what you don't know can hurt you
Showing 76 - 100 of 14,272 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-4404-2
Posted Jun 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4404-2 - USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Thomas E. Carroll discovered that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-5963, CVE-2020-5967, CVE-2020-5973
MD5 | b5935e1b343dcc6884e352cc5e7dbac4
Cisco AnyConnect Path Traversal / Privilege Escalation
Posted Jun 25, 2020
Authored by Yorick Koster, Christophe de la Fuente, Antoine Goichot | Site metasploit.com

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).

tags | exploit, arbitrary, x86, local, tcp, code execution
systems | cisco, windows, 7
advisories | CVE-2020-3153
MD5 | 0ce466f922be78b19e5b1169c13ef711
Online Student Enrollment System 1.0 Arbitrary File Upload
Posted Jun 22, 2020
Authored by BKpatron

Online Student Enrollment System version 1.0 suffers from an unauthenticated arbitrary file vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 82d4e855a4f70039fa7c52673309699c
Gentoo Linux Security Advisory 202006-21
Posted Jun 16, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-21 - A vulnerability has been discovered in Apache Tomcat which could result in the arbitrary execution of code. Versions less than 7.0.104:7 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2020-9484
MD5 | b9904ecfbc9febf21a173f0f293cfbb6
Gentoo Linux Security Advisory 202006-22
Posted Jun 16, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-22 - Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code. Versions less than 8.252_p09 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-2585, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830
MD5 | b3b8ae15fbd28c09dede89451b02f389
Gentoo Linux Security Advisory 202006-19
Posted Jun 16, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-19 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.9.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-12398, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410
MD5 | d05be0024a72f99c3925c805a5d8c724
Gentoo Linux Security Advisory 202006-17
Posted Jun 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-17 - Multiple vulnerabilities have been found in FAAD2, the worst of which could result in the arbitrary execution of code. Versions less than 2.9.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-19502, CVE-2018-19503, CVE-2018-19504, CVE-2018-20194, CVE-2018-20195, CVE-2018-20196, CVE-2018-20197, CVE-2018-20198, CVE-2018-20199, CVE-2018-20357, CVE-2018-20358, CVE-2018-20359, CVE-2018-20360, CVE-2018-20361, CVE-2018-20362, CVE-2019-15296, CVE-2019-6956
MD5 | 0fba9ed1000898906f828fb6140fd154
Gentoo Linux Security Advisory 202006-15
Posted Jun 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-15 - Multiple vulnerabilities have been found in OpenConnect, the worst of which could result in the arbitrary execution of code. Versions less than 8.09-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-12105, CVE-2020-12823
MD5 | 8fa705fd0b0d09a7c97049a1de6a1348
Gentoo Linux Security Advisory 202006-14
Posted Jun 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-14 - A buffer overflow in the PEAR module Archive_Tar might allow local or remote attacker(s) to execute arbitrary code. Versions below 1.4.5 are affected.

tags | advisory, remote, overflow, arbitrary, local
systems | linux, gentoo
advisories | CVE-2018-1000888
MD5 | a3b9a32b7e277d50593b70c010688890
GOG GalaxyClientService Privilege Escalation
Posted Jun 15, 2020
Authored by Joe Testa | Site metasploit.com

This Metasploit module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected).

tags | exploit, arbitrary
advisories | CVE-2020-7352
MD5 | cdccccea0f5e4601df382d735f6b3d5a
SmarterMail 16 Arbitrary File Upload
Posted Jun 13, 2020
Authored by vvhack.org

