Twenty Year Anniversary
Showing 26 - 50 of 13,209 RSS Feed

Arbitrary Files

CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
Posted Aug 31, 2018
Authored by Ken Williams, Oystein Middelthun | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2018-13819, CVE-2018-13820, CVE-2018-13821
MD5 | 6e99f3fdbc87760f71a42c271a8fbbfb
Ubuntu Security Notice USN-3755-1
Posted Aug 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3755-1 - It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000222, CVE-2018-5711
MD5 | 56d9031d70fa876968c2b397983064af
SQLMAP - Automatic SQL Injection Tool 1.2.8
Posted Aug 27, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | f8172574e6c94b3c3fdce9988fe1d65e
HP Jetdirect Path Traversal Arbitrary Code Execution
Posted Aug 27, 2018
Authored by Jacob Baines | Site metasploit.com

This Metasploit module exploits a path traversal via Jetdirect to gain arbitrary code execution by writing a shell script that is loaded on startup to /etc/profile.d. Then, the printer is restarted using SNMP. A large amount of printers are impacted.

tags | exploit, arbitrary, shell, code execution
advisories | CVE-2017-2741
MD5 | 330fb84840e2b0a7602e2d3e4c2701b5
Ubuntu Security Notice USN-3753-1
Posted Aug 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3753-1 - It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-13168, CVE-2018-10877, CVE-2018-10879, CVE-2018-10881, CVE-2018-12233, CVE-2018-13094, CVE-2018-13405, CVE-2018-13406
MD5 | cf3741f7e3e80b17a174f1f6f5ad3137
Couchbase Server Remote Code Execution
Posted Aug 24, 2018
Authored by Filip Palian

Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval.

tags | exploit, arbitrary
MD5 | 1a112ea45d4e8f0f5bcf925e8e4587b6
Gentoo Linux Security Advisory 201808-04
Posted Aug 23, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201808-4 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Versions less than 2.20.4 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294, CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4121, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4200, CVE-2018-4201
MD5 | 5f0385617a3cb454f5a2e9982381b1a2
Gentoo Linux Security Advisory 201808-02
Posted Aug 22, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201808-2 - A vulnerability has been found in LXC which may allow for arbitrary file access (read-only). Versions less than 3.0.1-r1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2018-6556
MD5 | 508a6a1ce9c1ecac3ddc1b7dac14917a
Ubuntu Security Notice USN-3749-1
Posted Aug 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3749-1 - Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5188
MD5 | 693d2fa8a599799659710831e785b425
Debian Security Advisory 4279-1
Posted Aug 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4279-1 - Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory.

tags | advisory, arbitrary, kernel
systems | linux, debian
advisories | CVE-2018-3620, CVE-2018-3646
MD5 | aab9fef60b5c6ccfcb3e7fcbbcf56798
Debian Security Advisory 4276-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.

tags | advisory, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2017-14650, CVE-2017-9773, CVE-2017-9774
MD5 | 84275deef406d84c7f82d6c07a2ae031
Ubuntu Security Notice USN-3743-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12911, CVE-2018-4263, CVE-2018-4267, CVE-2018-4278
MD5 | 40cbebca101b1768a0afa00205ce7873
Ubuntu Security Notice USN-3744-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10915, CVE-2018-10925
MD5 | af16db35ec128995a527666b5424b03e
WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download
Posted Aug 17, 2018
Authored by IRaNHaCK Security Team

WordPress Dreamsmiths Themes version 0.0.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 6e4265ce06a07de135930fa49f47a643
OpenEMR 5.0.1.3 File Read / Write / Delete
Posted Aug 16, 2018
Authored by Joshua Fam

OpenEMR version 5.0.1.3 suffers from arbitrary file read, write, and delete vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-15140, CVE-2018-15141, CVE-2018-15142
MD5 | 8c5ed52e9a7bf67bc17c83f353a1e80f
Red Hat Security Advisory 2018-2405-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2405-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix: undertow: Client can use bogus uri in Digest authentication spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code Issues addressed include bypass, deserialization, and file disclosure vulnerabilities.

tags | advisory, java, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-12196, CVE-2017-8046, CVE-2018-1199, CVE-2018-1295, CVE-2018-9159
MD5 | fcabf1b9ef2071fef346c21156d2e61c
Ubuntu Security Notice USN-3738-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3738-1 - Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139
MD5 | f91f296f4171ef9db9a3a6c30a32bca1
Ubuntu Security Notice USN-3737-1
Posted Aug 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3737-1 - A use-after-free was discovered in GDM. A local user could exploit this to cause a denial of service, or potentially execute arbitrary code as the administrator.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-14424
MD5 | 38080a9134a5f410aa307c4b5cf0dad7
Microsoft DirectX SDK (June 2010) Xact3.exe DLL Hijacking
Posted Aug 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

The Microsoft DirectX SDK "Xact3.exe" cross-platform tool allows for arbitrary code execution via a trojan horse file "xbdm.dll" in the current working directory, upon opening a ".xap" project file from the same location.

tags | exploit, arbitrary, trojan, code execution
MD5 | d7f1056ce3aa140ad0e115c7bf50b3c0
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) Arbitrary File Read
Posted Aug 9, 2018
Authored by Andrey Konovalov

Linux Kernel version 4.14.7 (Ubuntu 16.04 / CentOS 7) arbitrary file read exploit with KASLR and SMEP bypass.

tags | exploit, arbitrary, kernel
systems | linux, ubuntu, centos
advisories | CVE-2017-18344
MD5 | 3979f56d7a233c067dd58ea0b8242822
Debian Security Advisory 4267-1
Posted Aug 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4267-1 - Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the build_res_buf_from_sip_req function could result in denial of service and potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2018-14767
MD5 | dd023e0140e5b7a2241e9f57d8e6b8f7
Ubuntu Security Notice USN-3730-1
Posted Aug 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3730-1 - Matthias Gerstner discovered that LXC incorrectly handled the lxc-user-nic utility. A local attacker could possibly use this issue to open arbitrary files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-6556
MD5 | 2d49f90b6beba33820201e89a4784c25
Debian Security Advisory 4260-1
Posted Aug 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4260-1 - Several vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious CAB, CHM or KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682
MD5 | d755de94a97a35ef3445c6980f25e25c
TI Online Examination System 2 Arbitrary File Download
Posted Aug 2, 2018
Authored by Ozkan Mustafa Akkus

TI Online Examination System version 2 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 81e456c42aabfcaaa43e495b8e5dbd5b
Ubuntu Security Notice USN-3728-1
Posted Aug 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3728-1 - Hanno Boeck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-14679, CVE-2018-14681, CVE-2018-14682
MD5 | 5ec726335cc48f2ac03e2723b19bd374
Page 2 of 529
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close