exploit the possibilities
Showing 76 - 100 of 14,614 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-4733-1
Posted Feb 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4733-1 - Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2020-36241
MD5 | 3c18fc22fd38af8603be0f826c12a53c
Ubuntu Security Notice USN-4732-1
Posted Feb 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4732-1 - It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-20227
MD5 | e0f6a0115e831021a7d9afe4e2b27703
Ubuntu Security Notice USN-4727-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4727-1 - Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-26708
MD5 | a8c89d3cda17bd2462a03e3fd24d9971
Ubuntu Security Notice USN-4728-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4728-1 - Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-27352
MD5 | 086df1dbda8bd6351da6a2f9cd5a4644
Ubuntu Security Notice USN-4717-2
Posted Feb 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4717-2 - USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | a0a85c5462fa046cf0f14ca932dd4eeb
Discord Probot Arbitrary File Upload
Posted Feb 9, 2021
Authored by thelastvvv

Discord Probot suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2021-26918
MD5 | fd81cb48fbf83ef8a47b35f2ebe27490
Ubuntu Security Notice USN-4724-1
Posted Feb 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4724-1 - It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-36221, CVE-2020-36223, CVE-2020-36225, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229
MD5 | 852e5d3d483b0c482e0d2cf0e83c7463
Ubuntu Security Notice USN-4723-1
Posted Feb 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4723-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-36193
MD5 | e5a5caaef47996d8ce8f41c96561ee25
Ubuntu Security Notice USN-4721-1
Posted Feb 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4721-1 - Simon McVittieg discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-21261
MD5 | 8fdb1b95064080911e8061c372c4f26b
Ubuntu Security Notice USN-4720-1
Posted Feb 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4720-1 - Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-25682, CVE-2021-25684
MD5 | 34798d94c26a3bd12acc34173bea402f
Ubuntu Security Notice USN-4720-2
Posted Feb 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4720-2 - USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-25682, CVE-2021-25684
MD5 | 49e34ac829aa531d6ce391a79f60d6fa
SQLMAP - Automatic SQL Injection Tool 1.5.2
Posted Feb 2, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 78c920583fa0ecc1970cdd57b22c5d8c
Ubuntu Security Notice USN-4717-1
Posted Feb 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4717-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23953, CVE-2021-23958, CVE-2021-23963
MD5 | f6f05555968e4f6500feca7736c8d8bc
Gentoo Linux Security Advisory 202102-02
Posted Feb 1, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202102-2 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.7.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964
MD5 | ebc98d5b25ce0c41703e4d2f27db7413
Gentoo Linux Security Advisory 202102-01
Posted Feb 1, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202102-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 85.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23953, CVE-2021-23954, CVE-2021-23955, CVE-2021-23956, CVE-2021-23958, CVE-2021-23960, CVE-2021-23961, CVE-2021-23962, CVE-2021-23963, CVE-2021-23964, CVE-2021-23965, CVE-2021-26976
MD5 | 517955742b3ce4ae0d2c862d8d2b85b0
Ubuntu Security Notice USN-4714-1
Posted Jan 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell, code execution
systems | linux, ubuntu
advisories | CVE-2020-26217, CVE-2020-26258, CVE-2020-26259
MD5 | 3cdeed73f8b46410b7481e928cd50ec1
Gentoo Linux Security Advisory 202101-37
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-37 - A buffer overflow in VLC might allow remote attacker(s) to execute arbitrary code. Versions less than 3.0.12.1 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2020-26664
MD5 | 96e16d024738b165decb6bd77604791b
Apple Security Advisory 2021-01-26-1
Posted Jan 27, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-01-26-1 - iOS 14.4 and iPadOS 14.4 address race condition and arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple, ios
advisories | CVE-2021-1782, CVE-2021-1870, CVE-2021-1871
MD5 | 9ea3bdc34259ca4f0ff33cda355065eb
Ubuntu Security Notice USN-4704-1
Posted Jan 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4704-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12562, CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19758, CVE-2019-3832
MD5 | 21c29b1fe2faf41239164e4ee250c1da
Gentoo Linux Security Advisory 202101-30
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-30 - Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code. Versions less than 5.15.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15959, CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15964, CVE-2020-15965, CVE-2020-15966, CVE-2020-15968, CVE-2020-15969, CVE-2020-15972, CVE-2020-15974, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15985, CVE-2020-15987, CVE-2020-15989, CVE-2020-15992, CVE-2020-16001, CVE-2020-16002, CVE-2020-16003, CVE-2020-6467, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472
MD5 | c3fe0f3860e8a822357dca9c7594275c
Gentoo Linux Security Advisory 202101-29
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-29 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which could result in the arbitrary execution of code. Versions less than *:1 and 2.4.0:2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-21010, CVE-2019-12973, CVE-2020-15389, CVE-2020-27814, CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27844, CVE-2020-27845
MD5 | 07ef80970301c9f0108866508e473edb
Gentoo Linux Security Advisory 202101-26
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-26 - Multiple vulnerabilities have been found in f2fs-tools, the worst of which could result in the arbitrary execution of code. Versions less than 1.14.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-6104, CVE-2020-6105, CVE-2020-6106, CVE-2020-6107, CVE-2020-6108
MD5 | 53b49771a96bcaaacbff50c3021291c3
Gentoo Linux Security Advisory 202101-24
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-24 - Multiple vulnerabilities have been found in cfitsio, the worst of which could result in the arbitrary execution of code. Versions less than 3.490 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, CVE-2018-3849
MD5 | 24687d5bab7bbfead9ce7efa6439a84c
Gentoo Linux Security Advisory 202101-23
Posted Jan 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-23 - Multiple vulnerabilities have been found in PEAR Archive_Tar, the worst of which could result in the arbitrary execution of code. Versions prior to 1.4.12 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193
MD5 | d8dc694ad651789684286f92beaa0a8b
PEAR Archive_Tar Arbitrary File Write
Posted Jan 25, 2021
Authored by gwillcox-r7, xorathustra | Site metasploit.com

This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.

tags | exploit, arbitrary, php
advisories | CVE-2020-28949
MD5 | 7c33e20f3f1e07af9b1f4641460e7354
Page 4 of 585
Back23456Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close