SmarterMail 16 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 72450c5aaab572c56de94f8bfdb91744
Gentoo Linux Security Advisory 202006-07
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-7 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.9.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-12405, CVE-2020-12406, CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410, CVE-2020-12411
MD5 | 1dff3a35d7e048e992577693c9c49e95
Gentoo Linux Security Advisory 202006-08
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-8 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.28.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10018, CVE-2020-11793, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902
MD5 | e0641f66b5310fc66d5c30645f9e4540
Gentoo Linux Security Advisory 202006-06
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-6 - Multiple vulnerabilities have been found in ssvnc, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 1.0.29-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20024
MD5 | ccf3d343ee86dccfd49618460f64a593
Gentoo Linux Security Advisory 202006-05
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-5 - Nokogiri has a vulnerability allowing arbitrary execution of code if a certain function is used. Versions less than 1.10.4 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2019-5477
MD5 | 0961a15d4c55592989b001b1f4672bab
Gentoo Linux Security Advisory 202006-02
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-2 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 83.0.4103.97 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468, CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473, CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6477, CVE-2020-6478, CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483, CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488, CVE-2020-6489, CVE-2020-6490, CVE-2020-6491, CVE-2020-6493
MD5 | 930375bd60b7bba33caa44532d180990
Gentoo Linux Security Advisory 202006-09
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-9 - A flaw in Adobe Flash Player may allow local or remote attacker(s) to execute arbitrary code. Versions less than 32.0.0.387 are affected.

tags | advisory, remote, arbitrary, local
systems | linux, gentoo
advisories | CVE-2020-9633
MD5 | ac74f8897e8e15e5fdc48661b468223b
Gentoo Linux Security Advisory 202006-11
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-11 - Multiple vulnerabilities have been found in Ansible, the worst of which could result in the arbitrary execution of code. Versions less than 2.9.7 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10684, CVE-2020-10685, CVE-2020-1733, CVE-2020-1735, CVE-2020-1736, CVE-2020-1737, CVE-2020-1738, CVE-2020-1740, CVE-2020-1753
MD5 | dec0bd00f521b67664a567de2b75d5ad
Background Intelligent Transfer Service Privilege Escalation
Posted Jun 11, 2020
Authored by itm4n, gwillcox-r7 | Site metasploit.com

This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service (BITS), to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the SYSTEM user, the Update Session Orchestrator service is then started, which will result in the malicious WindowsCoreDeviceInfo.dll being run with SYSTEM privileges due to a DLL hijacking issue within the Update Session Orchestrator Service. Note that presently this module only works on Windows 10 and Windows Server 2016 and later as the Update Session Orchestrator Service was only introduced in Windows 10. Note that only Windows 10 has been tested, so your mileage may vary on Windows Server 2016 and later.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2020-0787
MD5 | 0804ff3bfe957376a4af71aa3919154f
Microsoft Windows Privilege Escalation / Code Execution
Posted Jun 10, 2020
Authored by guhe120 | Site github.com

This research discusses two different vulnerabilities addressed in the June 2020 Microsoft Patch Tuesday. An integer overflow in OLE marshalling and a race condition with arbitrary file deletion are described in detail.

tags | exploit, overflow, arbitrary, vulnerability
advisories | CVE-2020-1021, CVE-2020-1281
MD5 | d0d7691eecbbd82916538605ee2bdfa4
Ubuntu Security Notice USN-4392-1
Posted Jun 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4392-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, kernel, local, code execution
systems | linux, ubuntu
advisories | CVE-2020-0543, CVE-2020-12114, CVE-2020-12654
MD5 | 2a8d26a4c0fc30acb37659ae44687215
Ubuntu Security Notice USN-4391-1
Posted Jun 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4391-1 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-19319, CVE-2020-0543, CVE-2020-10751, CVE-2020-12114, CVE-2020-12464, CVE-2020-12769, CVE-2020-12826, CVE-2020-1749
MD5 | b9a5c4d0b8f881b21288f5e8a866b693
Ubuntu Security Notice USN-4393-1
Posted Jun 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4393-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, kernel, local, code execution
systems | linux, ubuntu
advisories | CVE-2020-0543, CVE-2020-12654
MD5 | 1c2083f7dc6855a4a9ae2d20008669a7
Ubuntu Security Notice USN-4383-1
Posted Jun 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2020-12399, CVE-2020-12407, CVE-2020-12408, CVE-2020-12411
MD5 | 7008565679641f0d4d2c4c80f6ec42cf
Cisco UCS Director Cloupia Script Remote Code Execution
Posted Jun 5, 2020
Authored by mr_me, wvu | Site metasploit.com

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.

tags | exploit, arbitrary, root
systems | cisco
advisories | CVE-2020-3243, CVE-2020-3250
MD5 | a3283617421910d08a845659be600c53
Page 4 of 571
Back23456Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    9 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close