exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 16,710 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-6710-2
Posted Apr 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-29943, CVE-2024-29944
SHA-256 | 10451fa33f7fbd875188c19a379b2973058dd79a55dd446fd39ec8ac1da5fdd6
Debian Security Advisory 5653-1
Posted Apr 3, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5653-1 - Claudio Bozzato discovered multiple security issues in gtkwave, a file waveform viewer for VCD (Value Change Dump) files, which may result in the execution of arbitrary code if malformed files are opened.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2023-32650, CVE-2023-34087, CVE-2023-34436, CVE-2023-35004, CVE-2023-35057, CVE-2023-35128, CVE-2023-35702, CVE-2023-35703, CVE-2023-35704, CVE-2023-35955, CVE-2023-35956, CVE-2023-35957, CVE-2023-35958, CVE-2023-35959
SHA-256 | 67b85cf5a337b769da34923cfe2fc14922cd5a859ef61240a5384ffd64ca7817
GL-iNet MT6000 4.5.5 Arbitrary File Download
Posted Apr 2, 2024
Authored by Bandar Alharbi

GL-iNet MT6000 version 4.5.5 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2024-27356
SHA-256 | e3ac85e1aa3ca84b8c1cb8ba2f06777fa8a4ef188ab561304e9fe0ce4f1732cc
Debian Security Advisory 5648-1
Posted Mar 29, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-2625, CVE-2024-2626, CVE-2024-2627, CVE-2024-2628, CVE-2024-2629, CVE-2024-2630, CVE-2024-2631, CVE-2024-2883, CVE-2024-2885, CVE-2024-2886, CVE-2024-2887
SHA-256 | d045fe2df3a7b0da1744ec322c6841faa9dc1ec5194d51870e6e7ca36abd50d6
Ubuntu Security Notice USN-6707-4
Posted Mar 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2024-1085, CVE-2024-1086
SHA-256 | 1e54ff144f57b2bd5a30a36e13436904969117b6a92329a52019596e2864df7a
Ubuntu Security Notice USN-6715-1
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6715-1 - It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-1013
SHA-256 | 90500728052033e5941baa0debec66d17de2cf01ce56e1158e2523b231aff382
util-linux wall Escape Sequence Injection
Posted Mar 28, 2024
Authored by Skyler Ferrante

The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.

tags | exploit, arbitrary
systems | linux, debian, ubuntu, centos
advisories | CVE-2024-28085
SHA-256 | c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077
Ubuntu Security Notice USN-6686-5
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6686-5 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-22995, CVE-2023-4134, CVE-2023-46343, CVE-2023-46862, CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2024-0340, CVE-2024-0607
SHA-256 | 2cf164acfc4647fa9f9d903eb698a241428bb60c804a90e576400594cbc4ac09
WordPress Bricks Builder Theme 1.9.6 Remote Code Execution
Posted Mar 27, 2024
Authored by Valentin Lobstein, Calvin Alkan | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-25600
SHA-256 | 5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5
Artica Proxy Unauthenticated PHP Deserialization
Posted Mar 27, 2024
Authored by h00die-gr3y, Jaggar Henry | Site metasploit.com

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0
Ubuntu Security Notice USN-6717-1
Posted Mar 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6717-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-5388, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616
SHA-256 | c7e276778f2c974b0aa76f968f7adfbc3e4984a93e8eaf31675ad13306e8e12a
Ubuntu Security Notice USN-6714-1
Posted Mar 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6714-1 - It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands.

tags | advisory, arbitrary, shell
systems | linux, debian, ubuntu
advisories | CVE-2023-27635
SHA-256 | d54f6944dfabbda777fb8a78361b6893760736de4073959bba84adbd8fa06495
Ubuntu Security Notice USN-6707-3
Posted Mar 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6707-3 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2024-1085, CVE-2024-1086
SHA-256 | 4481855a0359e6fcdb7c16104841f3e2ebed01d718273c406f874c85f64846a5
Ubuntu Security Notice USN-6711-1
Posted Mar 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6711-1 - Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline.

