exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 16,602 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-6696-1
Posted Mar 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6696-1 - Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 8 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

tags | advisory, java, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
SHA-256 | 4b0662938dd8d4f3377ff21d6e5a575b539f89ee7c9b38c565dd184d1e38fed8
Ubuntu Security Notice USN-6695-1
Posted Mar 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6695-1 - It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-18604, CVE-2023-32668, CVE-2024-25262
SHA-256 | e8f6e7fc279a5f1af336dbd407dfe96cd81c2d7194fe47a554772e61fc96870e
HALO 2.13.1 CORS Issue
Posted Mar 15, 2024
Authored by nu11secur1ty

HALO version 2.13.1 has an insecure cross-origin resource sharing setting that allows an arbitrary origin.

tags | exploit, arbitrary
SHA-256 | d03ce00498ebd36e4dfcab8b4a25be241e021255496446e7b6df62fb6024ec33
Debian Security Advisory 5639-1
Posted Mar 14, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5639-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-2400
SHA-256 | 4cbadb48dda00be85d46d8fcccadc0b92923c8219c7569b6d2df731ece4d0271
Hunting Down The HVCI Bug In UEFI
Posted Mar 14, 2024
Authored by Satoshi TANDA, Andrea Allievi | Site tandasat.github.io

This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.

tags | advisory, arbitrary, kernel, root, code execution
systems | windows
advisories | CVE-2024-21305
SHA-256 | 9d64188a47060dad96a12b2b5fc06e5f3f52c1141722943d26696fa195cc355b
JetBrains TeamCity Unauthenticated Remote Code Execution
Posted Mar 14, 2024
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.

tags | exploit, remote, arbitrary, code execution, bypass
advisories | CVE-2024-27198
SHA-256 | 68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87
Ubuntu Security Notice USN-6686-2
Posted Mar 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6686-2 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-22995, CVE-2023-4134, CVE-2023-46343, CVE-2023-46862, CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2024-0340, CVE-2024-0607
SHA-256 | 88475de5e2398450d91c1bb38fd2f616290eb3128f9d1ab6ef796c5b5b3a08eb
StimulusReflex 3.5.0 Arbitrary Code Execution
Posted Mar 14, 2024
Authored by lixts

StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2024-28121
SHA-256 | 9e5263d5183618a2c41a25b126b245bfa777329a2f535120971b95cdc71f0486
Ubuntu Security Notice USN-6656-2
Posted Mar 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-0985
SHA-256 | f45b11c7e2648a6365c7c0c4a04b1f4fe6c6106dd3b6d76e794be3a2d298a00a
Ubuntu Security Notice USN-6690-1
Posted Mar 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-3966, CVE-2023-5366
SHA-256 | c48aa2b70b96e75c736131cbd6e784fb35739c48c114c1dc28b66d826cb192ed
Ubuntu Security Notice USN-6658-2
Posted Mar 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6658-2 - USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-25062
SHA-256 | 2a750c69f6b035fa2c99f3825916f5c17d092b9f9cd726a59615137e53c334da
Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read
Posted Mar 11, 2024
Authored by Youssef Muhammad

Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.

tags | exploit, arbitrary
advisories | CVE-2023-26360
SHA-256 | 13a86908b0179fbc89ec6afba2a1ff200d2d4e963318afddcb2f12582423ca11
Ubuntu Security Notice USN-6680-2
Posted Mar 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6680-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-46343, CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2023-6560, CVE-2024-0607, CVE-2024-25744
SHA-256 | 6bc81fdaf7d2ab62cb88527ba4630824136da02c06781b70c420f590e02c5a29
Ubuntu Security Notice USN-6686-1
Posted Mar 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6686-1 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-22995, CVE-2023-4134, CVE-2023-46343, CVE-2023-46862, CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2024-0340, CVE-2024-0607
SHA-256 | 32b61fd68287a18eb0704bbcdd739624e37463787dff6bc8a0147ae34ca4a9e0
Ubuntu Security Notice USN-6685-1
Posted Mar 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6685-1 - It was discovered that mqtt-client incorrectly handled memory while parsing malformed MQTT frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-0222
SHA-256 | cc49c88c4675421bfd9834e4e4e0c55406cf579405c22b78ee6f529f264652ce
Debian Security Advisory 5636-1
Posted Mar 7, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5636-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-2173, CVE-2024-2174, CVE-2024-2176
SHA-256 | 45d2b3cd49f8d7b927168d63079c93e103a1882ab4c21a082c2c055ab0617188
Kernel Live Patch Security Notice LSN-0101-1
Posted Mar 7, 2024
Authored by Benjamin M. Romer

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux
advisories | CVE-2023-6817, CVE-2023-6932, CVE-2023-7192, CVE-2024-0193, CVE-2024-0646
SHA-256 | bc88723b94872c87e1cb00b2d83a704f36fe21c1a1c29ddd39f56580a64d63b7
Ubuntu Security Notice USN-6680-1
Posted Mar 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6680-1 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-46343, CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2023-6560, CVE-2024-0607, CVE-2024-25744
SHA-256 | 2d0e95b66ec180b53afc0e7cf46240a83376c5acc340939b8b3af331c9190321
Artica Proxy 4.50 Unauthenticated PHP Deserialization
Posted Mar 6, 2024
Authored by Jaggar Henry | Site korelogic.com

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630
Ubuntu Security Notice USN-6649-2
Posted Mar 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6649-2 - USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service. Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie response headers in multipart HTTP responses. An attacker could potentially exploit this issue to inject arbitrary cookie values. Gary Kwong discovered that Firefox incorrectly generated codes on 32-bit ARM devices, which could lead to unexpected numeric conversions or undefined behaviour. An attacker could possibly use this issue to cause a denial of service. Ronald Crane discovered that Firefox did not properly manage memory when accessing the built-in profiler. An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-1546, CVE-2024-1548, CVE-2024-1551, CVE-2024-1552, CVE-2024-1555, CVE-2024-1556
SHA-256 | 57493f4eb5405080e87d75b58868c8d0c8ea4844948fc6ac9afc75823a5e7a6f
Ubuntu Security Notice USN-6678-1
Posted Mar 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6678-1 - It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libgit2 did not perform certificate checking by default. An attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-12278, CVE-2023-22742, CVE-2024-24575, CVE-2024-24577
SHA-256 | 7b3086cc98d56d838c607776e3a17b3c2150866662ba214c0dc65ab02e4712cb
Ubuntu Security Notice USN-6677-1
Posted Mar 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6677-1 - It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-27102, CVE-2023-27103, CVE-2023-49465, CVE-2023-49467
SHA-256 | e5b123a14132e2de2966b2dd309e46adfd9dcc9597f183fc3ef618a6d4a7dcb7
Ubuntu Security Notice USN-6675-1
Posted Mar 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6675-1 - It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-24720
SHA-256 | d491a79e75514bf25f975567ff41507638e98c09cab54bfb9d5dcf4332bfbb3a
Ubuntu Security Notice USN-6653-4
Posted Mar 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6653-4 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51781, CVE-2023-6915, CVE-2024-0565, CVE-2024-0646
SHA-256 | aa48f67fd66f658d9892f7335cc6fb90de9e9c25c6ff2c4f219a83a90245088d
Gentoo Linux Security Advisory 202403-02
Posted Mar 4, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202403-2 - Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 3.1.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-0544, CVE-2022-0545, CVE-2022-0546
SHA-256 | c0f4d0afcf31837770fe0ca7efbef959899e3c31bd4d82b12dfdc8634700ecdc
Page 1 of 665
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close