what you don't know can hurt you
Showing 1 - 25 of 14,563 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-4757-1
Posted Mar 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4757-1 - It was discovered that wpa_supplicant did not properly handle P2P provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27803
MD5 | 76c6875576561e3219a3c05460b1d4b5
Ubuntu Security Notice USN-4754-4
Posted Mar 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-4 - USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-3177
MD5 | 6c6bc4e280c087eaec3deb827504f9bd
Ubuntu Security Notice USN-4737-2
Posted Mar 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4737-2 - USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8625
MD5 | 349b92ba169e163fb5fd0d5408cd2389
FortiLogger 4.4.2.2 Arbitrary File Upload
Posted Mar 1, 2021
Authored by Berkan Er | Site metasploit.com

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2021-3378
MD5 | 986492d22038a772f87e46c47ea24f02
VMware vCenter Server 7.0 Arbitrary File Upload
Posted Mar 1, 2021
Authored by Photubias

VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.

tags | exploit, arbitrary, file upload
advisories | CVE-2021-21972
MD5 | 8dcbcd4aa0bd7cc8803e9bfffc6bc6cd
Package Control Arbitrary File Write
Posted Feb 26, 2021
Authored by Google Security Research, Felix Wilhelm

Package Control suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
MD5 | fc1001c8bbe8a7cae533f770aa149604
Ubuntu Security Notice USN-4754-2
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
MD5 | c58459cb7018d68bd66024f925f30d8f
Ubuntu Security Notice USN-4754-1
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2020-27619
MD5 | fcb1f44f76f6b77579ed4d79f1e90403
Ubuntu Security Notice USN-4755-1
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4755-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-35523
MD5 | ce4c73d9700060bb9e46ed6eac083e16
Ubuntu Security Notice USN-4751-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4751-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25656, CVE-2020-25668, CVE-2020-25669, CVE-2020-25704, CVE-2020-27673, CVE-2020-27675, CVE-2020-27777, CVE-2020-27815, CVE-2020-27830, CVE-2020-27835, CVE-2020-28588, CVE-2020-28974, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
MD5 | 7bb32fb3e62f03bec71b2c606776cd36
Ubuntu Security Notice USN-4750-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4750-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25669, CVE-2020-27815, CVE-2020-28588, CVE-2020-28941, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661, CVE-2021-20177
MD5 | c85137173facaaae05662060f5c26ad1
Ubuntu Security Notice USN-4749-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4749-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25669, CVE-2020-27815, CVE-2020-29374, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661
MD5 | e814a088294feb0a838a75b2880951cd
Ubuntu Security Notice USN-4747-2
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4747-2 - USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-26937
MD5 | 51106d68ba3d0aa06c100023b37ce617
Ubuntu Security Notice USN-4698-2
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4698-2 - USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-14834, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
MD5 | d9480652e5dc691b11f3f1725a0b37f0
Ubuntu Security Notice USN-4746-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4746-1 - Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27135
MD5 | 019fb5c1e160e7e47bdc8cabc31aac80
Ubuntu Security Notice USN-4747-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4747-1 - Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-26937
MD5 | c88959542941690d285357a3da9b35eb
Apache Flink JAR Upload Java Code Execution
Posted Feb 23, 2021
Authored by Brendan Coles, bigger.wing, Henry Chen | Site metasploit.com

This Metasploit module uses job functionality in the Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2 on Ubuntu 18.04.4; 1.9.3 on Windows 10; and 1.11.2 on Windows 10.

tags | exploit, java, remote, web, arbitrary
systems | linux, windows, ubuntu
MD5 | df5b84ceecc3ad0a0dd97aadca7fdd1a
Ubuntu Security Notice USN-4741-1
Posted Feb 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-15095
MD5 | e3e7583b332766aed829a8c80c341bff
Ubuntu Security Notice USN-4739-1
Posted Feb 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4739-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-13558
MD5 | a5feb8fa066d0c3a1865f6e0f2147384
Ubuntu Security Notice USN-4737-1
Posted Feb 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4737-1 - It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8625
MD5 | 495d4f5b0aec882a3b44b696b0874475
Ubuntu Security Notice USN-4734-2
Posted Feb 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4734-2 - USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-12695, CVE-2021-0326
MD5 | f9aca742cf078ddc6d67314d0dee884c
Ubuntu Security Notice USN-4736-1
Posted Feb 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4736-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that responses received during the plaintext phase of the STARTTLS connection setup were subsequently evaluated during the encrypted session. A person in the middle could potentially exploit this to perform a response injection attack. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15685, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960
MD5 | f6196100b7e6c3859b8474631f16bf7e
Klog Server 2.4.1 Command Injection
Posted Feb 15, 2021
Authored by Brendan Coles, Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.

tags | exploit, web, arbitrary, php
advisories | CVE-2020-35729
MD5 | 2fcde862940be1be38194631a27617e3
Ubuntu Security Notice USN-4734-1
Posted Feb 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4734-1 - It was discovered that wpa_supplicant did not properly handle P2P group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-12695, CVE-2021-0326
MD5 | be6482b8e15c1151887efd102bd3eefa
Ubuntu Security Notice USN-4733-1
Posted Feb 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4733-1 - Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2020-36241
MD5 | 3c18fc22fd38af8603be0f826c12a53c
Page 1 of 583
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close