Showing 1 - 5 of 5

Files Date: 2023-08-17

Greenshot 1.3.274 Deserialization / Command Execution: Posted Aug 17, 2023; Authored by bwatters-r7, p4r4bellum | Site metasploit.com; There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user.; tags | exploit; advisories | CVE-2023-34634; SHA-256 | 417583375a798246fd4576d2e33b79c589cc0fa3d06430926abf50d5142f368a; Download | Favorite | View

Maltrail 0.53 Unauthenticated Command Injection: Posted Aug 17, 2023; Authored by Ege Balci, Chris Wild | Site metasploit.com; Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54 suffer from a command injection vulnerability. The subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the params.get("username") parameter. An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication. Successfully tested against Maltrail versions 0.52 and 0.53.; tags | exploit, web, arbitrary; SHA-256 | f42530359a3ac22211393c29f331afc963e4710bc19c82c302c697b368291bbc; Download | Favorite | View

Ubuntu Security Notice USN-6296-1: Posted Aug 17, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6296-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. It was discovered that PostgreSQL incorrectly handled the MERGE command. A remote attacker could possibly use this issue to bypass certain UPDATE and SELECT policies. This issue only affected Ubuntu 23.04.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-39417, CVE-2023-39418; SHA-256 | d61a8bea7f7e574c96086c8debf6f8fa1d35ce1c1e01e40a1d8c29820098519a; Download | Favorite | View

Ubuntu Security Notice USN-6295-1: Posted Aug 17, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2022-2989; SHA-256 | fbbfd72643a4ddd98760d7a9979655657af0be9dd121affc6e0ec74ba8b1aa1e; Download | Favorite | View

Debian Security Advisory 5478-1: Posted Aug 17, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.; tags | advisory, java, denial of service, vulnerability, info disclosure; systems | linux, debian; advisories | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049; SHA-256 | 1abbda9face35cc55de373d200a91797c0b8a6083da1289cd62ef92eff8eca01; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days