site Internet:Tempête de sacteneur
PacketStormexploitthepossibilitiesRegister|LoginFilesTempête de sacNewsUsersAuthorsHomeFilesNews&[SERVICES_TAB]AboutContactAddNewCriticalVulnerabilitiesInEximThreatenOver250kEmailServersWorldwideEuroTelecomStandardsInstituteDisclosesDataBreachRecentlyPatchedTeamCityVulnExploitedToHackServersMassExploitationAttemptsainstWS_FTPHeBegunRecentFilesAllExploitsAdvisoriesToolsWhitepapersOtherPacketStormNewExploitsForSeptember,2023PostedOct2,2023AuthoredbyToddJ.|Sitepacketstormsecurity.comThisarchivecontainsallofthe122exploitsaddedtoPacketStorminSeptember,2023.ts|exploitDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitterPre-AuthMPFSImeRemoteCodeExecutionPostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkElectrolinkFM/DAB/TVTransmitterallowsaccesstoanunprotectedendpointthatallowsanMPFSFileSystembinaryimeuploadwithoutauthentication.TheMPFS2filesystemmoduleprovidesalight-weightread-onlyfilesystemthatcanbestoredinexternalEEPROM,externalserialFlash,orinternalFlashprogrammemory.Thisfilesystemservesasthebasisforthewebservermodule,butisalsousedbytheSNMPmoduleandisailabletootherapplicationsthatrequirebasicread-onlystorecapabilities.Thiscanbeexploitedtooverwritetheflashprogrammemorythatholdsthewebserver39;smaininterfacesandexecutearbitrarycode.ts|exploit,web,arbitraryDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitterUnauthenticatedRemoteDenialOfServicePostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkElectrolinkFM/DAB/TVTransmitterfromadenialofservicescenario.AnunauthenticatedattackercanresettheboardaswellasstopthetransmitteroperationsbysendingoneGETrequesttothecommand.cgigateway.ts|exploit,denialofservice,cgiDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitterSuperAdminHiddenFunctionalityPostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkElectrolinkFM/DAB/TVTransmitterallowsanunauthenticatedattackertobypassauthenticationandmodifytheCookietorevealhiddenpesthatallowsmorecriticaloperationstothetransmitter.ts|exploitDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitterVerticalPrivilegeEscalationPostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkElectrolinkFM/DAB/TVTransmittersuffersfromaprivilegeescalationvulnerability.AnattackercanescalatehisprivilegesbypoisoningtheCookiefromGUESTtoADMINtoeffectivelybecomeAdministratororpoisoningtoZSLtobecomeSuperAdministrator.ts|exploitDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitterRemoteAuthenticationRemovalPostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkElectrolinkFM/DAB/TVTransmittersuffersfromanunauthenticatedparametermanipulationthatallowsanattackertosetthecredentialstoblankgivingheraccesstotheadminpanel.Itisalsovulnerabletoaccounttakeoverandarbitrarypasswordchange.ts|exploit,arbitraryDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitter(LoginCookie)AuthenticationBypassPostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkElectrolinkFM/DAB/TVTransmittersuffersfromanauthenticationbypassvulnerabilityaffectingtheLoginCookie.AnattackercansetanarbitraryvalueexceptNOtotheLoginCookieandhefullsystemaccess.ts|exploit,arbitrary,bypassDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitter(controlloLogin.js)CredentialDisclosurePostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkElectrolinkFM/DAB/TVTransmittersuffersfromadisclosureofclear-textcredentialsincontrolloLogin.jsthatcanallowsecuritybypassandsystemaccess.ts|exploitDownload|Forite|ViewElectrolinkFM/DAB/TVTransmitter(login.htm/mail.htm)CredentialDisclosurePostedOct2,2023AuthoredbyLiquidWorm|Sitezeroscience.mkTheElectrolinkFM/DAB/TVTransmittersuffersfromadisclosureofclear-textcredentialsinlogin.htmandmail.htmthatcanallowsecuritybypassandsystemaccess.ts|exploitDownload|Forite|ViewGentooLinuxSecurityAdvisory-01PostedOct2,2023AuthoredbyGentoo|Sitesecurity.gentoo.orgGentooLinuxSecurityAdvisory-1-MultiplevulnerabilitieshebeendiscoveredinClam,theworstofwhichcouldresultinremotecodeexecution.Versionsgreaterthanorequalto0.103.7areaffected.ts|advisory,remote,vulnerability,codeexecutionsystems|linux,gentooDownload|Forite|ViewDebianSecurityAdvisory5512-1PostedOct2,2023AuthoredbyDebian|Sitedebian.orgDebianLinuxSecurityAdvisory5512-1-SeveralvulnerabilitieswerediscoveredinExim,amailtransportent,whichcouldresultinremotecodeexecutioniftheEXTERNALorSPA/NTLMauthenticatorsareused.ts|advisory,remote,vulnerability,codeexecutionsystems|linux,debianDownload|Forite|ViewDebianSecurityAdvisory5511-1PostedOct2,2023AuthoredbyDebian|Sitedebian.orgDebianLinuxSecurityAdvisory5511-1-Severalsecurityvulnerabilitieshebeendiscoveredinmosquitto,aMQTTcompatiblemessebroker,whichmaybeabusedforadenialofserviceattack.ts|advisory,denialofservice,vulnerabilitysystems|linux,debianDownload|Forite|ViewTORVirtualNetworkTunnelingTool0.4.8.7PostedOct2,2023AuthoredbyRogerDingledine|Sitetor.eff.orgTorisanetworkofvirtualtunnelsthatallowspeopleandgroupstoimprovetheirprivacyandsecurityontheInternet.Italsoenablessoftwaredeveloperstocreatenewcommunicationtoolswithbuilt-inprivacyfeatures.ItprovidesthefoundationforarangeofapplicationsthatalloworgTempête de sacanizationsandindividualstoshareinformationoverpublicnetworkswithoutcompromisingtheirprivacy.IndividualscanuseittokeepremoteWebsitesfromtrackingthemandtheirfamilymembers.TheycanalsouseittoconnecttoresourcessuchasnewssitesorinstantmessingservicesthatareblockedbytheirlocalInternetserviceproviders(ISPs).Thisisthesourcecoderelease.Changes:Fixedanissuethatpreventedpre-buildingmoreconfluxsetsafterexistingsetshadbeenused.RegeneratefallbackdirectoriesgeneratedonSeptember25,2023.UpdatedthegeoipfilestomatchtheIPFireLocationDatabase,asretrievedon2023/09/25.ts|tool,remote,local,peer2peersystems|unixDownload|Forite|ViewGentooLinuxSecurityAdvisory-17PostedOct2,2023AuthoredbyGentoo|Sitesecurity.gentoo.orgGentooLinuxSecurityAdvisory-17-MultiplevulnerabilitieshebeenfoundinChromiumanditsderivatives,theworstofwhichcouldresultinremotecodeexecution.Versionsgreaterthanorequalto113.0.5672.126areaffected.ts|advisory,remote,vulnerability,codeexecutionsystems|linux,gentooDownload|Forite|ViewGentooLinuxSecurityAdvisory-16PostedOct2,2023AuthoredbyGentoo|Sitesecurity.gentoo.orgGentooLinuxSecurityAdvisory-16-Multiplevulnerabilitieshebeendiscoveredinwpa_supplicantandhostapd,theworstofwhichcouldresultinarbitrarycodeexecution.Versionsgreaterthanorequalto2.10areaffected.ts|advisory,arbitrary,vulnerability,codeexecutionsystems|linux,gentooDownload|Forite|ViewDebianSecurityAdvisory5510-1PostedOct2,2023AuthoredbyDebian|Sitedebian.orgDebianLinuxSecurityAdvisory5510-1-ClementLecignediscoveredaheap-basedbufferoverflowinlibvpx,amultimedialibraryfortheVP8andVP9videocodecs,whichmayresultintheexecutionofarbitrarycodeifaspeciallycraftedVP8mediastreamisprocessed.ts|advisory,overflow,arbitrarysystems|linux,debianDownload|Forite|ViewjSQLInjection0.93PostedOct2,2023Authoredbyron190|Sitegithub.comjSQLInjectionisalightweightapplicationusedtofinddatabaseinformationfromadistantserver.jSQLInjectionisalsopartoftheofficialpenetrationtestingdistributionKaliLinuxandisincludedinvariousotherdistributionslikePentestBox,ParrotSecurityOS,ArchStrikeandBlackArchLinux.Thisisthesourcecoderelease.Changes:AddedBooleanno-mode.AddedPreferencetodisableURLrandomsuffix.FixedemptyStringnotpossibleinSQLEngine.AddCTFplatformstoScanlist.ts|tool,scanner,sqlinjectionsystems|linux,unixDownload|Forite|ViewJuniperSRXFirewall/EXSwitchRemoteCodeExecutionPostedOct2,2023AuthoredbyRonBowes,JacobBaines,jheysel-r7|Sitemetasploit.comThisMetasploitmoduleexploitsaPHPenvironmentvariablemanipulationvulnerabilityaffectingJuniperSRXfirewallsandEXswitches.TheaffectedJuniperdevicesrunningFreeBSDandeveryFreeBSDprocesscanaccesstheirstdinbyopening/dev/fd/0.TheexploitalsomakesuseoftwousefulPHPfeatures.Thefirstbeingauto_prepend_filewhichcausestheprovidedfiletobeaddedusingtherequirefunction.ThesecondPHPfunctionisallow_url_includewhichallowstheuseofURL-awarefopenwrappers.Byenablingallow_url_include,theexploitcanuseanyprotocolwrapperwithauto_prepend_file.Themodulethenusesdatatoprovideafileinlinewhichincludesthebase64encodedPHPpayload.BydefaultthisexploitreturnsasessionconfinedtoaFreeBSDjailwithlimitedfunctionality.ThereisadatastoreoptionJAIL_BREAK,thatwhensettotrue,willstealthenecessarytokensfromauserauthenticatedtotheJ-Webapplication,inordertooverwritetherootpasswordhash.IfthereisnouserauthenticatedtotheJ-Webapplicationthismethodwillnotwork.ThemodulethenauthenticateswiththenewrootpasswordoverSSHandthenrewritestheoriginalrootpasswordhashto/etc/master.passwd.ts|exploit,web,root,php,protocolsystems|freebsd,bsd,juniperDownload|Forite|ViewGentooLinuxSecurityAdvisory-15PostedOct2,2023AuthoredbyGentoo|Sitesecurity.gentoo.orgGentooLinuxSecurityAdvisory-15-MultiplevulnerabilitieshebeenfoundinGNUBinutils,theworstofwhichcouldresultindenialofservice.Versionsgreaterthanorequalto2.40areaffected.ts|advisory,denialofservice,vulnerabilitysystems|linux,gentooDownload|Forite|ViewDebianSecurityAdvisory5509-1PostedOct2,2023AuthoredbyDebian|Sitedebian.orgDebianLinuxSecurityAdvisory5509-1-AbufferoverflowinVP8mediastreamprocessinghasbeenfoundintheMozillaFirefoxwebbrowser,whichcouldpotentiallyresultintheexecutionofarbitrarycode.ts|advisory,web,overflow,arbitrarysystems|linux,debianDownload|Forite|ViewDebianSecurityAdvisory5508-1PostedOct2,2023AuthoredbyDebian|Sitedebian.orgDebianLinuxSecurityAdvisory5508-1-MultiplesecurityissueswerediscoveredinChromium,whichcouldresultintheexecutionofarbitrarycode,denialofserviceorinformationdisclosure.ts|advisory,denialofservice,arbitrary,infodisclosuresystems|linux,debianDownload|Forite|ViewRedHatSecurityAdvisory2023-5407-01PostedOct2,2023AuthoredbyRedHat|Siteaccess.redhat.comRedHatSecurityAdvisory2023-5407-01-OpenShiftGitOpsKAMOpenShiftGitOpsKubernetesApplicationManerCLItool.Issuesaddressedincludeadenialofservicevulnerability.ts|advisory,denialofservicesystems|linux,redhatDownload|Forite|ViewJetBrainsTeamCityUnauthenticatedRemoteCodeExecutionPostedSep29,2023Authoredbysfewer-r7|Sitemetasploit.comThisMetasploitmoduleexploitsanauthenticationbypassvulnerabilitytoachieveunauthenticatedremotecodeexecutionainstavulnerableJetBrainsTeamCityserver.AllversionsofTeamCitypriortoversion2023.05.4arevulnerabletothisissue.ThevulnerabilitywasoriginallydiscoveredbySonarSource.ts|exploit,remote,codeexecution,bypassDownload|Forite|ViewUbuntuSecurityNoticeUSN-6386-2PostedSep29,2023AuthoredbyUbuntu|Sitesecurity.ubuntu.comUbuntuSecurityNotice6386-2-JanaHofmann,EmanueleVannacci,CedricFournet,BorisKopf,andOleksiiOleksenkodiscoveredthatsomeAMDprocessorscouldleakstaledatafromdivisionoperationsincertainsituations.Alocalattackercouldpossiblyusethistoexposesensitiveinformation.ItwasdiscoveredthatthebluetoothsubsystemintheLinuxkerneldidnotproperlyhandleL2CAPsocketrelease,leadingtoause-after-freevulnerability.Alocalattackercouldusethistocauseadenialofserviceorpossiblyexecutearbitrarycode.ts|advisory,denialofservice,arbitrary,kernel,localsystems|linux,ubuntuDownload|Forite|ViewGentooLinuxSecurityAdvisory-14PostedSep29,2023AuthoredbyGentoo|Sitesecurity.gentoo.orgGentooLinuxSecurityAdvisory-14-Multiplevulnerabilitieshebeenfoundinlibarchive,theworstofwhichcouldresultindenialofservice.Versionsgreaterthanorequalto3.7.1areaffected.ts|advisory,denialofservice,vulnerTempête de sacabilitysystems|linux,gentooDownload|Forite|ViewViewOlderFiles→FollowusonTwitterFollowusonFacebookSubscribetoanRSSFeedRecentNewsJohnsonControlsHitByRansomwarePostedSep29,2023ts|headline,hacker,malware,cybercrime,dataloss,fraud,cryptographyForite|ViewTheNSAIsStartingAnArtificialIntelligenceSecurityCenterPostedSep29,2023ts|headline,government,usa,cyberwar,spyware,nsaForite|ViewChineseSnoopsStole60,000StateDepartmentEmailsPostedSep29,2023ts|headline,hacker,government,privacy,email,usa,china,dataloss,spyware,cyberwrForite|ViewANewChrome0-DayIsSendingTheInternetIntoANewChapterOfGroundhogDayPostedSep29,2023ts|headline,flaw,google,zeroday,chromeForite|ViewRussianStateHackersAttemptedToBlockUkrainiansFromOpeningUSBankAccountsPostedSep29,2023ts|headline,hacker,government,bank,usa,russia,denialofservice,cyberwar,ukraineForite|ViewNorwayWantsFacebookBehioralAdvertisingBannedAcrossEuropePostedSep29,2023ts|headline,government,privacy,facebook,social,norwayForite|ViewRightWingElonScrapsToolToReportElectoralFakeNewsPostedSep28,2023ts|headline,government,fraud,twitterForite|ViewAfterFailingAtPrivacyain,GoogleIsWorkingToKeepBardChatsOutOfSearchPostedSep28,2023ts|headline,privacy,dataloss,googleForite|ViewCiscoWarnsOfIOSSoftwareZero-DayExploitationAttemptsPostedSep28,2023ts|headline,hacker,flaw,cisco,zerodayForite|ViewChineseHackersStoleEmailsFromUSStateDeptInMSBreachPostedSep28,2023ts|headline,government,privacy,email,usa,china,dataloss,cyberwarForite|ViewViewMoreNews→FileArchive:October2023<SuMoTuWeThFrSa1Oct1st0Files2Oct2nd22Files3Oct3rd0Files4Oct4th0Files5Oct5th0Files6Oct6th0Files7Oct7th0Files8Oct8th0Files9Oct9th0Files10Oct10th0Files11Oct11th0Files12Oct12th0Files13Oct13th0Files14Oct14th0Files15Oct15th0Files16Oct16th0Files17Oct17th0Files18Oct18th0Files19Oct19th0Files20Oct20th0Files21Oct21st0Files22Oct22nd0Files23Oct23rd0Files24Oct24th0Files25Oct25th0Files26Oct26th0Files27Oct27th0Files28Oct28th0Files29Oct29th0Files30Oct30th0Files31Oct31st0FilesTopAuthorsInLast30DaysRedHat132filesUbuntu84filesindoushka33filesDebian26filesGentoo17filesnu11secur1ty15filesApple13filesLiquidWorm9filesGoogleSecurityResearch7filesjheysel-r74filesFileTsActiveX(932)Advisory(82,358)Arbitrary(16,293)BBS(2,859)Bypass(1,757)CGI(1,029)CodeExecution(7,326)Conference(680)Cracker(843)CSRF(3,351)DoS(23,587)Encryption(2,371)Exploit(52,143)FileInclusion(4,230)FileUpload(977)Firewall(821)InfoDisclosure(2,796)IntrusionDetection(895)Ja(3,050)JaScript(864)Kernel(6,752)Local(14,518)Mazine(586)Overflow(12,749)Perl(1,423)PHP(5,156)ProofofConcept(2,345)Protocol(3,615)Python(1,539)Remote(30,901)Root(3,596)Rootkit(513)Ruby(612)Scanner(1,642)SecurityTool(7,908)Shell(3,201)Shellcode(1,216)Sniffer(895)Spoof(2,209)SQLInjection(16,419)TCP(2,413)Trojan(687)UDP(895)Virus(666)Vulnerability(31,870)Web(9,721)Whitepaper(3,753)x86(964)XSS(18,005)OtherFileArchivesOctober2023September2023August2023July2023June2023May2023April2023March2023February2023January2023December2022November2022OlderSystemsAIX(428)Apple(2,016)BSD(375)CentOS(57)Cisco(1,925)Debian(6,851)Fedora(1,692)FreeBSD(1,246)Gentoo(4,339)HPUX(879)iOS(355)iPhone(108)IRIX(220)Juniper(69)Linux(46,852)MacOSX(687)Mandriva(3,105)NetBSD(256)OpenBSD(485)RedHat(13,926)Slackware(941)Solaris(1,610)SUSE(1,444)Ubuntu(8,949)UNIX(9,319)UnixWare(186)Windows(6,590)OtherNewsTs0Day(268)Adobe(305)Anonymous(350)Apple(1,024)Backdoor(631)Bank(1,181)Botnet(544)Britain(1,067)China(886)Conference(312)Cryptography(1,433)Cybercrime(1,994)Cyberwar(1,787)DataLoss(3,666)Database(221)DoS(509)Email(489)Facebook(816)FBI(436)Flaw(4,090)Fraud(2,537)Google(1,492)Government(6,659)Hacker(6,984)Headline(18,648)Iran(208)Linux(245)Malware(2,535)Microsoft(1,740)Mozilla(211)NSA(675)Password(710)Patch(899)Phish(354)Phone(1,854)Privacy(4,506)Russia(1,002)Scam(273)Science(517)Social(452)Space(244)Spam(374)Spyware(1,512)Terror(384)Trojan(315)Twitter(393)USA(3,717)Virus(396)Wireless(221)OtherNewsArchivesOctober2023September2023August2023July2023June2023May2023April2023March2023February2023January2023December2022November2022Older©2022PacketStorm.Allrightsreserved.SiteLinksNewsbyMonthNewsTsFilesbyMonthFileTsFileDirectoryAboutUsHistory&PurposeContactInformationTermsofServicePrivacyStatementInformation ServicesSecurityServicesHostingByRokasecFollowusonTwitterFollowusonFacebookSubscribetoanRSSFeed