notice USN-7015-6
Posted Nov 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088
SHA-256 | 667ae966414c566b7ba032fe92060c7e3cfb42504b259cece2ff73a5eb36f7f3
Apple Web Content Filter Bypass
Posted Nov 22, 2024
Site nosebeard.co

Nosebeard Labs has identified a critical vulnerability in the Apple system wide web content filter that allows a full bypass of content restrictions. This vulnerability, which occurs specifically when Screen Time content filtering settings are enabled, permits users or attackers to access restricted websites in Safari without detection. The timeline in this advisory is probably the most interesting thing to note. It shows a Fortune 10 ignoring a concern for years until a news article gets written, and that is truly disappointing. Do better Tim.

tags | advisory, web
systems | apple
advisories | CVE-2024-44206
SHA-256 | dac23cf7b975a01eefba7d69a286e43f5f4af5b56cf17d643a27e418ee7e60ed
Red Hat Security Advisory 2024-9576-03
Posted Nov 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9576-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 23958c45faf18d097345e690bbd77323923f3d7ef42f4c6aa4c761749813cf87
Red Hat Security Advisory 2024-9570-03
Posted Nov 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9570-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | c008f4c460101efbfd23172fa0bc55e1768e488f3af8e747150dd5134e118c14
Ubuntu Security Notice USN-7015-5
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088
SHA-256 | 08f60811c86141139bb27d0271c6dc8fb3d71d45f06454f487eabe3442ba3aa1
Ubuntu Security Notice USN-7104-1
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7104-1 - It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2024-9681
SHA-256 | 0f628650750691a59648b4a0228da093ce429c68aa5c949edc1146e5a110c9b2
Ubuntu Security Notice USN-7113-1
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2024-44244
SHA-256 | dd5f06682ca93a1fe2093e0af57570ec9766114fd67a9256775ecb3b152853a5
Red Hat Security Advisory 2024-9654-03
Posted Nov 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9654-03 - An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 14a8714878a1421638c275067af274c146cde9a20961b22b0ac264e25c73719e
Ubuntu Security Notice USN-7111-1
Posted Nov 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7111-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24536, CVE-2023-39323, CVE-2023-45288, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24789, CVE-2024-24791, CVE-2024-34155, CVE-2024-34156, CVE-2024-34158
SHA-256 | 8309e2cc82bec72641de9766c00b5b04be56b3f96d79c53bdc77264e677a87a9
TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write
Posted Nov 14, 2024
Authored by Filip Palian

TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application.

tags | exploit, web, asp
SHA-256 | 87daef249524395b391c7767b295ddf96c40db5d4fbd376c76c034cc5844d043
Ubuntu Security Notice USN-7109-1
Posted Nov 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24531, CVE-2023-24536, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39323, CVE-2023-39325, CVE-2023-45288, CVE-2023-45290
SHA-256 | 58c0bd17f1c8113660d80deb0928ae6b2fe30fb7373a788126eaeb55879ba80a
Red Hat Security Advisory 2024-9573-03
Posted Nov 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9573-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | a411110e03659ac41bbb02463e2b8c2f48e5af59d5009027810e4a45ead01796
Red Hat Security Advisory 2024-9572-03
Posted Nov 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9572-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 9f46c86dcc6ada4d635320c26267780c043507a83e6d6372534e320a3b2f9938
Red Hat Security Advisory 2024-9566-03
Posted Nov 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9566-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 1633b88577866c6c09e75bf0d0c57680a523acd883fe580880dcbd9ee578402d
Red Hat Security Advisory 2024-9559-03
Posted Nov 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9559-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 5e91b95ec1e29f865f463dce837f8aa4122489bc99dd2b0d277dad092bd3790f
Red Hat Security Advisory 2024-9525-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9525-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | ab903037a6b97cb0363e655ad1e47d609650108489b69b881587fdedab97ff76
Red Hat Security Advisory 2024-9524-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9524-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 61ad8fd12a8476f96bfc3a6414f20fd9fbdcaf9eb70d721b5b89b5c32b3436a7
Red Hat Security Advisory 2024-9501-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9501-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2024-52530
SHA-256 | 704a72590fb25993a12f3032f36b7df590e0a78f8e66fd0644992050125ecb38
Red Hat Security Advisory 2024-9306-03
Posted Nov 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9306-03 - An update for httpd is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP response splitting vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-38709
SHA-256 | da861725e4de66c134975faab6f764159682f498b51f01bcb20e783c545eb285
Debian Security Advisory 5805-1
Posted Nov 9, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5805-1 - It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation.

tags | advisory, web
systems | linux, debian
SHA-256 | d7113826f5a012f88420ff55af1ebd35c79c1c1fc958896fbdf57676776927d6
Debian Security Advisory 5804-1
Posted Nov 8, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2024-44244, CVE-2024-44296
SHA-256 | 09f18ef696e1eb6325c7311ab9bc19d836da6ca05df20f1f98f6de0e2e800b67
Page 1 of 409
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close