exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 126 - 150 of 16,630 RSS Feed

Arbitrary Files

Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
Posted Jan 29, 2024
Authored by binganao | Site github.com

Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.

tags | exploit, remote, arbitrary, proof of concept, python
advisories | CVE-2024-23897
SHA-256 | 4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562
Jenkins 2.441 / LTS 2.426.3 CVE-2024-23897 Scanner
Posted Jan 29, 2024
Authored by yoryio | Site github.com

Jenkins versions 2.441 and LTS 2.426.3 arbitrary file read scanner.

tags | exploit, arbitrary
advisories | CVE-2024-23897
SHA-256 | 0a161df23c6bac97a5923092b79fd307c231d11a8c0ec701df49569cfd362dfc
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
Posted Jan 26, 2024
Authored by David Gnedt | Site sba-research.org

CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

tags | exploit, arbitrary, local
advisories | CVE-2020-36772
SHA-256 | 7cfae83fd5939609459b8ed98a7edecfd614eb3c5cd3373d9da412bc106b20d1
Ubuntu Security Notice USN-6609-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6609-1 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 7817da0f85320897d02f798d322e3d70452b6ca00073b6296b4b4ddb3c2ca762
Ubuntu Security Notice USN-6608-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6608-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 53d012190f358505aba80f3efda1bdc41b32100cecfe3ea36a9fb9da7a26ed55
Ubuntu Security Notice USN-6607-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6607-1 - It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-5345, CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 129bf8e03fcff7ad53aea0dbb1617e402b728e93911e0d73e3c75fb0e9b25fd1
Ubuntu Security Notice USN-6606-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6606-1 - It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-51779, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2024-0193
SHA-256 | 7b9d61bb626e469fa6a211001e9c00d7fdd18aa20f3fbf87c320c90b5853f103
Ubuntu Security Notice USN-6605-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6605-1 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6040, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | cdb12864a59aff826d39ce99319286459b3c2cc26a55968cce8994e8c4d8d20d
Ubuntu Security Notice USN-6603-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6603-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | 9fe186eef0aa6e0a6c7c161754052e49f62293ba385d9ccd44897abc7326341d
Ubuntu Security Notice USN-6602-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6602-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-45863, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | e4ea46e063ed7320c58795d9803e3ac6d7fa5f331537b1801175adb5167bb09e
Ubuntu Security Notice USN-6601-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6601-1 - It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-6932
SHA-256 | cca79625b03d2bb1e94883b9d350917c326da4fe2ad588949119d92376aebd76
Ubuntu Security Notice USN-6599-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6599-1 - Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that Jinja incorrectly handled certain HTML passed with xmlatter filter. An attacker could inject arbitrary HTML attributes keys and values potentially leading to XSS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-28493, CVE-2024-22195
SHA-256 | c4598e532c545a8d7a06e60082eca74ab86406a361138570c7495e31b23944fd
Debian Security Advisory 5607-1
Posted Jan 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-0804, CVE-2024-0805, CVE-2024-0806, CVE-2024-0807, CVE-2024-0808, CVE-2024-0809, CVE-2024-0810, CVE-2024-0811, CVE-2024-0812, CVE-2024-0813, CVE-2024-0814
SHA-256 | a6de00e749bc7cbb1d4b7f49c1c267ef1cff9abe7a509d66795892bdafd34351
Debian Security Advisory 5606-1
Posted Jan 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5606-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, phishing, clickjacking, privilege escalation, HSTS bypass or bypass of content security policies.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
SHA-256 | 62d054980f489d3898ce1066f25faf04fd13bf8be86866e7e9ef0b8a86cbb08d
Debian Security Advisory 5605-1
Posted Jan 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5605-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755
SHA-256 | 3e1353cf49f58df9c0eadb078695f94c105539b37d5c31fad27ab66818139a86
GL.iNet Unauthenticated Remote Command Execution
Posted Jan 24, 2024
Authored by h00die-gr3y, DZONERZY | Site metasploit.com

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.

tags | exploit, arbitrary, shell, sql injection
advisories | CVE-2023-50445, CVE-2023-50919
SHA-256 | b2bca998991626f23b36c98d002d2080249ea5f70d1ddbf836bc60a85c0470df
Gentoo Linux Security Advisory 202401-28
Posted Jan 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-28 - Multiple vulnerabilities have been discovered in GOCR, the worst of which could lead to arbitrary code execution. Versions below or equal to 0.52-r1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-33479, CVE-2021-33480, CVE-2021-33481
SHA-256 | 6fc7dddef1557df666bc93f37aa520ad50514ef1ce878fb8642ee85c979fe0ed
Gentoo Linux Security Advisory 202401-27
Posted Jan 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.

tags | advisory, arbitrary, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2020-25613, CVE-2021-31810, CVE-2021-32066, CVE-2021-33621, CVE-2021-41816, CVE-2021-41817, CVE-2021-41819, CVE-2022-28738, CVE-2022-28739, CVE-2023-28755, CVE-2023-28756
SHA-256 | 94bd32b96511589b4ae3eae1e1b96022fbaeeb99eb332b00a775c863282498ba
Ubuntu Security Notice USN-6592-1
Posted Jan 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6592-1 - It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. It was discovered that libssh incorrectly handled return codes when performing message digest operations. A remote attacker could possibly use this issue to cause libssh to crash, obtain sensitive information, or execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-6004, CVE-2023-6918
SHA-256 | 87689bd0419a935f4880956beeb13338a224d6d3b84d52dd985591784099a17a
Gentoo Linux Security Advisory 202401-26
Posted Jan 22, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-26 - Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution. Versions less than or equal to 3.1.3 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2016-5002, CVE-2016-5003, CVE-2019-17570
SHA-256 | e5a4b01ce01a0da4be625d294152099c16e3fe042a0e485ff40acb81e736e82a
Ubuntu Security Notice USN-6587-2
Posted Jan 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6587-2 - USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409, CVE-2024-21885, CVE-2024-21886
SHA-256 | a2f2ac645eb8776253c7cf930c98b38768999c8680aec52b641d1aada93ccae6
Apache Commons Text 1.9 Remote Code Execution
Posted Jan 19, 2024
Authored by Alvaro Munoz, Karthik UJ, Gaurav Jain | Site metasploit.com

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup keys interpolated by default, as opposed to what it should be, according to the documentation of the StringLookupFactory class. Those keys allow an attacker to execute arbitrary code via lookups primarily using the script key. In order to exploit the vulnerabilities, the following requirements must be met: Run a version of Apache Commons Text from version 1.5 to 1.9, use the StringSubstitutor interpolator, and the target should run JDK versions prior to 15.

tags | exploit, remote, arbitrary, vulnerability, code execution
advisories | CVE-2022-42889
SHA-256 | 3303e5c941051cbc6b4f8ddaa2c9912a8740038a8cc31a244e760936ff9694d8
Ubuntu Security Notice USN-6590-1
Posted Jan 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1311, CVE-2023-37536
SHA-256 | f40dc28e3c1750f24d759d3d0e4256073e4117e784f8a54448ad19d71f59eb02
Debian Security Advisory 5602-1
Posted Jan 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-0517, CVE-2024-0518, CVE-2024-0519
SHA-256 | 45e1bf24562fc069454170dc81c0c1b115ade42f764860a6f6a63c8ba8f0f761
Ubuntu Security Notice USN-6538-2
Posted Jan 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6538-2 - USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-5868, CVE-2023-5869, CVE-2023-5870
SHA-256 | a70359a1cbdb6b92c5544f755cdb8cd8cd0b12c9fb91bb890c8312a69081d3a4
Page 6 of 666
Back45678Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close