what you don't know can hurt you
Showing 76 - 100 of 15,097 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-5359-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5359-1 - Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-25032
SHA-256 | d86fd6c18100320089eb6c892b3934a7fd83a90dab64630caba832caecfe673f
Ubuntu Security Notice USN-5356-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5356-1 - Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-12594, CVE-2019-7165
SHA-256 | e3839ee571468680b81112957309e74a8af6ee0fa66b2e646caf9672ba1cf90f
Ubuntu Security Notice USN-5358-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5358-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-1055, CVE-2022-27666
SHA-256 | 6014beb1c2288fa564666e3a8cc2728d4f9100f4d4f9d8585a4f7e619cce7702
Ubuntu Security Notice USN-5357-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5357-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27666
SHA-256 | d5cfae3dd3a1ace57560baad4ec8506d71d870b74dea62b48667b6febe4c77db
Ubuntu Security Notice USN-5355-2
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5355-2 - USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-25032
SHA-256 | bd7bd9de57a4bed18909c272ff1654178c42449228d7c6020d29b7ecf83a4081
Ubuntu Security Notice USN-5355-1
Posted Mar 31, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5355-1 - Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-25032
SHA-256 | 23634ab2e48f0bdf4e10ce11f4dbd2b9a409a2e06ec401c9576d2434ceac9f05
Ubuntu Security Notice USN-5350-1
Posted Mar 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5350-1 - It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1096
SHA-256 | 7c7a4c167fe50a7b42bf84126d0d09be27e52d593b977b8cbe1af81c3d7b11a1
Ubuntu Security Notice USN-5353-1
Posted Mar 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5353-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27666
SHA-256 | 406d29aa368301ce542b4f6f12fd32301120acf9aa904fef9458e3370d29fa8d
Fingerprint Attendance 1.0 Account Takeover
Posted Mar 29, 2022
Authored by Hejap Zairy

Fingerprint Attendance version 1.0 allows for an arbitrary password reset of any user.

tags | exploit, arbitrary, bypass
SHA-256 | 349d72455afa61c19576dd3b35d2b351fb9e9242b3dc49747aede103705ebd0b
Ubuntu Security Notice USN-5348-1
Posted Mar 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5348-1 - David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-13982, CVE-2018-16831, CVE-2021-21408, CVE-2021-26119, CVE-2021-26120, CVE-2021-29454
SHA-256 | 0772a4f586431a77ce7e420bfb608884c2576b38b6bef725c3a3b511a53168bd
Ubuntu Security Notice USN-5321-3
Posted Mar 25, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5321-3 - USN-5321-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-26383, CVE-2022-26387
SHA-256 | 3d7bc90a79a0814602089234f5c04c4d39f5707208f69d54d7ec8df656aa52b2
Kernel Live Patch Security Notice LSN-0085-1
Posted Mar 24, 2022
Authored by Benjamin M. Romer

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2022-0492, CVE-2022-25636
SHA-256 | 2192c199581e31d17ad1f82ccb72319fb36da887cc27a4431990dced1f3967d7
Ubuntu Security Notice USN-5345-1
Posted Mar 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5345-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined behaviour, spoof the browser UI, or execute arbitrary code. It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2022-0566, CVE-2022-22754, CVE-2022-22756, CVE-2022-22760, CVE-2022-22764, CVE-2022-26381, CVE-2022-26386, CVE-2022-26387
SHA-256 | 158e67eea2f1566d437c34e7e51105fbd18e6d48a7076eb1db7f2932c00300c5
Foxit PDF Editor (iOS) 11.3.1 Arbitrary File Upload
Posted Mar 24, 2022
Authored by Saud Alenazi

Foxit PDF Editor (iOS) version 11.3.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
systems | ios
SHA-256 | eee6585def5e7c7d4e32865c6af95620ceb8365f388cac02687c0e833289acfa
ImpressCMS 1.4.2 SQL Injection / Remote Code Execution
Posted Mar 23, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the "groups" POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the "users" database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.

tags | exploit, remote, arbitrary, php, code execution, sql injection
advisories | CVE-2021-26598, CVE-2021-26599
SHA-256 | 576e64698cc9d7062dccead415b9bdbbe2c02e4ae86258cd980164b5e56355cc
Ubuntu Security Notice USN-5340-1
Posted Mar 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5340-1 - Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-9861, CVE-2020-9281, CVE-2021-32808, CVE-2021-32809, CVE-2021-33829, CVE-2021-37695
SHA-256 | 9cd0120842dd043b5e493d3eb8821794d81f1b61c1e795bb4c60d255fb26b0b3
WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read
Posted Mar 23, 2022
Authored by Hassan Khan Yusufzai

WordPress Amministrazione Aperta plugin version 3.7.3 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary
SHA-256 | 1af5cdbca2fba34e20952246b62d1c6ea3c147e377bb3da4d6af9bc7e3a8b828
ImpressCMS 1.4.2 Path Traversal
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.

tags | exploit, arbitrary
advisories | CVE-2021-26601
SHA-256 | 54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4
Ubuntu Security Notice USN-5337-1
Posted Mar 22, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5337-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-39685, CVE-2021-39698, CVE-2021-4135, CVE-2021-4197, CVE-2021-43975, CVE-2021-44733, CVE-2021-45095, CVE-2021-45402, CVE-2021-45480, CVE-2022-0264, CVE-2022-0382, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-23222
SHA-256 | 4dff7bdfe15d8b868bc4461cfd70105479202ceeccf3bca61cd797c093e0dd5a
WordPress iQ Block Country 1.2.13 Arbitrary File Deletion
Posted Mar 21, 2022
Authored by Ceylan Bozogullarindan

WordPress iQ Block Country plugin version 1.2.13 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2022-0246
SHA-256 | f0010d1dc3064386061b5ec573e0ad6624d9a232d481f124beeca9af833a6844
Ubuntu Security Notice USN-5334-1
Posted Mar 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5334-1 - It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate privileges and execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1336
SHA-256 | add317a5b70e25176f9c2f5d18c0835076f10094c0aa267e733a69d170fd2acd
Ubuntu Security Notice USN-5331-1
Posted Mar 16, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5331-1 - It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16301, CVE-2020-8037
SHA-256 | 1d5f8cad45dcdb42f66dccd02e8ff366a5939d04f5522deaf7673ae1a91d5ad3
Ubuntu Security Notice USN-5325-1
Posted Mar 14, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5325-1 - Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-20044, CVE-2021-45444
SHA-256 | 2815342c4cdaeae4ab9c8827097fde4fdda0fb158320b2765458587fe19ecd13
Ubuntu Security Notice USN-5324-1
Posted Mar 14, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5324-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23308
SHA-256 | 1c5149aad5b6facae2ac354370493c1b521e49e3b4342c008109ec12f8ec6a06
Ubuntu Security Notice USN-5323-1
Posted Mar 14, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5323-1 - It was discovered that NBD incorrectly handled name length fields. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-26495
SHA-256 | 77d0e6f999cc44c9d85a24c4876e5d030dfba11e02ef908b0cee49add8818def
Page 4 of 604
Back23456Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close