Twenty Year Anniversary
Showing 1 - 25 of 13,305 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-3816-1
Posted Nov 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3816-1 - Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2018-15686, CVE-2018-15687, CVE-2018-6954
MD5 | 0d1d149d094bc787a61b8d9a8420e7bb
Ubuntu Security Notice USN-3815-2
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3815-2 - USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18751
MD5 | 51e487332db90c74eb92afb810976bca
Ubuntu Security Notice USN-3815-1
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3815-1 - It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18751
MD5 | 55c08c31b7c8375fb97d655a18afabb1
Debian Security Advisory 4337-1
Posted Nov 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4337-1 - safety errors may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393
MD5 | 84df8a853d0cd691f2c1c1877e3e51a8
Debian Security Advisory 4336-1
Posted Nov 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4336-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-11645, CVE-2018-17961, CVE-2018-18073, CVE-2018-18284
MD5 | 5272b35e98151ec03cae17c1cae7ca73
Gentoo Linux Security Advisory 201811-09
Posted Nov 12, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-9 - A vulnerability in Icecast might allow remote attackers to execute arbitrary code. Versions less than 2.4.4 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-18820
MD5 | f6c49ac0f6a5d7138247ff4d411fc2bf
Gentoo Linux Security Advisory 201811-06
Posted Nov 10, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-6 - Multiple vulnerabilities have been found in libde265, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.0.3 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
MD5 | 42a1b84bbaf2f48f50665de5ebeadd39
Gentoo Linux Security Advisory 201811-05
Posted Nov 10, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-5 - Multiple vulnerabilities have been found in PHProjekt due to embedded Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands. Versions less than or equal to 6.1.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
MD5 | 023272c53ce86549bc9dc3246a333af5
Gentoo Linux Security Advisory 201811-04
Posted Nov 9, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-4 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.3.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397
MD5 | 3fbaf140c918fdebb25d085bb15384f8
Ubuntu Security Notice USN-3813-1
Posted Nov 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3813-1 - It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000807, CVE-2018-1000808
MD5 | 17ee1c5903a74363c12d44b59d9fe872
LibreHealth 2.0.0 File Read / File Delete / LFI
Posted Nov 7, 2018
Authored by Carlos Avila

LibreHealth version 2.0.0 suffers from arbitrary file read, file delete, and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, file inclusion
MD5 | c623d621a1af63ea7a2cc412995fc1a4
Ubuntu Security Notice USN-3811-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-1 - It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-15705, CVE-2018-11780, CVE-2018-11781
MD5 | 7fcbfde9589d7977e424e44fe80a9ea7
Ubuntu Security Notice USN-3808-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2018-16395, CVE-2018-16396
MD5 | 40861160d83fcf2ea2b6534d3fc4fe66
SQLMAP - Automatic SQL Injection Tool 1.2.11
Posted Nov 5, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 5fdd5bb9be166686620512abe0f11658
Ubuntu Security Notice USN-3807-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3807-1 - Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
MD5 | 7090d9f77e278da5d5637637cbc3037c
blueimp jQuery Arbitrary File Upload
Posted Nov 5, 2018
Authored by Larry W. Cashdollar, wvu, Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.

tags | exploit, arbitrary, php, file upload
advisories | CVE-2018-9206
MD5 | dc66674939d313842bacc7cddcbdd16c
Ubuntu Security Notice USN-3806-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3806-1 - Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
MD5 | 35680bf8b4d43558d98d86f89f440cf6
Debian Security Advisory 4334-1
Posted Nov 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4334-1 - Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer which could result in denial of service or the execution of arbitrary code if malformed documents are opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-17866, CVE-2018-1000037, CVE-2018-1000040, CVE-2018-5686, CVE-2018-6187, CVE-2018-6192
MD5 | 0d4bb0b6144acb743c6577accc5c3e20
Debian Security Advisory 4333-1
Posted Nov 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4333-1 - Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia streaming server which could result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2018-18820
MD5 | a1bafaabade89c2cdb1b4dbed96a1cc8
Anviz AIM CrossChex Standard 4.3 Excel Macro Injection
Posted Nov 1, 2018
Authored by LiquidWorm | Site zeroscience.mk

CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex version 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. Upon importing, the application will launch Excel program and execute the malicious macro formula.

tags | exploit, arbitrary
MD5 | f17d0ab71ad68426099534dd08d3f455
Sourcetree Git Arbitrary Code Execution
Posted Nov 1, 2018
Authored by Atlassian, Terry Zhang

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by this vulnerability. Versions of Sourcetree for Windows starting with version 0.5.1.0 before version 3.0.0 are affected by this vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2018-13396, CVE-2018-13397
MD5 | 3149f5b5c6b108a0813b481370d341e4
Ubuntu Security Notice USN-3805-1
Posted Oct 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3805-1 - Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
MD5 | 62d9032b56d438de573bf274b8252a5c
Red Hat Security Advisory 2018-3406-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3406-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-1000805
MD5 | 63cb15b1b8c7c0d8a5f07a72241a9099
Gentoo Linux Security Advisory 201810-10
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-10 - Multiple vulnerabilities have been found in systemd, the worst of which may allow execution of arbitrary code. Versions less than 239-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-15686, CVE-2018-15687, CVE-2018-15688
MD5 | ccdf59040b5185849799e4e2123418d8
Gentoo Linux Security Advisory 201810-07
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-7 - Multiple vulnerabilities have been found in Mutt and NeoMutt, the worst of which allows for arbitrary code execution. Versions less than 1.10-1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
MD5 | 627400e40f04ad1ca91e69f03aaf4fc9
Page 1 of 533
Back12345Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    4 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close