exploit the possibilities
Showing 26 - 50 of 14,939 RSS Feed

Arbitrary Files

RiteCMS 3.1.0 Arbitrary File Deletion
Posted Jan 5, 2022
Authored by faisalfs10x

RiteCMS versions 3.1.0 and below suffer from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
MD5 | 07a5012d72060344e0ae19361f61dc68
WordPress The True Ranker 2.2.2 Arbitrary File Read
Posted Jan 5, 2022
Authored by Liad Levy, Nicole Sheinin

WordPress The True Ranker plugin versions 2.2.2 and below suffer from an arbitrary file read vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-39312
MD5 | 67e8963840362892bbbe7e6c96d521fc
SQLMAP - Automatic SQL Injection Tool 1.6
Posted Jan 3, 2022
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Major release bump with a large list of changes over the past year.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | bb815d35262e6b1362216f954b292719
Ubuntu Security Notice USN-5186-2
Posted Dec 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5186-2 - USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-43539, CVE-2021-43540, CVE-2021-43545
MD5 | dfad93a492ded55859e2e1d62ade7829
WordPress Popular Posts 5.3.2 Remote Code Execution
Posted Dec 20, 2021
Authored by h00die, Simone Cristofaro, Jerome Bruandet | Site metasploit.com

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in WordPress plugin Popular Posts versions 5.3.2 and below. The exploit chain is rather complicated. Authentication is required and gd for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60 second server cache refresh (the exploit waits 90 seconds), the homepage widget is loaded which triggers the plugin to download the payload from the server. The payload has a GIF header, and a double extension (.gif.php) allowing for arbitrary PHP code to be executed.

tags | exploit, web, arbitrary, php
advisories | CVE-2021-42362
MD5 | 58b71d78f3e92f8308944edbaef03644
Android VM_MAYWRITE Access To Shared Zygote JIT Mapping
Posted Dec 17, 2021
Authored by Jann Horn, Google Security Research

This bug report describes a vulnerability in ART that allows normal applications to insert arbitrary code into unused executable memory in zygote and other applications.

tags | exploit, arbitrary
advisories | CVE-2021-0959
MD5 | 8485539d964fd35ecf94557cacb68903
Ubuntu Security Notice USN-5192-2
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5192-2 - USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-44228
MD5 | 5df30b04cd149d1c5b52eceef9e3fda9
Ubuntu Security Notice USN-5195-1
Posted Dec 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5195-1 - It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27229
MD5 | fc5a94902e19d2cc3f126b4f238d6312
Ubuntu Security Notice USN-5193-1
Posted Dec 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5193-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-4008
MD5 | e108cb43c46ea10f53cace521f936163
Oliver Library Server 5 Arbitrary File Download
Posted Dec 15, 2021
Authored by Ishaan Vij, Mandeep Singh, CTRL Group, Luke Blues

Oliver Library Server 5 versions prior to 8.00.008.053 suffer from an arbitrary file download vulnerability. Softlink Education has contacted Packet Storm and although they were unable to replicate this issue in their hosting environment, they have proactively made changes to the software to mitigate attempts for this attack.

tags | exploit, arbitrary, info disclosure
MD5 | 47de3fec9dce2620943ba2fb7c366359
Ubuntu Security Notice USN-5192-1
Posted Dec 14, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5192-1 - Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-44228
MD5 | cd7a64761d3db930f439affb20d51b73
Ubuntu Security Notice USN-5186-1
Posted Dec 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5186-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-43536, CVE-2021-43539, CVE-2021-43540, CVE-2021-43541, CVE-2021-43545, CVE-2021-43546
MD5 | af467d405b02c0deebc430a5e5265a84
Apache Log4j2 2.14.1 Remote Code Execution
Posted Dec 10, 2021
Authored by tangxiaofeng7 | Site github.com

Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-44228
MD5 | 09c5608ec058a3f1d995a4340b5d204b
Ubuntu Security Notice USN-5183-1
Posted Dec 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5183-1 - Julian Rauchberger discovered that BlueZ incorrectly handled memory when processing SDP attribute requests. A remote attacker could use this issue to cause BlueZ to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-8922
MD5 | a234da3acdba27985d86e55366a94ecb
Grafana 8.3.0 Directory Traversal / Arbitrary File Read
Posted Dec 9, 2021
Authored by s1gh

Grafana version 8.3.0 suffers from a directory traversal vulnerability that can allow for arbitrary file reading.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2021-43798
MD5 | 6c5e75e53691c8f37a2a3aa15b286cca
TestLink 1.19 Arbitrary File Download
Posted Dec 9, 2021
Authored by Gonzalo Villegas

TestLink versions 1.16 through 1.19 suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 662aeacc4ee54a2b4a00f029b7ef1784
Grafana Arbitrary File Reading
Posted Dec 8, 2021
Authored by JAS502N | Site github.com

Grafana suffers from an unauthorized arbitrary file reading vulnerability. Version 8.3.1 addresses this issue.

tags | exploit, arbitrary
advisories | CVE-2021-43798
MD5 | b07119f68d1f96828ea48a5529ee09b5
Ubuntu Security Notice USN-5168-4
Posted Dec 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-4 - USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | 268760165ba1221a3f3d235bd7035bf9
Ubuntu Security Notice USN-5179-1
Posted Dec 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5179-1 - It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that BusyBox incorrectly handled certain malformed LZMA archives. If a user or automated system were tricked into processing a specially crafted LZMA archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly leak sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-28831, CVE-2021-42374, CVE-2021-42380, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385
MD5 | 01b6c0084a8d9d9b7eae9133958e19df
Ubuntu Security Notice USN-5172-1
Posted Dec 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5172-1 - It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19198, CVE-2018-20721
MD5 | b665785c4aa95ee4e2437ad46c171d01
WordPress DZS Zoomsounds 6.45 Arbitrary File Read
Posted Dec 3, 2021
Authored by Uriel Yochpaz

WordPress DZS Zoomsounds plugin version 6.45 suffers from an unauthenticated arbitrary file read vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-39316
MD5 | 4c910944d00be1a6a4dbbae9b2ee5e7d
Ubuntu Security Notice USN-5168-3
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-3 - USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | 106341b60664441783f0031ef8f6265a
Ubuntu Security Notice USN-5168-1
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-1 - Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | 0e4142ce22ed9c20ba17227b9f26297f
Ubuntu Security Notice USN-5168-2
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-2 - Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
MD5 | cceb150b416aa2150d692f26de8cb22b
Android vold Unsafe Mounting
Posted Dec 2, 2021
Authored by Jann Horn, Google Security Research

Android's vold's incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold's IPC handlers related to incremental-fs (mountIncFs, unmountIncFs, bindMount) allow system_server to specify semi-arbitrary paths, allowing system_server to trigger mounting on directories that shouldn't be under system_server control.

tags | exploit, arbitrary
advisories | CVE-2022-20002
MD5 | 28fb6ce55ef07cbdb3ed3c6e2997f68d
Page 2 of 598
Back12345Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close