what you don't know can hurt you
Showing 51 - 75 of 13,563 RSS Feed

Arbitrary Files

SpiderMonkey IonMonkey Type Confusion
Posted Mar 29, 2019
Authored by saelo, Google Security Research

A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects.

tags | exploit, arbitrary
advisories | CVE-2019-9813
MD5 | cdcb535655303de5282b8e9ce3804be5
Gentoo Linux Security Advisory 201903-22
Posted Mar 28, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-22 - An overflow was discovered in ZeroMQ which could lead to arbitrary code execution. Versions less than 4.3.1 are affected.

tags | advisory, overflow, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2019-6250
MD5 | 33709c5e220d2f75d48cc2bc203ae5e9
Gentoo Linux Security Advisory 201903-19
Posted Mar 28, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-19 - Multiple vulnerabilities have been found in NASM, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.14.02 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10686, CVE-2017-11111, CVE-2017-14228
MD5 | 1e21f4bdc917d4ad8220c3ce959525c0
Gentoo Linux Security Advisory 201903-18
Posted Mar 28, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-18 - Multiple vulnerabilities have been found in GD, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.5-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000222, CVE-2018-5711, CVE-2019-6977, CVE-2019-6978
MD5 | 7b4489f5e7760ed912dafd127c4f193f
Gentoo Linux Security Advisory 201903-17
Posted Mar 28, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-17 - Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.0.4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-14448, CVE-2017-14449, CVE-2017-14450, CVE-2018-3837, CVE-2018-3838, CVE-2018-3839, CVE-2018-3977
MD5 | 640a6f62dbc3601a709909efd9cd8df7
SpiderMonkey IonMonkey Type Confusion
Posted Mar 27, 2019
Authored by saelo, Google Security Research

A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement (OSR) allows the compilation of JITed functions that cause type confusions between arbitrary objects.

tags | exploit, arbitrary
advisories | CVE-2019-9791
MD5 | 2d9234f04f13771cc4ba74f08b736649
Ubuntu Security Notice USN-3923-1
Posted Mar 27, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3923-1 - Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2018-16867, CVE-2018-16872, CVE-2018-19489, CVE-2018-20124, CVE-2018-20126, CVE-2018-20191, CVE-2018-20216, CVE-2019-3812, CVE-2019-6778
MD5 | b024339c2db287e9005b13ab875a6358
EMC Networker Remote Code Execution
Posted Mar 27, 2019
Site emc.com

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. Affected includes EMC NetWorker versions 8.2.x, versions 9.0.x, versions prior to 9.1.1.5, and versions prior to 9.2.1.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2017-8023
MD5 | d4ad7dad430064e44913f62d12c1c39a
WordPress article2pdf 0.24 DoS / File Deletion / Disclosure
Posted Mar 26, 2019
Authored by Christian Lerrahn

WordPress article2pdf plugin versions 0.24 and above suffer from resource exhaustion, arbitrary file download, and file deletion vulnerabilities.

tags | exploit, denial of service, arbitrary, vulnerability, info disclosure
advisories | CVE-2019-1000031, CVE-2019-1010257
MD5 | a3fb25b6a00d807f2adabe48a88f8120
Red Hat Security Advisory 2019-0638-01
Posted Mar 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0638-01 - Openwsman is a project intended to provide an open source implementation of the Web Services Management specification and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Issues addressed include an arbitrary file disclosure vulnerability.

tags | advisory, web, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2019-3816
MD5 | f9e43c97756197dd052dae71ecd54b05
SPIP CMS 2.x / 3.x Add Administrator / File Upload
Posted Mar 26, 2019
Authored by KingSkrupellos

SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, add administrator, file upload
MD5 | 894150aaed7a06655bcf6e2a4dad0aec
Ubuntu Security Notice USN-3919-1
Posted Mar 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3919-1 - Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2019-9810
MD5 | 43cba013add5db698a9143d66ef6229d
Ubuntu Security Notice USN-3918-2
Posted Mar 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-2 - USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9788, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9797, CVE-2019-9799, CVE-2019-9803, CVE-2019-9805, CVE-2019-9808, CVE-2019-9809
MD5 | 3cc54cc98b969abde01121cb96a68dd0
VMware Host VMX Process COM Class Hijack Privilege Escalation
Posted Mar 25, 2019
Authored by James Forshaw, Google Security Research

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2019-5512
MD5 | 89f47ed75e40cece6cb2c49cd4ca6364
Debian Security Advisory 4417-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4417-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2019-9810, CVE-2019-9813
MD5 | 4194c21d46ced4a632cf2374f2304906
Debian Security Advisory 4415-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4415-1 - An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.

tags | advisory, web, arbitrary, local
systems | linux, debian
advisories | CVE-2017-16355
MD5 | 5c9b4be934301f5e14af50369cc690e6
Ubuntu Security Notice USN-3918-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9788, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9803, CVE-2019-9805, CVE-2019-9808, CVE-2019-9809
MD5 | 7a027189c82bdc87f59c8d573a89c651
Ubuntu Security Notice USN-3915-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3915-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-3835
MD5 | 51af7b4abfe723103eb813857d63f1b1
Ubuntu Security Notice USN-3914-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3914-1 - A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.

tags | advisory, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-9755
MD5 | 0d6118cd73ef057e584a045b065f72bc
Debian Security Advisory 4411-1
Posted Mar 21, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4411-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796
MD5 | a55828919dc149d864f25e35999b7b7d
Ubuntu Security Notice USN-3912-1
Posted Mar 21, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3912-1 - It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12447
MD5 | 6148b2880eeab129f7f0943d1cac0eb5
Rails 5.2.1 Arbitrary File Content Disclosure
Posted Mar 21, 2019
Authored by NotoriousRebel

Rails version 5.2.1 suffers from an arbitrary file content disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2019-5418
MD5 | 41d6eb04a30e870d483a1c0d4a72cba3
Gentoo Linux Security Advisory 201903-15
Posted Mar 19, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-12327, CVE-2019-8936
MD5 | 8df860a16344eea891017b2ab32a71ef
Ubuntu Security Notice USN-3906-2
Posted Mar 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10779, CVE-2018-17101
MD5 | d6332636e5ade7508bf28fbcac3c59cc
exacqVision 9.8 Unquoted Service Path Privilege Escalation
Posted Mar 18, 2019
Authored by LiquidWorm | Site zeroscience.mk

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
MD5 | 98a9960106f1cef1cf55ce4666251455
Page 3 of 543
Back12345Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    4 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close