exploit the possibilities
Showing 51 - 75 of 14,332 RSS Feed

Arbitrary Files

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.

tags | exploit, arbitrary
MD5 | fd7bb44dd6320c3825c09283301d799e
PAC Bypass Due To Unprotected Function Pointer Imports
Posted Aug 19, 2020
Authored by saelo, Google Security Research

PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers (as well as some data pointers) at runtime. However, it seems that imports of function pointers from shared libraries in userspace are not properly protected by PAC, allowing an attacker to sign arbitrary pointers and thus bypass PAC.

tags | advisory, arbitrary
advisories | CVE-2020-9870
MD5 | 1d4d2c1d8f30ccfd1c36adfae489b2a3
Ubuntu Security Notice USN-4457-2
Posted Aug 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4457-2 - USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15709
MD5 | 9b4d94e36e68614a576fb7adcba68cc3
Geutebruck testaction.cgi Remote Command Execution
Posted Aug 17, 2020
Authored by Davy Douhine | Site metasploit.com

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware versions 1.12.13.2 and 1.12.14.5 when the 'type' GET parameter is set to 'ntp'. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, arbitrary, cgi, root, code execution
advisories | CVE-2020-16205
MD5 | 1808f8c08c4e0f56746b33c5880b103d
Ubuntu Security Notice USN-4459-1
Posted Aug 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4459-1 - It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute arbitrary code or crash the server. It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15750, CVE-2018-15751, CVE-2019-17361, CVE-2020-11652
MD5 | fab02805099e5ba345f240d307c51f20
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, web, arbitrary
MD5 | 4b229bf7159213f08c6c5c724d811ce5
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability.

tags | exploit, web, arbitrary
MD5 | 4ec2d17bffc03ecbcdff736a646ec399
Ubuntu Security Notice USN-4457-1
Posted Aug 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4457-1 - Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15709
MD5 | ecb41f82ad36c486d2149a4f5bc4a612
Gentoo Linux Security Advisory 202008-07
Posted Aug 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-7 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 84.0.4147.125 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-6545, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020-6555
MD5 | 7f864fa71f70efaaf0600fe03a9b965a
Gentoo Linux Security Advisory 202008-05
Posted Aug 10, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-5 - A buffer overflow in gThumb might allow remote attacker(s) to execute arbitrary code. Versions less than 3.10.0 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2019-20326
MD5 | 6079dfd95b3c1cbab40ba699c0ff8af7
Gentoo Linux Security Advisory 202008-04
Posted Aug 10, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-4 - Multiple vulnerabilities have been found in Apache, the worst of which could result in the arbitrary execution of code. Versions less than 2.4.46 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-11984, CVE-2020-11985, CVE-2020-11993, CVE-2020-9490
MD5 | 6ebbbe914e5e8bb0a77e0de98171b948
Gentoo Linux Security Advisory 202008-02
Posted Aug 9, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-2 - A vulnerability in GNU GLOBAL was discovered, possibly allowing remote attackers to execute arbitrary code. Versions less than 6.6.4 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-17531
MD5 | c31763322e1337796431bbb6158d0fc0
Gentoo Linux Security Advisory 202008-03
Posted Aug 9, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-3 - Ark was found to allow arbitrary file overwrite, possibly allowing arbitrary code execution. Versions less than 20.04.3-r1 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2020-16116
MD5 | 421534779a0ba7b115e7a20ba126a17e
flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload
Posted Aug 8, 2020
Authored by Farhan Rahman, Azrul Ikhwan Zulkifli | Site sec-consult.com

flatCore CMS versions 1.5.5 and below suffer from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
MD5 | b4c0b5682efb708e59bbe189e31c8dc7
Ubuntu Security Notice USN-4451-2
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4451-2 - USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-15704
MD5 | e87d8f20499aa2e18c7cd3040c62a44f
Ubuntu Security Notice USN-4453-1
Posted Aug 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4453-1 - Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals method. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14556, CVE-2020-14577, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | a0c890f204d84cac8ed235ff33fa9d9a
Online Shopping Alphaware 1.0 Arbitrary File Upload
Posted Aug 6, 2020
Authored by Edo Maland

Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ac99c740e91732de1ca528611dc05ba5
Ubuntu Security Notice USN-4450-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4450-1 - Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-11937, CVE-2020-12135, CVE-2020-15570
MD5 | 8a56b151952311fb68e4412ae9c9a5b1
Ubuntu Security Notice USN-4451-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4451-1 - Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-15704
MD5 | dba7822ad99b626b4da28d4558490343
Ubuntu Security Notice USN-4449-1
Posted Aug 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4449-1 - Ryota Shiga discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. Ryota Shiga discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-11936, CVE-2020-15701, CVE-2020-15702
MD5 | ccdc98754ed6d235718171b799686bca
SQLMAP - Automatic SQL Injection Tool 1.4.8
Posted Aug 4, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 268727dd92e1f9549422eb99459a1154
Ubuntu Security Notice USN-4298-2
Posted Aug 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4298-2 - USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13753, CVE-2019-19926
MD5 | d1de1d9403a24bcb05ee45c057fd3d41
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
Posted Aug 3, 2020
Authored by Sivanesh Ashok

October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
advisories | CVE-2020-11083, CVE-2020-5295, CVE-2020-5296, CVE-2020-5297, CVE-2020-5298, CVE-2020-5299
MD5 | a79e40ac7fff8141301027b2d8a73d91
Microsoft Windows Win32k Privilege Escalation
Posted Aug 3, 2020
Authored by nu11secur1ty, Ventsislav Varbanovski | Site github.com

Microsoft Windows Win32k privilege escalation exploit. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

tags | exploit, arbitrary, kernel
systems | windows
advisories | CVE-2020-0642
MD5 | 6b7e0e5d390dcae63cd77660c4d5df8b
Ubuntu Security Notice USN-4445-1
Posted Aug 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4445-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code,

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15900
MD5 | e5cd22ad9394fc8739acbf87db5ba61d
Page 3 of 574
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close