OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.
aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7aOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10caTripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris NĂ³va's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.
efa4bb512562aea95bee50fc8810a3a5b1b7f5e063254ef058a940ae82908a4eUbuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
aa2ecc6d33290de62a187d79e29fabd47aae5f43ed95f14174febf9e0069a0ccLockbit version 3.0 ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, in this case "RstrtMgr.dll", execute our own code, and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.
a8a36c8b61552ab9f3cad6eb0046a944604dace1c03fa5782e607d1933f5f017This is a C language reverse shell generator that is written in Python.
5dd358c97fb9c1f37b759fb43edddae386016d7945cc7d063e37b7e28f9e337fAdvanced Testimonials Manager version 5.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
57b51279e3413d9571cc34a4396cfeb4bfa5fe8055195099f868ecc8deb718b4The handling of Windows Defender Remote Credential Guard credentials is vulnerable to authentication relay attacks leading to elevation of privilege or authentication bypass.
59d20260a71bd3953d7c62c227f9a18519548cd6196f851a5c6ffb7ee4def447OpenSSL Security Advisory 20220705 - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. Other issues were also addressed.
77cb83743e1a820453bd06ea0f03f1f8f2401440b4f893084cdc8d178540f4c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed