exploit the possibilities
Showing 76 - 100 of 14,374 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-4485-1
Posted Sep 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4485-1 - Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-20669, CVE-2019-19947, CVE-2019-20810, CVE-2020-10732, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10781, CVE-2020-12655, CVE-2020-12656, CVE-2020-12771, CVE-2020-13974, CVE-2020-15393, CVE-2020-24394
MD5 | 3eab8c5a9aa035dc793457aedf9c3e72
SQLMAP - Automatic SQL Injection Tool 1.4.9
Posted Sep 1, 2020
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Bug fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | f79dac9b60f40ccdb4e1a05797b7cdc6
Ubuntu Security Notice USN-4481-1
Posted Sep 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4481-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-11095, CVE-2020-11099, CVE-2020-4032
MD5 | 090b672f0d3e9db866a8396ad60db36c
Gentoo Linux Security Advisory 202008-24
Posted Aug 31, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-24 - Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in the arbitrary execution of code. Versions less than 8.262_p01:8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
MD5 | bac441ff6c23a56ecf12a54861adbd64
Gentoo Linux Security Advisory 202008-21
Posted Aug 31, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-21 - A vulnerability in Kleopatra allows arbitrary execution of code. Versions less than 20.04.3-r1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2020-24972
MD5 | 8f64adf00274ff377f4c7733ffbe3e64
Gentoo Linux Security Advisory 202008-20
Posted Aug 31, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-20 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the arbitrary execution of code. Versions less than 9.52 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15900, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538
MD5 | 83377a4675a26eafbe579f5ad0fce200
Gentoo Linux Security Advisory 202008-18
Posted Aug 28, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-18 - Multiple vulnerabilities have been found in X.org X11 library, the worst of which could result in the arbitrary execution of code. Versions less than 1.6.12 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14344, CVE-2020-14363
MD5 | d0ab1e41ff7ebed3a58b9501ce1fcea9
Gentoo Linux Security Advisory 202008-17
Posted Aug 28, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in the arbitrary execution of code. Versions less than 5.0.9 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15047, CVE-2020-14147
MD5 | cbead2459b280eb6450f64a23bc18eb2
Gentoo Linux Security Advisory 202008-16
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-16 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.12.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15664, CVE-2020-15669
MD5 | d2d5fa8f239faecd411afea010b9d763
Gentoo Linux Security Advisory 202008-11
Posted Aug 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-11 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 85.0.4183.83 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-6559, CVE-2020-6560, CVE-2020-6561, CVE-2020-6562, CVE-2020-6563, CVE-2020-6564, CVE-2020-6565, CVE-2020-6566, CVE-2020-6567, CVE-2020-6568, CVE-2020-6569, CVE-2020-6570, CVE-2020-6571
MD5 | 17ebfee40a5ca3c70489622b57e48299
Ubuntu Security Notice USN-4474-1
Posted Aug 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4474-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2020-12400, CVE-2020-15665, CVE-2020-15666, CVE-2020-15668
MD5 | f0025dd9b075706dd47481ec7cc4d553
Ubuntu Security Notice USN-4472-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4472-1 - Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Andres Freund discovered that PostgreSQL incorrectly handled search path elements in CREATE EXTENSION. A remote attacker could possibly use this issue to execute arbitrary SQL code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14349, CVE-2020-14350
MD5 | e8dbab859b9c49076c5685284036ee91
Gentoo Linux Security Advisory 202008-10
Posted Aug 25, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-10 - A vulnerability has been found in Chromium and Google Chrome that could allow a remote attacker to execute arbitrary code. Versions less than 84.0.4147.135 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2020-6556
MD5 | 8ab9a2be07f7e249c38cce579f9f391d
Ubuntu Security Notice USN-4470-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4470-1 - Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6318, CVE-2020-12861, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
MD5 | ddfead9153ff3c90a15664f77f2e695c
Ubuntu Security Notice USN-4469-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4469-1 - It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16287, CVE-2020-16291, CVE-2020-16295, CVE-2020-16299, CVE-2020-16303, CVE-2020-16307, CVE-2020-17538
MD5 | 2d9bb0274240c392bfc66cd2aee77609
Ubuntu Security Notice USN-4471-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4471-1 - Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15861, CVE-2020-15862
MD5 | 50fa4bedbfcc6939a19f53cd8b56ae6f
Ericom Access Server 9.2.0 Server-Side Request Forgery
Posted Aug 22, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.

tags | exploit, arbitrary, tcp
advisories | CVE-2020-24548
MD5 | 00835b7add7f159a6244efac16d7a915
Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.

tags | exploit, arbitrary
MD5 | fd7bb44dd6320c3825c09283301d799e
PAC Bypass Due To Unprotected Function Pointer Imports
Posted Aug 19, 2020
Authored by saelo, Google Security Research

PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers (as well as some data pointers) at runtime. However, it seems that imports of function pointers from shared libraries in userspace are not properly protected by PAC, allowing an attacker to sign arbitrary pointers and thus bypass PAC.

tags | advisory, arbitrary
advisories | CVE-2020-9870
MD5 | 1d4d2c1d8f30ccfd1c36adfae489b2a3
Ubuntu Security Notice USN-4457-2
Posted Aug 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4457-2 - USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15709
MD5 | 9b4d94e36e68614a576fb7adcba68cc3
Geutebruck testaction.cgi Remote Command Execution
Posted Aug 17, 2020
Authored by Davy Douhine | Site metasploit.com

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware versions 1.12.13.2 and 1.12.14.5 when the 'type' GET parameter is set to 'ntp'. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, arbitrary, cgi, root, code execution
advisories | CVE-2020-16205
MD5 | 1808f8c08c4e0f56746b33c5880b103d
Ubuntu Security Notice USN-4459-1
Posted Aug 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4459-1 - It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute arbitrary code or crash the server. It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15750, CVE-2018-15751, CVE-2019-17361, CVE-2020-11652
MD5 | fab02805099e5ba345f240d307c51f20
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, web, arbitrary
MD5 | 4b229bf7159213f08c6c5c724d811ce5
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability.

tags | exploit, web, arbitrary
MD5 | 4ec2d17bffc03ecbcdff736a646ec399
Ubuntu Security Notice USN-4457-1
Posted Aug 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4457-1 - Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15709
MD5 | ecb41f82ad36c486d2149a4f5bc4a612
Page 4 of 575
Back23456Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close