exploit the possibilities
Showing 26 - 50 of 14,604 RSS Feed

Arbitrary Files

Adobe Reader CoolType Arbitrary Stack Manipulation
Posted Mar 18, 2021
Authored by Google Security Research, mjurczyk

Adobe Reader suffers from a CoolType arbitrary stack manipulation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-21086
MD5 | 07bd21c6148b74a3ebd51754bc5c4290
Hestia Control Panel 1.3.2 Arbitrary File Write
Posted Mar 18, 2021
Authored by numan turle

Hestia Control Panel version 1.3.2 suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
MD5 | f39e0a2b0a6cff12053b8b767649af0a
Microsoft Exchange 2019 SSRF / Arbitrary File Write
Posted Mar 18, 2021
Authored by F5

Microsoft Exchange 2019 proxylogon server-side request forgery to arbitrary file write exploit.

tags | exploit, arbitrary
advisories | CVE-2021-26855
MD5 | ec843f586f42e185be744d8b9e3a143b
Ubuntu Security Notice USN-4880-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4880-1 - It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-27814, CVE-2020-27845
MD5 | 4455b6e61dedb1e35e31480d0ee21df6
Ubuntu Security Notice USN-4879-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4879-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-20194
MD5 | 4d75b22b9bc6edb7b6c9d1c218599d71
Ubuntu Security Notice USN-4878-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4878-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-20239, CVE-2021-3178, CVE-2021-3347
MD5 | 9b326d87c15055059d2d831783328661
Ubuntu Security Notice USN-4877-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4877-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-3178
MD5 | 65a91b8f952c6c1ea32e71f869620dae
Ubuntu Security Notice USN-4876-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4876-1 - Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-29569, CVE-2020-36158, CVE-2021-3178
MD5 | 450e71cf2aeed3c895c44fb3b0270291
SonLogger 4.2.3.3 Shell Upload
Posted Mar 15, 2021
Authored by Berkan Er | Site metasploit.com

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2021-27964
MD5 | 0593a294d2d56ed9398dbcfc8185421a
Ubuntu Security Notice USN-4763-1
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4763-1 - It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922
MD5 | a9bb486c2183b003050adf13de2c0c65
Ubuntu Security Notice USN-4762-1
Posted Mar 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4762-1 - It was discovered that the OpenSSH ssh-agent incorrectly handled memory. A remote attacker able to connect to the agent could use this issue to cause it to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-28041
MD5 | 0e90f1e3a51fa95bece293da11297ac1
Ubuntu Security Notice USN-4761-1
Posted Mar 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4761-1 - Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-21300
MD5 | 7a9a215b27ae633fcf542a2b4f854615
Ubuntu Security Notice USN-4759-1
Posted Mar 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4759-1 - Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27218, CVE-2021-27219
MD5 | 6b55a2dbfb04e4a2fd60d526f7564062
Ubuntu Security Notice USN-4733-2
Posted Mar 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4733-2 - USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Various other issues were also addressed.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
MD5 | 2086fff33a1cdd7b63c70ff5a6dec675
Ubuntu Security Notice USN-4757-2
Posted Mar 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4757-2 - USN-4757-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27803
MD5 | a1b5ddb158f703fa8c24f73c44d00c3a
SQLMAP - Automatic SQL Injection Tool 1.5.3
Posted Mar 4, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | ce4b0dc1d2ac37013055fba060747e36
Ubuntu Security Notice USN-4757-1
Posted Mar 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4757-1 - It was discovered that wpa_supplicant did not properly handle P2P provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27803
MD5 | 76c6875576561e3219a3c05460b1d4b5
Ubuntu Security Notice USN-4754-4
Posted Mar 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-4 - USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-3177
MD5 | 6c6bc4e280c087eaec3deb827504f9bd
Ubuntu Security Notice USN-4737-2
Posted Mar 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4737-2 - USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8625
MD5 | 349b92ba169e163fb5fd0d5408cd2389
FortiLogger 4.4.2.2 Arbitrary File Upload
Posted Mar 1, 2021
Authored by Berkan Er | Site metasploit.com

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2021-3378
MD5 | 986492d22038a772f87e46c47ea24f02
VMware vCenter Server 7.0 Arbitrary File Upload
Posted Mar 1, 2021
Authored by Photubias

VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.

tags | exploit, arbitrary, file upload
advisories | CVE-2021-21972
MD5 | 8dcbcd4aa0bd7cc8803e9bfffc6bc6cd
Package Control Arbitrary File Write
Posted Feb 26, 2021
Authored by Google Security Research, Felix Wilhelm

Package Control suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
MD5 | fc1001c8bbe8a7cae533f770aa149604
Ubuntu Security Notice USN-4754-2
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
MD5 | c58459cb7018d68bd66024f925f30d8f
Ubuntu Security Notice USN-4754-1
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2020-27619
MD5 | fcb1f44f76f6b77579ed4d79f1e90403
Ubuntu Security Notice USN-4755-1
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4755-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-35523
MD5 | ce4c73d9700060bb9e46ed6eac083e16
Page 2 of 585
Back12345Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close