Twenty Year Anniversary
Showing 1 - 25 of 13,359 RSS Feed

Arbitrary Files

SQLMAP - Automatic SQL Injection Tool 1.2.12
Posted Dec 7, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 431249d7af567a0c9086f93e62aa44fa
Ubuntu Security Notice USN-3831-2
Posted Dec 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3831-2 - USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | 90e4e6902a9545090e0ab2f68dbb0ec5
Ubuntu Security Notice USN-3838-1
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3838-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5807, CVE-2018-5813
MD5 | 879b86e3856df5f621b8482aaf06a069
Ubuntu Security Notice USN-3811-3
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-3 - USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-11780, CVE-2018-11781
MD5 | 99e9b14016913915026a9427dfc058dc
FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve
Posted Dec 6, 2018
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

tags | advisory, arbitrary, root, code execution
systems | freebsd, bsd
advisories | CVE-2018-17160
MD5 | 7dc5a9cc50e7bfcc59073a947a869ea7
HP Intelligent Management Java Deserialization Remote Code Execution
Posted Dec 4, 2018
Authored by mr_me, Carsten MaartmannMoe | Site metasploit.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

tags | exploit, remote, arbitrary, tcp
advisories | CVE-2017-12557
MD5 | 7f78f8ca23ae637a5eaf4c38011cf48c
Ubuntu Security Notice USN-3835-1
Posted Dec 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3835-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559
MD5 | 797f806913c130a0d4051adda370818d
Ubuntu Security Notice USN-3834-2
Posted Dec 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3834-2 - USN-3834-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-18311, CVE-2018-18313
MD5 | 4b1cb856c5b70ee9027861be4c5bfe83
Ubuntu Security Notice USN-3834-1
Posted Dec 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3834-1 - Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
MD5 | d49d4e952670e88373b599e721903471
Debian Security Advisory 4349-1
Posted Dec 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4349-1 - Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-11613, CVE-2017-17095, CVE-2018-10963, CVE-2018-15209, CVE-2018-16335, CVE-2018-17101, CVE-2018-18557, CVE-2018-5784, CVE-2018-7456, CVE-2018-8905
MD5 | 6897f1ef190f40a3af0d27ad61263ffc
Gentoo Linux Security Advisory 201812-04
Posted Dec 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201812-4 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Versions less than 2.22.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2018-4191, CVE-2018-4197, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361
MD5 | 2ba4bb9a032b71590ee90d26674984a7
KPOT Botnet Arbitrary File Disclosure
Posted Dec 1, 2018
Authored by n4pst3r

The KPOT Botnet suffers from an arbitrary file disclosure vulnerability that can also disclose credentials.

tags | exploit, arbitrary, info disclosure
MD5 | 0392288aa3bc83bd5930356df7bb2882
Joomla JCE 2.6.33 Arbitrary File Upload
Posted Dec 1, 2018
Authored by KingSkrupellos

Joomla JCE component versions 2.6.7.1 through 2.6.33 suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 5c23c1abd98f1e33707301cc61401134
Gentoo Linux Security Advisory 201811-24
Posted Nov 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-24 - A SQL injection in PostgreSQL may allow attackers to execute arbitrary SQL statements. Many versions are affected.

tags | advisory, arbitrary, sql injection
systems | linux, gentoo
advisories | CVE-2018-16850
MD5 | 2c5c05bb7720097c90c3c02d5810031c
Ubuntu Security Notice USN-3832-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3832-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559
MD5 | e6fcaa3ecb5ddac3d3d7836f6838675e
Ubuntu Security Notice USN-3831-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3831-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19409
MD5 | 481e81b6b20a445167d1fc2430b48d4f
WordPress hwm_board 1.0 Arbitrary File Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress hwm_board plugin version 1.0 suffers from an arbitrary database download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | de5315dac2fe55a184fe0c475bb5ecdd
WordPress uploadingdownloading-non-latin-filename 1.1.5 Arbitrary File Download
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress uploadingdownloading-non-latin-filename plugin version 1.1.5 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 4f695ccbfe99f60f3564d648d1aa9840
WordPress sermon-shortcodes 1.0 Arbitrary File Download
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress sermon-shortcodes plugin version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | d8b0727cebd739015ee52f559b3bef46
WordPress allow-l10n-upload-filename 1.0 Arbitrary File Download
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress allow-l10n-upload-filename plugin version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 25dcce834cbf081bdc768d8d098efc9d
Unitrends Enterprise Backup bpserverd Privilege Escalation
Posted Nov 28, 2018
Authored by h00die, Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.

tags | exploit, remote, arbitrary, local, root, protocol, python
systems | linux
advisories | CVE-2018-6329
MD5 | 169be3643a7a30d9a8e1cb203cbc2994
Debian Security Advisory 4346-1
Posted Nov 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477
MD5 | f89266c182d9b77cb78d4b9d1bb90820
FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
Posted Nov 28, 2018
Authored by Jakub Jirasek | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.

tags | advisory, remote, denial of service, arbitrary, code execution
systems | freebsd, bsd
advisories | CVE-2018-17157, CVE-2018-17158, CVE-2018-17159
MD5 | c429bab0bdb3143934610a88f982eccd
XSS Fuzzer
Posted Nov 28, 2018
Authored by Poyo VL | Site xssfuzzer.com

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.

tags | tool, arbitrary, javascript, fuzzer
MD5 | 1d8dc7cc10e6b2e2078281902563507f
PHP imap_open Remote Code Execution
Posted Nov 28, 2018
Authored by h00die, Anton Lopanitsyn, Twoster | Site metasploit.com

The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.

tags | exploit, arbitrary, php, imap
systems | linux, debian, ubuntu
MD5 | d4da49f1f3382fe81325e51853a7fcc3
Page 1 of 535
Back12345Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close