exploit the possibilities
Showing 1 - 25 of 14,273 RSS Feed

Arbitrary Files

Gentoo Linux Security Advisory 202008-05
Posted Aug 10, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-5 - A buffer overflow in gThumb might allow remote attacker(s) to execute arbitrary code. Versions less than 3.10.0 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2019-20326
MD5 | 6079dfd95b3c1cbab40ba699c0ff8af7
Gentoo Linux Security Advisory 202008-04
Posted Aug 10, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-4 - Multiple vulnerabilities have been found in Apache, the worst of which could result in the arbitrary execution of code. Versions less than 2.4.46 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-11984, CVE-2020-11985, CVE-2020-11993, CVE-2020-9490
MD5 | 6ebbbe914e5e8bb0a77e0de98171b948
Gentoo Linux Security Advisory 202008-02
Posted Aug 9, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-2 - A vulnerability in GNU GLOBAL was discovered, possibly allowing remote attackers to execute arbitrary code. Versions less than 6.6.4 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-17531
MD5 | c31763322e1337796431bbb6158d0fc0
Gentoo Linux Security Advisory 202008-03
Posted Aug 9, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-3 - Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution. Versions less than 20.04.3-r1 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2020-16116
MD5 | 421534779a0ba7b115e7a20ba126a17e
flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload
Posted Aug 8, 2020
Authored by Farhan Rahman, Azrul Ikhwan Zulkifli | Site sec-consult.com

flatCore CMS versions 1.5.5 and below suffer from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
MD5 | b4c0b5682efb708e59bbe189e31c8dc7
Ubuntu Security Notice USN-4451-2
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4451-2 - USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-15704
MD5 | e87d8f20499aa2e18c7cd3040c62a44f
Ubuntu Security Notice USN-4453-1
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4453-1 - Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals method. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14556, CVE-2020-14577, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | a0c890f204d84cac8ed235ff33fa9d9a
Online Shopping Alphaware 1.0 Arbitrary File Upload
Posted Aug 6, 2020
Authored by Edo Maland

Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ac99c740e91732de1ca528611dc05ba5
Ubuntu Security Notice USN-4450-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4450-1 - Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-11937, CVE-2020-12135, CVE-2020-15570
MD5 | 8a56b151952311fb68e4412ae9c9a5b1
Ubuntu Security Notice USN-4451-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4451-1 - Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-15704
MD5 | dba7822ad99b626b4da28d4558490343
Ubuntu Security Notice USN-4449-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4449-1 - Ryota Shiga discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. Ryota Shiga discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-11936, CVE-2020-15701, CVE-2020-15702
MD5 | ccdc98754ed6d235718171b799686bca
SQLMAP - Automatic SQL Injection Tool 1.4.8
Posted Aug 4, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 268727dd92e1f9549422eb99459a1154
Ubuntu Security Notice USN-4298-2
Posted Aug 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4298-2 - USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13753, CVE-2019-19926
MD5 | d1de1d9403a24bcb05ee45c057fd3d41
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
Posted Aug 3, 2020
Authored by Sivanesh Ashok

October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
advisories | CVE-2020-11083, CVE-2020-5295, CVE-2020-5296, CVE-2020-5297, CVE-2020-5298, CVE-2020-5299
MD5 | a79e40ac7fff8141301027b2d8a73d91
Microsoft Windows Win32k Privilege Escalation
Posted Aug 3, 2020
Authored by nu11secur1ty, Ventsislav Varbanovski | Site github.com

Microsoft Windows Win32k privilege escalation exploit. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

tags | exploit, arbitrary, kernel
systems | windows
advisories | CVE-2020-0642
MD5 | 6b7e0e5d390dcae63cd77660c4d5df8b
Ubuntu Security Notice USN-4445-1
Posted Aug 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4445-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code,

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15900
MD5 | e5cd22ad9394fc8739acbf87db5ba61d
Ubuntu Security Notice USN-4444-1
Posted Aug 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4444-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-9862, CVE-2020-9915
MD5 | 41e64fcb2adc18e2a3f8f179c1a36e11
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
Posted Jul 31, 2020
Authored by Brendan Coles, Andy Nguyen | Site metasploit.com

This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV6_2292PKTOPTIONS option handling in setsockopt permits racing ip6_setpktopt access to a freed ip6_pktopts struct. This exploit overwrites the ip6po_pktinfo pointer of a ip6_pktopts struct in freed memory to achieve arbitrary kernel read/write.

tags | exploit, arbitrary, kernel
systems | freebsd, bsd
advisories | CVE-2020-7457
MD5 | 1349f7155a1c7dce0d1fdef5aa98748a
Gentoo Linux Security Advisory 202007-64
Posted Jul 31, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-64 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.11.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
MD5 | e1dd07d085f54ee10e70004211be5c5a
Gentoo Linux Security Advisory 202007-63
Posted Jul 31, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-63 - Multiple vulnerabilities have been found in SNMP Trap Translator, the worst of which could allow attackers to execute arbitrary shell code. Versions less than 1.4.1 are affected.

tags | advisory, arbitrary, shell, vulnerability
systems | linux, gentoo
MD5 | 050446e49cdf58e9ef909a5278dbe5be
Gentoo Linux Security Advisory 202007-61
Posted Jul 31, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-61 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.28.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925
MD5 | 22a7728058ec8809b3ef43851e9e7cdf
Gentoo Linux Security Advisory 202007-60
Posted Jul 30, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-60 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.11.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15652, CVE-2020-15659, CVE-2020-6463
MD5 | 7750724215713d5c4b212ec02403ed8b
Ubuntu Security Notice USN-4432-1
Posted Jul 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4432-1 - Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-10713, CVE-2020-14308, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
MD5 | e8c8115375ad07c3a69fd6d3665f7dd3
Ubuntu Security Notice USN-4443-1
Posted Jul 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4443-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary code. It was discovered that redirected HTTP requests which are observed or modified through a web extension could bypass existing CORS checks. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information across origins. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15659, CVE-2020-6514
MD5 | d80178008eece3baac547d3e0382ff43
Baldr Botnet Panel Shell Upload
Posted Jul 29, 2020
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 3aee05fb3bfa3e3eb0452ce7bbf7bdfb
Page 1 of 571
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close