what you don't know can hurt you
Showing 101 - 125 of 14,886 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-5037-1
Posted Aug 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5037-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-29980, CVE-2021-29985, CVE-2021-29989
MD5 | b5c6f3c34a526dd4b81c69a7af7bb6a0
MobileTogether Server 7.3 XML Injection
Posted Aug 10, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server's certificate and private key. Versions 7.0 through 7.3 are affected.

tags | exploit, arbitrary
advisories | CVE-2021-37425
MD5 | d057388926a92cede1105e384f623ce0
Ubuntu Security Notice USN-5033-1
Posted Aug 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5033-1 - It was discovered that the Perl Encode library incorrectly handled paths. A local attacker could possibly use this issue to trick the library into executing arbitrary code from the current working directory.

tags | advisory, arbitrary, local, perl
systems | linux, ubuntu
advisories | CVE-2021-36770
MD5 | 81ee7d69298e6b9e3a5b332d0d7967fe
Backdoor.Win32.Zaratustra Remote File Write / Code Execution
Posted Aug 6, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zaratustra malware suffers from an unauthenticated remote file write that can be leveraged to execute arbitrary code.

tags | exploit, remote, arbitrary
systems | windows
MD5 | 7cff66b8b5903ab3afc21c9c81959159
GFI Mail Archiver 15.1 Arbitrary File Upload
Posted Aug 5, 2021
Authored by Paul Taylor, Amin Bohio

GFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.

tags | exploit, arbitrary, file upload
MD5 | 66ad12294171731d8098d027d0d1b813
Ubuntu Security Notice USN-5027-2
Posted Aug 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5027-2 - USN-5027-1 fixed a vulnerability in PEAR. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32610
MD5 | 3b66931b56a4757788a5abe5a1d2f294
Ubuntu Security Notice USN-5029-1
Posted Aug 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5029-1 - It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-20231
MD5 | 165cdacd43ff62c2c2dc51e6fabb08f6
Ubuntu Security Notice USN-5026-2
Posted Aug 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5026-2 - USN-5026-1 fixed several vulnerabilities in QPDF. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-18020, CVE-2021-36978
MD5 | d0cc1262c88603c1d133bc10e66c697b
SQLMAP - Automatic SQL Injection Tool 1.5.8
Posted Aug 2, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 6cac13f4e9cef5996f15944cf4d0b0a0
Ubuntu Security Notice USN-5026-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18020, CVE-2021-36978
MD5 | 1df5275a8531c053a169685e8b2d82e6
Ubuntu Security Notice USN-5027-1
Posted Jul 30, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32610
MD5 | e229b5ed152b516f5a258a11fdafd755
Ubuntu Security Notice USN-5025-2
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
MD5 | 36961b1b148131d5ac49f6d33229fe09
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Posted Jul 29, 2021
Authored by LiquidWorm | Site zeroscience.mk

Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.

tags | exploit, arbitrary
MD5 | 6a5637ce7d7f32fbc3a3c1f0931505e7
Ubuntu Security Notice USN-5025-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3246
MD5 | 317f74ce8072ee0dc28309859d8ab843
Ubuntu Security Notice USN-5024-1
Posted Jul 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2021-21775, CVE-2021-30689, CVE-2021-30749, CVE-2021-30799
MD5 | 50a9963ba1903faeab04b47189a80b51
Ubuntu Security Notice USN-5023-1
Posted Jul 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5023-1 - It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-25051
MD5 | 3dbda93d05f3a1889e17abf72c12aa2d
Jira Ehcache RMI Missing Authentication
Posted Jul 27, 2021
Authored by Atlassian

Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.

tags | advisory, arbitrary
advisories | CVE-2020-36239
MD5 | 74ded10ddbdc265a72fe7aa123d82993
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
MD5 | d73daa7ac6681410691920aff7640598
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
MD5 | 75b29e689541f825031d9308d2c36b24
Kernel Live Patch Security Notice LSN-0079-1
Posted Jul 26, 2021
Authored by Benjamin M. Romer

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2021-33909, CVE-2021-3600
MD5 | 3d25210f32b7ce386710ced319ba74bc
XOS Shop 1.0.9 Arbitrary File Deletion
Posted Jul 26, 2021
Authored by faisalfs10x

XOS Shop version 1.0.9 suffers from an authenticated arbitrary file deletion vulnerability.

tags | exploit, arbitrary
MD5 | 088ef37e41b5a3751ca446cf51c0dae0
Gentoo Linux Security Advisory 202107-52
Posted Jul 23, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-52 - Multiple vulnerabilities have been found in Apache Velocity, the worst of which could result in the arbitrary execution of code. Versions less than 2.3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-13936, CVE-2020-13959
MD5 | cd26445c8c51e0bb9a230d1b7df477d0
Gentoo Linux Security Advisory 202107-51
Posted Jul 23, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-51 - Multiple vulnerabilities have been found in IcedTeaWeb, the worst of which could result in the arbitrary execution of code. Versions less than 1.8.4-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10181, CVE-2019-10185
MD5 | 14620922a7dc4c690fc614d6f34ffbc7
Gentoo Linux Security Advisory 202107-49
Posted Jul 22, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-49 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 91.0.4472.164 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-30541, CVE-2021-30559, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562, CVE-2021-30563, CVE-2021-30564
MD5 | 251d32b071f125c0b4857b358cfc500d
Sage X3 Administration Service Authentication Bypass / Command Execution
Posted Jul 21, 2021
Authored by Aaron Herndon, Jonathan Peterson | Site metasploit.com

This Metasploit module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service.

tags | exploit, arbitrary, protocol
advisories | CVE-2020-7387, CVE-2020-7388
MD5 | 56f22a3bdc2508979a5572081c2596b4
Page 5 of 596
Back34567Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close