tags | advisory, arbitrary, shell, local
systems | linux, ubuntu
advisories | CVE-2020-35459
SHA-256 | 561d06378a4d832e9a803e7cdd95a4af11f2b3f29f3a2e2508d84ddaebf01a8d
Ubuntu Security Notice USN-6713-1
Posted Mar 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6713-1 - It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-24246
SHA-256 | 8599d683e2b4517e16898898180dc7a0b2cdc7ba2174e82a8a13679c86f88304
Ubuntu Security Notice USN-6710-1
Posted Mar 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6710-1 - Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-29943, CVE-2024-29944
SHA-256 | cda91a51f7eccf5cc349e1e3b85719bd26d54ad0308e44c693aedf48562d1b72
Debian Security Advisory 5645-1
Posted Mar 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5645-1 - Manfred Paul discovered a flaw in the Mozilla Firefox web browser, allowing an attacker to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.

tags | advisory, web, arbitrary, javascript
systems | linux, debian
advisories | CVE-2024-29944
SHA-256 | 4f5d9a853e227dab14b126ce8536d5e0bccc071fc1e3eea740c201c1d75a9146
Debian Security Advisory 5644-1
Posted Mar 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5644-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2023-5388, CVE-2024-0743, CVE-2024-1936, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616
SHA-256 | 52c9ec4f8c2d47616afc49e17f3a3b204457658b0cbdb5e77c7a81280f8c2fce
Debian Security Advisory 5643-1
Posted Mar 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5643-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2023-5388, CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616
SHA-256 | a448517a42a8f898647c5aa7c7b1e0258fff75928a056aa5b3eb6c5fe41ab76b
Ubuntu Security Notice USN-6700-2
Posted Mar 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6700-2 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2022-20567, CVE-2023-34256, CVE-2023-39197, CVE-2023-51781, CVE-2024-0775, CVE-2024-1086, CVE-2024-24855
SHA-256 | 4c2466c5a1092f0062ced6462c5b58b113956d4b9c6caa9042e032feef05a6f5
OpenNMS Horizon 31.0.7 Remote Command Execution
Posted Mar 21, 2024
Authored by Erik Wynter | Site metasploit.com

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges. In that case, the module will automatically escalate privileges via CVE-2023-40315 or CVE-2023-0872 if necessary. This module has been successfully tested against OpenNMS version 31.0.7.

tags | exploit, arbitrary
advisories | CVE-2023-0872, CVE-2023-40315
SHA-256 | 3f4bb30dfda25dcbdb6102b0fdb461fcf55bdef37e5fb47cb7df1b150d2438a1
Debian Security Advisory 5642-1
Posted Mar 21, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, php
systems | linux, debian
advisories | CVE-2023-50251, CVE-2023-50252, CVE-2024-25117
SHA-256 | 5e13068f973fafd73dbd6db137d7088337677e0ff95c185b8076cc2a7f0f192f
Ubuntu Security Notice USN-6707-1
Posted Mar 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6707-1 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2024-1085, CVE-2024-1086
SHA-256 | 3b637593e8639c976d8633bfafd249dde177e122d4fd4b290472de0d4aad72b9
Ubuntu Security Notice USN-6707-2
Posted Mar 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6707-2 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2024-1085, CVE-2024-1086
SHA-256 | 5a61fb451857004e26d020b0c774144828ef079142309d729e79b3b726df05ca
Xbox GamingService Arbitrary Folder Move
Posted Mar 21, 2024
Authored by Filip Dragovic

Proof of concept exploit for an arbitrary folder move issue in the GamingService component of Xbox.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2024-2891
SHA-256 | 960b90e5dd57b045b10aa005fae3c30c8da6ba69285fea3ec4273f6b126c64fc
Page 4 of 669
Back23456Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close