Twenty Year Anniversary
Showing 51 - 75 of 13,090 RSS Feed

Arbitrary Files

Debian Security Advisory 4200-1
Posted May 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4200-1 - Fabian Vogt discovered that incorrect permission handling in the PAM module of the KDE Wallet could allow an unprivileged local user to gain ownership of arbitrary files.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2018-10380
MD5 | 5da48d16fafc9c8d14d4113a50ee4dbe
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
Posted May 14, 2018
Authored by Jan Bee, Sebastian Neuner

Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities.

tags | exploit, arbitrary, vulnerability, csrf
advisories | CVE-2018-1433, CVE-2018-1434, CVE-2018-1438, CVE-2018-1461, CVE-2018-1462, CVE-2018-1463, CVE-2018-1464, CVE-2018-1465, CVE-2018-1466, CVE-2018-1467, CVE-2018-1495
MD5 | 982ee9389da127275dfc529c16ee33e4
Ubuntu Security Notice USN-3645-1
Posted May 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3645-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss
systems | linux, ubuntu
advisories | CVE-2018-5150, CVE-2018-5151, CVE-2018-5152, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182
MD5 | ab18b8ec6d4a0b241a776a0d65c936dd
Ubuntu Security Notice USN-3644-1
Posted May 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3644-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
MD5 | a3a7f94cde9ab4dab85a02d70c58b553
Debian Security Advisory 4199-1
Posted May 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4199-1 - Several security issues have been found in the Mozilla Firefox web may lead to the execution of arbitrary code or denial of service.

tags | advisory, web, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183
MD5 | 6991f4c67e40de4d8cc3b49fe2433ea8
Debian Security Advisory 4197-1
Posted May 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4197-1 - Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540
MD5 | a5df4ca7d685afb578c58630365bd843
Ubuntu Security Notice USN-3643-2
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
MD5 | 88830325a9cffa4e4d8c7d1e3ed4f55e
Ubuntu Security Notice USN-3643-1
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
MD5 | b616005171ef8530b23e4f187e4abdfd
Gentoo Linux Security Advisory 201805-04
Posted May 8, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-4 - A vulnerability in rsync might allow remote attackers to execute arbitrary commands. Versions less than 3.1.3 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-5764
MD5 | 63d6d897881dec8e2e6a5281c3bddcb5
Ubuntu Security Notice USN-3640-1
Posted May 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3640-1 - Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-4200
MD5 | 8c75b3ac007064bc9bb70bca2740dcac
Ubuntu Security Notice USN-3639-1
Posted May 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3639-1 - It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10528, CVE-2018-10529
MD5 | a10078237bc4b5950a1f50f845469234
Debian Security Advisory 4195-1
Posted May 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-0494
MD5 | 0a8ebefedcc50cb36f81573bebaba542
Palo Alto Networks readSessionVarsFromFile() Session Corruption
Posted May 7, 2018
Authored by H D Moore, Philip Pettersson | Site metasploit.com

This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root code execution by exploiting a vulnerable cron script. This Metasploit module uses an initial reverse TLS callback to stage arbitrary payloads on the target appliance. The cron job used for the final payload runs every 15 minutes by default and exploitation can take up to 20 minutes.

tags | exploit, arbitrary, root, vulnerability, code execution
advisories | CVE-2017-15944
MD5 | fe01448aae2bcc55f43fa22261d09244
Kernel Live Patch Security Notice LSN-0037-1
Posted May 7, 2018
Authored by Benjamin M. Romer

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-0861, CVE-2017-15129, CVE-2017-16995, CVE-2017-17448, CVE-2017-17450, CVE-2018-1000199, CVE-2018-5333, CVE-2018-5344, CVE-2018-8043
MD5 | 70c039f34496a5cffda6c354f241701c
Ubuntu Security Notice USN-3638-1
Posted May 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3638-1 - It was discovered that QPDF incorrectly handled certain malformed files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-9252, CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627, CVE-2017-12595, CVE-2017-18183, CVE-2017-18184, CVE-2017-18185, CVE-2017-18186, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210, CVE-2018-9918
MD5 | 4d0b1fa341e4bdfc2a577a49a752b08c
WordPress User Role Editor Plugin Privilege Escalation
Posted May 7, 2018
Authored by Tomislav Paskalev, ethicalhack3r | Site metasploit.com

The WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality ("update" function, contained within the "class-user-other-roles.php" module). Instead of verifying whether the current user has the right to edit other users' profiles ("edit_users" WP capability), the vulnerable function verifies whether the current user has the rights to edit the user ("edit_user" WP function) specified by the supplied user id ("user_id" variable/HTTP POST parameter). Since the supplied user id is the current user's id, this check is always bypassed (i.e. the current user is always allowed to modify its profile). This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile, by specifying them via the "ure_other_roles" parameter within the HTTP POST request to the "profile.php" module (issued when "Update Profile" is clicked). By default, this module grants the specified WP user all administrative privileges, existing within the context of the User Role Editor plugin.

tags | exploit, web, arbitrary, php
MD5 | 21f2f7e73a000aa53bc81c6bd2ac2518
Dell EMC Unity Family OS Command Injection
Posted May 4, 2018
Site emc.com

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.

tags | advisory, remote, arbitrary, root, vulnerability
advisories | CVE-2018-1239
MD5 | c698f77203ec3de3839dae52a0afc827
Debian Security Advisory 4189-1
Posted May 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4189-1 - Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-1000178, CVE-2018-1000179
MD5 | 4e10fa9930830155e8c0fd1d3a361f73
Red Hat Security Advisory 2018-1274-01
Posted May 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1274-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 49944063f4ecc3d703262f227fa06f8f
Gentoo Linux Security Advisory 201805-03
Posted May 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-3 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.139 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-6118
MD5 | 5f97f6ab07c7303a7cf8a3159a6cde13
Gentoo Linux Security Advisory 201805-02
Posted May 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-2 - A buffer overflow in Python might allow remote attackers to execute arbitrary code. Versions less than 2.7.14:2.7 are affected.

tags | advisory, remote, overflow, arbitrary, python
systems | linux, gentoo
advisories | CVE-2017-1000158
MD5 | d7751fe44f3e06a91458c77c8e139509
Ubuntu Security Notice USN-3637-1
Posted May 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3637-1 - Thuan Pham, Marcel Bohme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. Thuan Pham, Marcel Bohme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540
MD5 | 73eeb88db81fcd332045b34cfab4a648
Tpshop 2.0.8 Arbitrary File Download / SSRF
Posted May 2, 2018
Authored by Jiawang Zhang, Qian Wu, Bo Wang

Tpshop versions 2.0.8 and below suffer from arbitrary file download and server-side request forgery vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-9919
MD5 | 0d5864b3a0c0b1a3e4edcaee51e69ebe
Ubuntu Security Notice USN-3635-1
Posted May 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3635-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165
MD5 | 85531931d71d0277a373662193a6ba19
xdebug Unauthenticated OS Command Execution
Posted May 1, 2018
Authored by Mumbai, Shaksham Jaiswal, Ricter Zheng | Site metasploit.com

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.

tags | exploit, web, arbitrary, php
MD5 | f41618034e1f76ddd17f42794e9dc6c3
Page 3 of 524
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close