Exploit the possiblities
Showing 51 - 75 of 12,861 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-3546-1
Posted Jan 25, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3546-1 - Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5345
MD5 | 56ed41a81c3cfde6f6f4eac5ad6ed18b
Red Hat Security Advisory 2018-0122-01
Posted Jan 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0122-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
MD5 | 5035d13797b2d7eed962a6629407db7d
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
MD5 | 378cc7a64ba0d3b9625bf7d0daeb9bd6
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
Posted Jan 24, 2018
Authored by H D Moore, h00die, Daniel Hodson | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2017-17562
MD5 | b52da760a508f605f6ac4e9e7f6f0ffe
Ubuntu Security Notice USN-3543-2
Posted Jan 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3543-2 - USN-3543-1 fixed vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-16548, CVE-2018-5764
MD5 | b7f4012e21983e77a86ee662f8b50bb3
Ubuntu Security Notice USN-3543-1
Posted Jan 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3543-1 - It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16548, CVE-2018-5764
MD5 | 6a7d5c1711b70ccf0fd32fc7fa9be944
Debian Security Advisory 4094-1
Posted Jan 24, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4094-1 - It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2017-1000480
MD5 | dfcee3b5f519bf8bee3c485dbbc05993
Ubuntu Security Notice USN-3539-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3539-1 - It was discovered that GIMP incorrectly handled certain images. If a user were tricked into opening a specially crafted image, an attacker could possibly use this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789
MD5 | af9852c135d61d95dd05d59f984170de
Ubuntu Security Notice USN-3538-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3538-1 - Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, unix, ubuntu
advisories | CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2017-15906
MD5 | b38f34db0e15c7e599d23d4349fda45d
Debian Security Advisory 4093-1
Posted Jan 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4093-1 - Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host.

tags | advisory, arbitrary, protocol
systems | linux, debian
advisories | CVE-2018-5704
MD5 | 7ffcdc0b58babc7c2de9c03993a909d4
Debian Security Advisory 4092-1
Posted Jan 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4092-1 - The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, debian
advisories | CVE-2017-1000501
MD5 | 982233e43aaedc7935330788a6df25e2
Ubuntu Security Notice USN-3536-1
Posted Jan 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3536-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000001
MD5 | 8c4667c2973230ddb616da2d0fb05e48
Gentoo Linux Security Advisory 201801-18
Posted Jan 17, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-18 - Insufficient input validation in Newsbeuter may allow remote attackers to execute arbitrary shell commands. Versions less than 2.9-r3 are affected.

tags | advisory, remote, arbitrary, shell
systems | linux, gentoo
advisories | CVE-2017-12904
MD5 | 2e41bd1176e5ce1d057f0ab9c5760f96
Gentoo Linux Security Advisory 201801-17
Posted Jan 17, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-17 - Multiple vulnerabilities have been found in Poppler, the worst of which could allow the execution of arbitrary code. Versions less than 0.57.0-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-2820, CVE-2017-7511, CVE-2017-9083, CVE-2017-9406, CVE-2017-9408, CVE-2017-9865
MD5 | a4a80d8e3e07078ed1694908e4ef5313
Ubuntu Security Notice USN-3534-1
Posted Jan 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2017-1000408, CVE-2017-1000409, CVE-2017-15670, CVE-2017-15804, CVE-2017-16997, CVE-2017-17426, CVE-2018-1000001
MD5 | 4d8f3d9f108dacae4f21c559451d5fd0
Ubuntu Security Notice USN-3533-1
Posted Jan 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3533-1 - It was discovered that Transmission incorrectly handled certain POST requests to the RPC server and allowed DNS rebinding attack. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5702
MD5 | e506de6ad207d56ead8dbce91f87989a
Debian Security Advisory 4088-1
Posted Jan 16, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4088-1 - It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2017-1000422
MD5 | f298d01aa1fdb231d82e576017f24952
Ubuntu Security Notice USN-3532-1
Posted Jan 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3532-1 - It was discovered that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000422, CVE-2017-6312, CVE-2017-6313, CVE-2017-6314
MD5 | 3f971b48955f9beaa817a277d99f3328
Seagate Media Server Arbitrary File / Folder Deletion
Posted Jan 15, 2018
Authored by Yorick Koster, Securify B.V.

Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.

tags | exploit, arbitrary
MD5 | 5ae797b5faaf3d32724a1d8e66d233b3
PerfexCRM 1.9.7 Arbitrary File Upload
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

PerfexCRM version 1.9.7 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2017-17976
MD5 | dd329a51ede3ded550076b09be122174
Debian Security Advisory 4087-1
Posted Jan 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4087-1 - Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface(s) may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running.

tags | advisory, arbitrary
systems | linux, debian
MD5 | be99d0725a3cde8365e3370e032ff186
Gentoo Linux Security Advisory 201801-15
Posted Jan 15, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-15 - Multiple vulnerabilities have been found in PolarSSL, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1.3.9-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1182, CVE-2015-7575
MD5 | b1b7ebdbf9a50f174f0b9a7297943b15
Kaseya VSA R9.2 Arbitrary File Read
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.

tags | exploit, arbitrary
systems | windows
MD5 | 605ce3e61e7a1e700654afd0b394ab11
Debian Security Advisory 4084-1
Posted Jan 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4084-1 - It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, debian
advisories | CVE-2017-1000421
MD5 | 935c5bb19560c8989f888c418a53114b
D-Link Routers 110/412/615/815 Arbitrary Code Execution
Posted Jan 12, 2018
Authored by Cr0n1c

D-Link routers 110/412/615/815 versions prior to 1.03 suffer from a service.cgi arbitrary code execution vulnerability.

tags | exploit, arbitrary, cgi, code execution
MD5 | 3d62c7e0cb26b053130f3ca201d0f494
Page 3 of 515
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    11 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close