Exploit the possiblities
Showing 1 - 25 of 12,661 RSS Feed

Arbitrary Files

Red Hat Security Advisory 2017-3247-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3247-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
MD5 | c46e919d507d1c9b0fb423e0907f6182
phpMyFAQ 2.9.9 Code Injection
Posted Nov 17, 2017
Authored by tomplixsee

phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription].

tags | exploit, arbitrary
MD5 | 225232827b43d46c5d4a7742cbe2ff01
Ubuntu Security Notice USN-3477-1
Posted Nov 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
MD5 | 5ed2b9f8c90425388420326b5e31775d
Ubuntu Security Notice USN-3481-1
Posted Nov 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3481-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 68e7c4cff272deb50d9fba595e29a0d0
Red Hat Security Advisory 2017-3244-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3244-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.1 serves as a replacement for Red Hat JBoss Data Grid 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-0750, CVE-2017-12629, CVE-2017-5645
MD5 | 82346d59795f9de41423699c8800be3d
Debian Security Advisory 4035-1
Posted Nov 16, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4035-1 - Several security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.

tags | advisory, web, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
MD5 | 063f2feaeb7ece66e2ed0a93f6ec7714
Microsoft Windows WLDP/Scriptlet CLSID UMCI Bypass
Posted Nov 15, 2017
Authored by James Forshaw, Google Security Research

The enlightened lockdown policy check for COM Class instantiation can be bypassed in Scriptlet hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

tags | exploit, arbitrary, code execution
MD5 | 9f26a70091ba091d126dd62e22de0746
Red Hat Security Advisory 2017-3221-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3221-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, web, denial of service, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2016-10167, CVE-2016-10168
MD5 | 2650f0d1afa1fd9360d227fd6867d136
Red Hat Security Advisory 2017-3222-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3222-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.187. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114
MD5 | e1b8da525c29835890e1b51565495dca
D-Link DIR-850L Unauthenticated Command Execution
Posted Nov 14, 2017
Authored by Mumbai, Zdenda | Site metasploit.com

This Metasploit module leverages an unauthenticated credential disclosure vulnerability to execute arbitrary commands on DIR-850L routers as an authenticated user.

tags | exploit, arbitrary
MD5 | 670314dfdf489f27ab72b01f00cd4dc6
Debian Security Advisory 4032-1
Posted Nov 14, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4032-1 - Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-12983, CVE-2017-13134, CVE-2017-13758, CVE-2017-13769, CVE-2017-14224, CVE-2017-14607, CVE-2017-14682, CVE-2017-14989, CVE-2017-15277
MD5 | ed2abc741b4d032c65907e0275aa7e20
Ubuntu Security Notice USN-3478-2
Posted Nov 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3478-2 - USN-3478-1 fixed two vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-12883
MD5 | 6fc7e5e039d31a5a2672a0fdaf7f7380
Ubuntu Security Notice USN-3478-1
Posted Nov 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3478-1 - Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2017-12837, CVE-2017-12883
MD5 | 972077314df82317d1a943797ea753ea
Gentoo Linux Security Advisory 201711-12
Posted Nov 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-12 - Multiple vulnerabilities have been found in eGroupWare, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.8.004.20120613 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-2027
MD5 | 23350ea0711228cdbb1e545d4fc1280e
Gentoo Linux Security Advisory 201711-10
Posted Nov 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-10 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.1.20:1.1.20 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-4000, CVE-2016-2313, CVE-2017-12065
MD5 | d56b7c61d4bb4a943eac7740c0966649
Gentoo Linux Security Advisory 201711-06
Posted Nov 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-6 - Multiple vulnerabilities have been found in Wget, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.19.1-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-13089, CVE-2017-13090
MD5 | f303910659d3e44a1267a9b40588c5e8
WebKitGTK+ Code Execution / Memory Corruption
Posted Nov 10, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ has had numerous security vulnerabilities addressed including arbitrary code execution and memory corruption.

tags | advisory, arbitrary, vulnerability, code execution
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 35c91c160bb58fe9a61a048e55672a70
Gentoo Linux Security Advisory 201711-05
Posted Nov 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-5 - Multiple vulnerabilities have been found in X.Org Server, the worst of which could allow an attacker to execute arbitrary code. Versions less than 1.19.5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183
MD5 | da1bc819132e62be0142cf6e42eaa3f2
Gentoo Linux Security Advisory 201711-02
Posted Nov 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-2 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 62.0.3202.89 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15396
MD5 | f0d19f0451b11dee9a5a7fe7b74d0b84
Gentoo Linux Security Advisory 201711-01
Posted Nov 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-1 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in the execution of arbitrary code. Versions prior to 2.9.4-r3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-9318, CVE-2017-0663, CVE-2017-5969, CVE-2017-7375, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050
MD5 | 56c81d3cb2b4a76a2ccc1a8327635179
Debian Security Advisory 4029-1
Posted Nov 9, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4029-1 - It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

tags | advisory, denial of service, arbitrary, local
systems | linux, debian
advisories | CVE-2017-8806
MD5 | b735e50bbbea22f2ddf4fb235c92ad77
Debian Security Advisory 4026-1
Posted Nov 9, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4026-1 - Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2017-15953, CVE-2017-15954, CVE-2017-15955
MD5 | 4a8adffff8654c2a42fdfba90f151ef2
Mako Server 2.5 Command Injection
Posted Nov 8, 2017
Authored by hyp3rlinx | Site metasploit.com

This Metasploit module exploits a vulnerability found in Mako Server version 2.5. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.

tags | exploit, arbitrary
MD5 | c03775a6cc371f5390945aeec52b7a16
Microsoft Windows LNK File Code Execution
Posted Nov 8, 2017
Authored by Yorick Koster, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-0095, CVE-2017-8464
MD5 | e8d2e4d615be10d88bf8b20b6b549143
Red Hat Security Advisory 2017-3151-01
Posted Nov 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3151-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.89. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-15398, CVE-2017-15399
MD5 | 43de8de1d726c8006a36b5c4b1912ef4
Page 1 of 507
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close