Exploit the possiblities
Showing 1 - 25 of 12,736 RSS Feed

Arbitrary Files

Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
MD5 | 1f47f80c45cf9163168bba8d9d9e5883
Gentoo Linux Security Advisory 201712-04
Posted Dec 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-4 - Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. Versions less than 7.57.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-1000254, CVE-2017-1000257, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818
MD5 | 6d78a3a66d6ef06d18a2e705bf7acedd
Ubuntu Security Notice USN-3509-3
Posted Dec 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-3 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
MD5 | 7b0de306b43e15046d1562aa3c463ed8
Apple Security Advisory 2017-12-13-5
Posted Dec 15, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-5 - Safari 11.0.2 addresses arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 46ee197ecac23ffdddfab7ed1bfef818
Gentoo Linux Security Advisory 201712-01
Posted Dec 14, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-1 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Versions less than 2.18.3 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 2bdf84017aa63085601b31a0bfd00845
Red Hat Security Advisory 2017-3463-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3463-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2017-15041, CVE-2017-15042
MD5 | 565b46ec35ed4f8b9253642745a167e1
Advantech WebAccess 8.2 Stack Buffer Overflow
Posted Dec 13, 2017
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Advantech WebAccess version 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2017-14016
MD5 | 84628f5a2ed1fc38ada967ebdff3e267
pfSense 2.4.1 CSRF Error Page Clickjacking
Posted Dec 13, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary code in the WebGUI. Since the WebGUI runs as the root user, this will result in a full compromise of the pfSense instance.

tags | exploit, arbitrary, root
MD5 | 88144d72abf1d2945664621d86be2cbc
Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Upload
Posted Dec 13, 2017
Authored by Jakub Palaczynski

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file upload vulnerability.

tags | exploit, web, arbitrary, file upload
advisories | CVE-2017-16788
MD5 | cea75b62b1121f93f0200e9c1039ce2e
Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Read
Posted Dec 13, 2017
Authored by Jakub Palaczynski

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file read vulnerability.

tags | exploit, web, arbitrary
advisories | CVE-2017-16786
MD5 | 936472311cac9ef43b96368a13aa0968
Accesspress Anonymous Post Pro Unauthenticated Arbitrary File Upload
Posted Dec 13, 2017
Authored by Colette Chamberland

Accesspress Anonymous Post Pro versions prior to 3.2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2017-16949
MD5 | dc666e20199943e91f8df230dbe397fc
Debian Security Advisory 4058-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4058-1 - Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-1000229, CVE-2017-16938
MD5 | dd0f5a9d40a4eeb468d7c801146e0438
Debian Security Advisory 4061-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4061-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
MD5 | a5310638fafd1bd743a7aa997c8def97
Debian Security Advisory 4060-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4060-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

tags | advisory, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2017-11408, CVE-2017-13766, CVE-2017-17083, CVE-2017-17084, CVE-2017-17085
MD5 | 63c4113d4dfc8cde1097aebefc5a01de
Debian Security Advisory 4059-1
Posted Dec 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4059-1 - It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2017-16612
MD5 | f27c72c0b25d92627aeaff62733112c9
Vanguard 1.4 Arbitrary File Upload
Posted Dec 12, 2017
Authored by Ihsan Sencan

Vanguard version 1.4 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 9ce2e913fa5e1295e84d50bc0da48c0a
Kernel Live Patch Security Notice LSN-0033-1
Posted Dec 9, 2017
Authored by Benjamin M. Romer

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-1000405, CVE-2017-15265, CVE-2017-16939
MD5 | ca77a2333d4c9ee49fdd8d0056475a48
Ubuntu Security Notice USN-3507-2
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3507-2 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306, CVE-2017-15951, CVE-2017-16939
MD5 | e4e9ca45d6a9e4cece95a15bfca16c42
Ubuntu Security Notice USN-3511-1
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3511-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-16939
MD5 | 9e7a4f198355b4645387c08f75f34134
Ubuntu Security Notice USN-3510-2
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3510-2 - USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-16939
MD5 | a759e1476a777349ca39f619d2d7e469
Ubuntu Security Notice USN-3510-1
Posted Dec 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3510-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-16939
MD5 | c760dcb9902f64f23bb4e67232a51fbb
Ubuntu Security Notice USN-3509-2
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-2 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
MD5 | 9992cce2660b19d70d3414673f02ab80
Ubuntu Security Notice USN-3509-1
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
MD5 | ecebac920cb50284c6fd809011424590
Ubuntu Security Notice USN-3508-2
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3508-2 - USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939
MD5 | bc816d54ebe529dd5225953bb2b33b51
Ubuntu Security Notice USN-3508-1
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3508-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939
MD5 | 61ffeaad7d5d235842725a3fe5d4f465
Page 1 of 510
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close