exploit the possibilities
Showing 26 - 50 of 14,398 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-4584-1
Posted Oct 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4584-1 - It was discovered that HtmlUnit incorrectly initialized Rhino engine. An attacker could possibly use this issue to execute arbitrary Java code.

tags | advisory, java, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-5529
MD5 | b7189a4381921c21c27a3059b8f5a87f
Microsoft Windows Uninitialized Variable Local Privilege Escalation
Posted Oct 15, 2020
Authored by timwr, unamer, piotrflorczyk | Site metasploit.com

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code execution as the SYSTEM user. This module has been tested against Windows 7 x64 SP1. Offsets within the exploit code may need to be adjusted to work with other versions of Windows. The exploit can only be triggered once against the target and can cause the target machine to reboot when the session is terminated.

tags | exploit, arbitrary, kernel, code execution
systems | windows, 7
advisories | CVE-2019-1458
MD5 | af2b59a298ac34ac7a74c71579e0e4cc
Ubuntu Security Notice USN-4582-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4582-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. Various other issues were also addressed.

tags | advisory, arbitrary, shell, local
systems | linux, ubuntu
advisories | CVE-2017-17087, CVE-2019-20807
MD5 | e6159e2f38d8be01d2ed2841a3b41473
Ubuntu Security Notice USN-4580-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4580-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-16119
MD5 | 47ad87c37ce75e1cc13c79f7ebbb8cfa
Ubuntu Security Notice USN-4579-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4579-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2018-10322, CVE-2020-14314, CVE-2020-16119, CVE-2020-25285
MD5 | add5a165267e2db5c97379f45065737e
Ubuntu Security Notice USN-4578-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4578-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2018-10322, CVE-2019-19448, CVE-2020-14314, CVE-2020-16119, CVE-2020-16120, CVE-2020-25212, CVE-2020-26088
MD5 | d9b01e11bdf2b74c3573fcc5c0826039
Ubuntu Security Notice USN-4577-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4577-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-16119, CVE-2020-16120
MD5 | c65fe18f5d37112dbf0049f05d753dd1
Ubuntu Security Notice USN-4576-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4576-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-14314, CVE-2020-14385, CVE-2020-16119, CVE-2020-16120, CVE-2020-25285, CVE-2020-25641
MD5 | 73dae97a670b565b41f5e2687d970fc6
Ubuntu Security Notice USN-4575-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4575-1 - It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-10683
MD5 | 13c22771427bf9520a58b64280918187
openMAINT 1.1-2.4.2 Arbitrary File Upload
Posted Oct 12, 2020
Authored by mrb3n

openMAINT version 1.1-2.4.2 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 1e4843b975a1cb67fdef303a4b35c16f
Ubuntu Security Notice USN-4572-2
Posted Oct 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4572-2 - USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14355
MD5 | f75b1a3129973828757d92800d60a53f
Ubuntu Security Notice USN-4573-1
Posted Oct 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-6053, CVE-2018-7225, CVE-2019-15681, CVE-2020-14397, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404
MD5 | b820dbcb8494dae534a235f1446d17cb
Ubuntu Security Notice USN-4572-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4572-1 - Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14355
MD5 | 10fa47bbba4baa38f799be96ba28941f
Ubuntu Security Notice USN-4566-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, arbitrary, local, imap
systems | linux, ubuntu
advisories | CVE-2019-11356, CVE-2019-19783
MD5 | 24a0f0b0c12ffc0d122c2f3854f8df99
Hashicorp Vault GCP IAM Integration Authentication Bypass
Posted Oct 6, 2020
Authored by Google Security Research, Felix Wilhelm

HashiCorp Vault's GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE instances, by creating a JWT token with a faked compute_engine struct, using an arbitrary attacker controlled service account.

tags | exploit, arbitrary
advisories | CVE-2020-16251
MD5 | 7b83f776aff7e235a44aa2d4f4125bb8
Hashicorp Vault AWS IAM Integration Authentication Bypass
Posted Oct 6, 2020
Authored by Google Security Research, Felix Wilhelm

HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.

tags | exploit, arbitrary, spoof
advisories | CVE-2020-16250
MD5 | c2e3c92a813a0ec7ee985df9b624b079
Ubuntu Security Notice USN-4571-1
Posted Oct 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4571-1 - It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-18978
MD5 | 3792c9ba4991a2361f83302e19df622d
Ubuntu Security Notice USN-4569-1
Posted Oct 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands.

tags | advisory, remote, arbitrary, cgi
systems | linux, ubuntu
advisories | CVE-2020-24379, CVE-2020-24916
MD5 | b57e1fe6c87cc3eebc0b2bd7a99b1ee1
SQLMAP - Automatic SQL Injection Tool 1.4.10
Posted Oct 5, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | e8ef8c77d9d611ea17e512c84da77716
FusionAuth-SAMLv2 0.2.3 Message Forging
Posted Oct 2, 2020
Authored by Felix Sieges

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.

tags | exploit, arbitrary
advisories | CVE-2020-12676
MD5 | f8a52bf9494d332e9b0a5df53b18c1c8
Safari Type Confusion / Sandbox Escape
Posted Oct 1, 2020
Authored by timwr, Insu Yun, Taesoo Kim, Jungwon Lim, Yonghwi Jin | Site metasploit.com

This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion (CVE-2020-9850). The type confusion can be used as addrof and fakeobj primitives that then lead to arbitrary read/write of memory. These primitives allow us to write shellcode into a JIT region (RWX memory) containing the next stage of the exploit. The next stage uses CVE-2020-9856 to exploit a heap overflow in CVM Server, and extracts a macOS application containing our payload into /var/db/CVMS. The payload can then be opened with CVE-2020-9801, executing the payload as a user but without sandbox restrictions.

tags | exploit, overflow, arbitrary, shellcode
advisories | CVE-2020-9801, CVE-2020-9850, CVE-2020-9856
MD5 | 2dc9b201150ea12e09390643b437b269
Sony IPELA Network Camera Remote Stack Buffer Overflow
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer overflow when a user issues a POST request to connect to a malicious FTP server. Successful exploitation could allow execution of arbitrary code on the affected device or cause denial of service scenario.

tags | exploit, remote, denial of service, overflow, arbitrary, cgi
MD5 | f3c26902b184bef531fb09e991e41a65
SpinetiX Fusion Digital Signage 3.4.8 Path Traversal
Posted Oct 1, 2020
Authored by LiquidWorm | Site zeroscience.mk

SpinetiX Fusion Digital Signage version 3.4.8 suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.

tags | exploit, arbitrary, php
MD5 | 7f728d906bc879ebc132cb19c060a6c2
Ubuntu Security Notice USN-4562-1
Posted Oct 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4562-1 - It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14001
MD5 | ebf1cdf60c7f8611d34ce58ab46f6a1c
MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials
Posted Oct 1, 2020
Authored by Shahrukh Iqbal Mirza

MonoCMS Blog version 1.0 suffers from arbitrary file deletion, cross site request forgery, and information disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion, info disclosure, csrf
advisories | CVE-2020-25986, CVE-2020-25987
MD5 | 858c4bad79460948ebff42b9ed1fd0cd
Page 2 of 576
Back12345Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close