exploit the possibilities
Showing 1 - 25 of 15,097 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-5449-1
Posted May 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5449-1 - It was discovered that libXv incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5407
SHA-256 | 8dfd824a0a555db5e12b3fa25f8978b13dd1582bf701580976cf915a4e122eac
Ubuntu Security Notice USN-5448-1
Posted May 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5448-1 - It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-10684, CVE-2017-10685, CVE-2017-11113, CVE-2017-13728, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734
SHA-256 | 1fae3ff9d59b9002c720d7960b2278d50e61f34c7a0526b62ec3f8efe3754081
Ubuntu Security Notice USN-5402-2
Posted May 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-1292, CVE-2022-1473
SHA-256 | 38897d1c35ed3fd17bf48d11add588afe226f3e13ae49956791b9fd6a4337cd4
Tigase XMPP Server Stanza Smuggling
Posted May 26, 2022
Authored by Ivan Fratric, Google Security Research

Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).

tags | exploit, arbitrary
SHA-256 | 80c339179764f04e39876070e482957638cbcf822ccdb04b5cc72ea035585e1e
Ubuntu Security Notice USN-5440-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5440-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1552
SHA-256 | afb7ac8dfa18021533dd1fe40974a4cd36cb7516b0d83f7e79b332743aa4ed7d
Ubuntu Security Notice USN-5438-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5438-1 - It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23165
SHA-256 | 542453ced915ebb7602fcd08f1d0bbe3e3d2bc6543e84431afac96174abfa1a1
Ubuntu Security Notice USN-5437-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5437-1 - Tobias Stoeckmann discovered that libXfixes incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7944
SHA-256 | 28b2613b268b5b81a61688ca5923bfc41d7ddbec6de35cfcc7df9010f9b66488
Ubuntu Security Notice USN-5436-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5436-1 - Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7949
SHA-256 | a68c328472176a9f2ce8d1148dfe8b7097f7b70356d0bf7472a3922ab24f6102
Ubuntu Security Notice USN-5434-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5434-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29914, CVE-2022-29916
SHA-256 | 237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe
Ubuntu Security Notice USN-5435-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5435-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29914, CVE-2022-29916
SHA-256 | 237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe
Zoom XMPP Stanza Smuggling Remote Code Execution
Posted May 24, 2022
Authored by Ivan Fratric, Google Security Research

This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.

tags | exploit, arbitrary, code execution, protocol
systems | windows
advisories | CVE-2022-22787, CVE-2022-25236
SHA-256 | c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16
Ubuntu Security Notice USN-5432-1
Posted May 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5432-1 - It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12652, CVE-2018-14048
SHA-256 | 54ca6d5730b37e6ead16f7d5e371061160c7f46a81e138b8550d769c11bfd6ea
Ubuntu Security Notice USN-5428-1
Posted May 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5428-1 - Tobias Stoeckmann discovered that libXrandr incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7947
SHA-256 | deb631a860436031a460c67a9adb4c2f5174b4829345d20a02d76adfe82f1cf5
Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues
Posted May 18, 2022
Authored by Ramuel Gall | Site wordfence.com

Jupiter Theme versions 6.10.1 and below as well as JupiterX Core plugin versions 2.0.7 and below suffer from privilege escalation and post deletion vulnerabilities. JupiterX Theme versions 2.0.6 and below as well as JupiterX Core versions 2.0.6 and below suffer from plugin deactivation and setting modification flaws. JupiterX Theme versions 2.0.6 and below as well as Jupiter Theme versions 6.10.1 and below suffer from path traversal and local file inclusion vulnerabilities. Jupiter Theme versions 6.10.1 and below suffer from an arbitrary plugin deletion vulnerability. JupiterX Core plugin versions 2.0.6 and below suffer from information disclosure, modification, and denial of service vulnerabilities.

tags | advisory, denial of service, arbitrary, local, vulnerability, file inclusion, info disclosure
advisories | CVE-2022-1654, CVE-2022-1656, CVE-2022-1657, CVE-2022-1658, CVE-2022-1659
SHA-256 | 99977b76ad75b06f3f800ae91ea38ee20b0d9091a394d12146ce6e1c875bc515
Ubuntu Security Notice USN-5427-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5427-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2021-3899, CVE-2022-1242, CVE-2022-28652, CVE-2022-28654, CVE-2022-28655, CVE-2022-28656, CVE-2022-28657, CVE-2022-28658
SHA-256 | 4a7a1a4b4a53f12a5e131a2b8e72000ea9e3e0b7606d2ddd406b23a06bd16806
Ubuntu Security Notice USN-5426-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5426-1 - Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2022-30688
SHA-256 | af676d991a6b34124aadcbf2af266afeb34a8c6ad65703f679cfe6e1368bd93e
OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization
Posted May 17, 2022
Authored by Daniil Sigalov, Maxim Malkov, Denis Mironov, Dmitry Pavlov, Alexey Smirnov

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

tags | exploit, arbitrary
advisories | CVE-2022-24108
SHA-256 | 3bfd18c825f10a8abfe964c1ea209688517e067de8a3b9c084594fcd34b53d85
Ubuntu Security Notice USN-5311-2
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5311-2 - USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for thisCVE by mistake. This update corrects the problem. It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23648
SHA-256 | bf0c845e991aeba0eca65f4b23d29f729ad0f1896214182e1ae0fa304a019039
Ubuntu Security Notice USN-5422-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5422-1 - Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23308, CVE-2022-29824
SHA-256 | 8c3c6b611abb6723add14e9eb03ff8250dbd63ea52e2453efb3197d19614ea63
Ubuntu Security Notice USN-5421-1
Posted May 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5421-1 - It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-35522, CVE-2022-0865, CVE-2022-0891
SHA-256 | fd53c220dff57e76bdac23217ea634b1fb5272778561ded300fb599bd6d0ff03
Chrome 100 extensions::ExtensionApiFrameIdMap::GetFrameId Heap Use-After-Free
Posted May 16, 2022
Authored by Google Security Research, Glazvunov

A use-after-free issue exists in Chrome 100 and earlier versions. A malicious extension can achieve arbitrary code execution in the browser process.

tags | exploit, arbitrary, code execution
advisories | CVE-2022-0972
SHA-256 | 595428413ed6af41648e85f12bfacfc4d3b4b659dea62dab16b66777c9ddb014
Ubuntu Security Notice USN-5420-1
Posted May 13, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5420-1 - It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-14160
SHA-256 | a33060407453b19aa7187d7422d0a895fbe372f01e612751c0d342a6bec706ca
Ubuntu Security Notice USN-5413-1
Posted May 12, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5413-1 - Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-27820, CVE-2021-39713, CVE-2021-4157, CVE-2022-26490, CVE-2022-27223, CVE-2022-28390
SHA-256 | 91244b1f084946d306199917a00cb07c4faa804148fb749c2918a68baf634f4c
TLR-2005KSH Arbitrary File Delete
Posted May 12, 2022
Authored by Ahmed Alroky

TLR-2005KSH suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-46424
SHA-256 | 7fc517128cfc00794b294020cc0685ba5bd9d822917004a2d7fd31d677f4fd45
Ubuntu Security Notice USN-5411-1
Posted May 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5411-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass permission prompts, obtain sensitive information, bypass security restrictions, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2022-29909, CVE-2022-29915
SHA-256 | 000f629967ca92f7e1c38fe716cc7f512431d6be87f751d10c253c7ae9867eb9
Page 1 of 604
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close