what you don't know can hurt you
Showing 1 - 25 of 14,448 RSS Feed

Arbitrary Files

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a remote file inclusion vulnerability by including arbitrary client-side dynamic scripts (JavaScript, VBScript, HTML) when adding content though the input URL material of type html. This allows hijacking of the current session of the user, execute cross-site scripting code, or changing the look of the page and content modification on current display.

tags | exploit, remote, arbitrary, javascript, xss, file inclusion
MD5 | 85b5e3c8c9cb495114ef096e2616e76a
Ubuntu Security Notice USN-4660-1
Posted Dec 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4660-1 - It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-28915, CVE-2020-4788
MD5 | ee3119babe4a4a73b8652559a6df5f65
Ubuntu Security Notice USN-4659-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4659-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-25705, CVE-2020-27152, CVE-2020-28915, CVE-2020-4788
MD5 | 37ee7c1e29761f04f52a270e013cd6ed
Ubuntu Security Notice USN-4658-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4658-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788
MD5 | 172e17181d7ddc7028474879ff713778
SQLMAP - Automatic SQL Injection Tool 1.4.12
Posted Dec 1, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 63f11245bc7cdef373e7b5a811aa3c43
Ubuntu Security Notice USN-4654-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4654-1 - It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-28948
MD5 | 82c82cbd2ddeecdab18d7a3219f64cce
Ubuntu Security Notice USN-4652-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4652-1 - It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5439
MD5 | 6a7456d4d7b6165153389916c139259a
Ubuntu Security Notice USN-4650-1
Posted Nov 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4650-1 - Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-17380, CVE-2020-25084, CVE-2020-25085, CVE-2020-25624, CVE-2020-25625, CVE-2020-25723, CVE-2020-27616, CVE-2020-27617
MD5 | 637bf499dd94b75eea9e3371d70add3a
Ubuntu Security Notice USN-4382-2
Posted Nov 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4382-2 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11042, CVE-2020-11058, CVE-2020-11525, CVE-2020-13398
MD5 | 6a358e6b9c45a8fd4d61e8756172aeec
Moodle 3.8 Arbitary File Upload
Posted Nov 27, 2020
Authored by Sirwan Veisi

Moodle version 3.8 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4bf530ba008f828cff2639ab14956f02
Ubuntu Security Notice USN-4647-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4647-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2020-15683, CVE-2020-26951, CVE-2020-26959, CVE-2020-26968
MD5 | 662abdc998a96f824b8b60a609daef62
Ubuntu Security Notice USN-4648-1
Posted Nov 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4648-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-13753, CVE-2020-9983
MD5 | 6fe24a2351dd3e1ef847961c9f674d37
Foxit Reader 9.0.1.1049 Arbitrary Code Execution
Posted Nov 26, 2020
Authored by CrossWire

Foxit Reader version 9.0.1.1049 suffers from an arbitrary code execution vulnerability. This is a variant exploit of the original finding from 2018.

tags | exploit, arbitrary, code execution
advisories | CVE-2018-9958
MD5 | b950b07ca3d87158ef656845beeaadbc
OpenMediaVault rpc.php Authenticated PHP Code Injection
Posted Nov 25, 2020
Authored by Anastasios Stasinopoulos | Site metasploit.com

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-26124
MD5 | 5db0392e6b4ca81a678c8e7564a34918
WordPress Simple File List Unauthenticated Remote Code Execution
Posted Nov 25, 2020
Authored by h00die, coiffeur | Site metasploit.com

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

tags | exploit, remote, arbitrary, php
MD5 | 53dc99d870452eb23bdf7882ccb0c3e3
Ubuntu Security Notice USN-4643-1
Posted Nov 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4643-1 - It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service or possibly execute arbitrary code. It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11365, CVE-2019-11366
MD5 | bcc71db7af3bff7d8c36dc1d56b825fe
Ubuntu Security Notice USN-4642-1
Posted Nov 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4642-1 - It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service or arbitrary code execution.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2020-9549
MD5 | e238caa5145e021e67c028deec6d2611
Ubuntu Security Notice USN-4637-2
Posted Nov 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4637-2 - USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2020-16012, CVE-2020-26956, CVE-2020-26961, CVE-2020-26967
MD5 | 8c15181a66199d7dd9ff0f8f1e832367
TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution
Posted Nov 19, 2020
Authored by Darren King

TestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution
MD5 | 6b5e7dfb10e7c55e6f044ad18e15665b
Gemtek WVRTM-127ACN 01.01.02.141 Command Injection
Posted Nov 19, 2020
Authored by Gabriele Zuddas

Gemtek WVRTM-127ACN version 01.01.02.141 suffers from an authentication arbitrary command injection vulnerability.

tags | exploit, arbitrary
advisories | CVE-2020-24365
MD5 | 83915d2924ba8a50603a28a3724ffd72
Gitlab 12.9.0 Arbitrary File Read
Posted Nov 19, 2020
Authored by Jasper Rasenberg

Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.

tags | exploit, arbitrary
MD5 | 3a88b97ad457af5b8a78720ceabce567
WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload
Posted Nov 18, 2020
Authored by Jonathan Gregson

WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | a23fbe7a9101f368564e24a1ccaad929
Ubuntu Security Notice USN-4637-1
Posted Nov 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4637-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2020-16012, CVE-2020-26956, CVE-2020-26961, CVE-2020-26967
MD5 | 08275d480c462e399d22748a92c497ef
Ubuntu Security Notice USN-4633-1
Posted Nov 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4633-1 - Peter Eisentraut discovered that PostgreSQL incorrectly handled connection security settings. Client applications could possibly be connecting with certain security parameters dropped, contrary to expectations. Etienne Stalmans discovered that PostgreSQL incorrectly handled the security restricted operation sandbox. An authenticated remote attacker could possibly use this issue to execute arbitrary SQL functions as a superuser. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
MD5 | 7a1f8a3e69e9532a6647338dbaa42eec
Gentoo Linux Security Advisory 202011-19
Posted Nov 16, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202011-19 - Multiple vulnerabilities have been found in libexif, the worst of which could result in the arbitrary execution of code. Versions less than 0.6.22_p20201105 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-0181, CVE-2020-0198, CVE-2020-0452
MD5 | e9115e86f8c2b55a551de5fdfa7e19be
Page 1 of 578
Back12345Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    11 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close