what you don't know can hurt you
Showing 76 - 100 of 13,454 RSS Feed

Arbitrary Files

Kernel Live Patch Security Notice LSN-0046-1
Posted Dec 20, 2018
Authored by Benjamin M. Romer

It was discovered that an integer overflow vulnerability existed in the CDRom driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-5753, CVE-2018-10880, CVE-2018-10902, CVE-2018-14734, CVE-2018-16276, CVE-2018-16658, CVE-2018-18445, CVE-2018-18690, CVE-2018-18710, CVE-2018-9363
MD5 | 62b6f4b7e6e1fd65e163f970baba56dc
Ubuntu Security Notice USN-3847-2
Posted Dec 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3847-2 - USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10902, CVE-2018-12896, CVE-2018-14734, CVE-2018-16276, CVE-2018-18445, CVE-2018-18690, CVE-2018-18710
MD5 | b0c6ce592d43ca8552efd6262de2cbbb
Ubuntu Security Notice USN-3847-1
Posted Dec 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3847-1 - It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2018-10902, CVE-2018-12896, CVE-2018-14734, CVE-2018-16276, CVE-2018-18445, CVE-2018-18690, CVE-2018-18710
MD5 | 5703c2f44fdffc67aa1c3e986372d1a0
Debian Security Advisory 4356-1
Posted Dec 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4356-1 - Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, an implementation of the AppleTalk Protocol Suite, allowing an unauthenticated user to execute arbitrary code with root privileges.

tags | advisory, arbitrary, root, protocol
systems | linux, debian
advisories | CVE-2018-1160
MD5 | 9de55ea3fc805ca7f3f0c1fd3e1fd942
Razer Cortex Debugger Remote Command Execution
Posted Dec 17, 2018
Authored by Tavis Ormandy, Google Security Research

Razer Cortex has a CEF debugger stub enabled by default allowing arbitrary remote command execution.

tags | exploit, remote, arbitrary
MD5 | 1d2152a1c114ec3e8cfb933b419a219c
Mikrotik RouterOS Telnet Arbitrary Root File Creation
Posted Dec 14, 2018
Authored by Hacker Fantastic

An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem. However an attacker can leverage the "set tracefile" option to write an arbitrary file into any "rw" area of the filesystem, escaping the restricted shell to gain access to a "ash" busybox shell on some versions. The file is created with root privileges regardless of the RouterOS defined group.

tags | exploit, arbitrary, shell, root
MD5 | 3572fecc2d0fb3043e6bd86755fb6b8a
Safari Proxy Object Type Confusion
Posted Dec 13, 2018
Authored by saelo | Site metasploit.com

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion.

tags | exploit, arbitrary, javascript
advisories | CVE-2018-4233, CVE-2018-4404
MD5 | c501475e6a50c14cfc8ea6a100c5476d
Micro Focus Security Bulletin MFSBGN03835 1
Posted Dec 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03835 1 - The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method. Revision 1 of this advisory.

tags | advisory, arbitrary, local, vulnerability
advisories | CVE-2018-7690, CVE-2018-7691
MD5 | a82397b74c12246840801aa85de6924c
Debian Security Advisory 4354-1
Posted Dec 13, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498
MD5 | 069b08206411c967d5eeab694c9e2c5a
Ubuntu Security Notice USN-3845-1
Posted Dec 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3845-1 - Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-8784, CVE-2018-8788, CVE-2018-8789
MD5 | 7c30480f14d84266396689b1137c7a58
WordPress Snap Creek Duplicator Code Injection
Posted Dec 12, 2018
Authored by Thomas Chauchefoin, Julien Legras | Site metasploit.com

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2018-17207
MD5 | 3e9bb4227872fd85077a0576d93fc20f
PrinterOn Enterprise 4.1.4 Arbitrary File Deletion
Posted Dec 12, 2018
Authored by bzyo

PrinterOn Enterprise version 4.1.4 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-19936
MD5 | d5530e12addfc38c0afd9a1265c92f72
Ubuntu Security Notice USN-3844-1
Posted Dec 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3844-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-12405, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18494, CVE-2018-18497, CVE-2018-18498
MD5 | cd05546757b473bab2c95bffccfca6cc
Ubuntu Security Notice USN-3843-2
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3843-2 - USN-3843-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5297
MD5 | 6750b72273b628db8f06739166f59793
Ubuntu Security Notice USN-3843-1
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3843-1 - It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5297
MD5 | 070f65503dc6e6c2f7d2711ac101acd4
Debian Security Advisory 4353-1
Posted Dec 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4353-1 - Multiple security issues were found in PHP, a widely-used open source denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.

tags | advisory, denial of service, arbitrary, shell, php, info disclosure
systems | linux, debian
advisories | CVE-2018-14851, CVE-2018-14883, CVE-2018-17082, CVE-2018-19518, CVE-2018-19935
MD5 | d9b1a99e04d2c1e6335bb4aef129d5a1
McAfee True Key 5.1.173.1 Privilege Escalation
Posted Dec 11, 2018
Authored by James Forshaw, Google Security Research

McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-6755, CVE-2018-6756, CVE-2018-6757
MD5 | f1a320f91998eaef2cba50213365ef59
WordPress Total-Child-Theme-Master 1.0 Arbitrary File Disclosure
Posted Dec 10, 2018
Authored by KingSkrupellos

WordPress Total-Child-Theme-Master theme version 1.0 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | bd7be3561f509a07fff0647a2b678b9b
WordPress NikolayDyankovDesign 2.0 Arbitrary File Disclosure
Posted Dec 10, 2018
Authored by KingSkrupellos

WordPress NikolayDyankovDesign theme version 2.0 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 7319655844999b939030dbbc03848d4e
Debian Security Advisory 4351-1
Posted Dec 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4351-1 - It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code.

tags | advisory, remote, arbitrary, php
systems | linux, debian
advisories | CVE-2018-19296
MD5 | caddae86ea0cbb47f309c50d59d72537
SQLMAP - Automatic SQL Injection Tool 1.2.12
Posted Dec 7, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 431249d7af567a0c9086f93e62aa44fa
Ubuntu Security Notice USN-3831-2
Posted Dec 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3831-2 - USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | 90e4e6902a9545090e0ab2f68dbb0ec5
Ubuntu Security Notice USN-3838-1
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3838-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5807, CVE-2018-5813
MD5 | 879b86e3856df5f621b8482aaf06a069
Ubuntu Security Notice USN-3811-3
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-3 - USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-11780, CVE-2018-11781
MD5 | 99e9b14016913915026a9427dfc058dc
FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve
Posted Dec 6, 2018
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

tags | advisory, arbitrary, root, code execution
systems | freebsd, bsd
advisories | CVE-2018-17160
MD5 | 7dc5a9cc50e7bfcc59073a947a869ea7
Page 4 of 539
Back23456Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close