what you don't know can hurt you
Showing 1 - 25 of 14,818 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-5078-2
Posted Sep 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5078-2 - USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-40153, CVE-2021-41072
MD5 | a588bff99e1ad294d4c0a837675bd039
elFinder Archive Command Injection
Posted Sep 15, 2021
Authored by Shelby Pace, Thomas Chauchefoin | Site metasploit.com

elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and enables the execution of arbitrary commands as the www-data user.

tags | exploit, arbitrary, php
advisories | CVE-2021-32682
MD5 | 748ee7b37719159b8db8d6bf33aad64b
Ubuntu Security Notice USN-5079-1
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-22945, CVE-2021-22946, CVE-2021-22947
MD5 | 86a50e5b74b582a69ac5dae745acba84
Ubuntu Security Notice USN-5078-1
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5078-1 - Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-41072
MD5 | 2233bb5f32da527afee0b0e4fa9525ad
Ubuntu Security Notice USN-5077-2
Posted Sep 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5077-2 - USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maik M

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-3709
MD5 | 9b7c13e0f8c97336957240f068c12cdd
Ubuntu Security Notice USN-5077-1
Posted Sep 14, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5077-1 - Maik M√ľnch and Stephen Roettger discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use this issue to gain read access to arbitrary files, possibly containing sensitive information.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-3709
MD5 | 4e361a457f37e5470649f38e31214110
Ubuntu Security Notice USN-5075-1
Posted Sep 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5075-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3781
MD5 | 8212a2bf855aa3d13a0fd58791b087b2
ECOA Building Automation System Arbitrary File Deletion
Posted Sep 10, 2021
Authored by Neurogenesia | Site zeroscience.mk

ECOA building automation systems suffer from an arbitrary file deletion vulnerability. Many versions are affected.

tags | exploit, arbitrary
MD5 | ae7a3dbb4a07114fe29fadd4d5a408df
Ubuntu Security Notice USN-5074-1
Posted Sep 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5074-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass mixed content blocking, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-38491
MD5 | 307ff9b456915ff0c2e87a7ff73a8a35
ECOA Building Automation System Path Traversal / Arbitrary File Upload
Posted Sep 10, 2021
Authored by Neurogenesia | Site zeroscience.mk

ECOA building automation systems suffer from path traversal and arbitrary file upload vulnerabilities. Many versions are affected.

tags | exploit, arbitrary, vulnerability, file upload
MD5 | a455307bd9b613b751ea7966593a494d
Ubuntu Security Notice USN-5065-1
Posted Sep 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5065-1 - It was discovered that Open vSwitch incorrectly handled decoding RAW_ENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-36980
MD5 | 6efb5c8ace4a1eda9fae8a466888ded5
Ubuntu Security Notice USN-5064-1
Posted Sep 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5064-1 - Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-38185
MD5 | 9673414a57ebfe220bde6cce1e16a47a
SQLMAP - Automatic SQL Injection Tool 1.5.9
Posted Sep 3, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 32819398c46317bb918049666fad4e8f
BRAKTOOTH: Causing Havoc On Bluetooth Link Manager
Posted Sep 3, 2021
Authored by Vaibhav Bedi, Matheus E. Garbelini, Ernest Kurniawan, Sudipta Chattopadhyay, Sumei Sun | Site asset-group.github.io

This whitepaper discusses BRAKTOOTH, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.

tags | advisory, paper, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31609, CVE-2021-31610, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31717, CVE-2021-31785, CVE-2021-31786, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150
MD5 | 83e56767b319b5f79741b2ed5ec789fa
Geutebruck Remote Command Execution
Posted Sep 2, 2021
Authored by Titouan Lazard, Sebastien Charbonnier, Ibrahim Ayadhi | Site metasploit.com

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 1.12.0.27 and below as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, web, arbitrary, cgi, root, vulnerability, code execution
advisories | CVE-2021-33543, CVE-2021-33544, CVE-2021-33548, CVE-2021-33550, CVE-2021-33551, CVE-2021-33552, CVE-2021-33553, CVE-2021-33554
MD5 | 92b73b5927fb8541093395f2793bd346
Ubuntu Security Notice USN-5060-2
Posted Sep 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5060-2 - USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
MD5 | 61a2bdc4a3f99273641d87a0647147f5
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation
Posted Sep 1, 2021
Authored by Grant Willcox, chompie1337, Manfred Paul | Site metasploit.com

Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10.37 are vulnerable to a bug in the eBPF verifier's verification of ALU32 operations in the scalar32_min_max_and function when performing AND operations, whereby under certain conditions the bounds of a 32 bit register would not be properly updated. This can be abused by attackers to conduct an out of bounds read and write in the Linux kernel and therefore achieve arbitrary code execution as the root user. The target system must be compiled with eBPF support and not have kernel.unprivileged_bpf_disabled set, which prevents unprivileged users from loading eBPF programs into the kernel. Note that if kernel.unprivileged_bpf_disabled is enabled this module can still be utilized to bypass protections such as SELinux, however the user must already be logged as a privileged user such as root.

tags | exploit, arbitrary, kernel, root, code execution
systems | linux
advisories | CVE-2021-3490
MD5 | 6ead3e5e5296fe145b5eb92da7ae8088
Ubuntu Security Notice USN-5060-1
Posted Sep 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5060-1 - It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
MD5 | 19cfe513a302ebf6fd4b985916cdd12d
Ubuntu Security Notice USN-5058-1
Posted Aug 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5058-1 - It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, imap
systems | linux, ubuntu
advisories | CVE-2021-29969, CVE-2021-29984, CVE-2021-29985, CVE-2021-29989, CVE-2021-30547
MD5 | 1487dd0ba06bf1fac526565425dc0587
Ubuntu Security Notice USN-5057-1
Posted Aug 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5057-1 - Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-40153
MD5 | 6a67eda2cc54e33aacb1d2bc22fd3f2c
Umbraco CMS 8.9.1 Traversal / Arbitrary File Write
Posted Aug 31, 2021
Authored by BitTheByte

Umbraco CMS versions 8.9.1 and below suffer from path traversal and arbitrary file write vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2020-5811
MD5 | 0a99ada2f17347f95a647a852d95bcfe
Ubuntu Security Notice USN-5053-1
Posted Aug 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5053-1 - It was discovered that libssh incorrectly handled rekeying. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3634
MD5 | f9ae7d95c976b2d3408e48d4445b5040
Ubuntu Security Notice USN-5037-2
Posted Aug 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5037-2 - USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | 06e3acf9ab3d153b30736866ab080285
Ubuntu Security Notice USN-5050-1
Posted Aug 24, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2021-28691, CVE-2021-3564, CVE-2021-3573, CVE-2021-38208
MD5 | 7176b3ae5db0a9e37bcee9ef8706ee54
Ubuntu Security Notice USN-5048-1
Posted Aug 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5048-1 - It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-10188
MD5 | ed58ed801b709eef2818c1d2495e2b82
Page 1 of 593
Back12345Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close