what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 6,915 RSS Feed

Code Execution Files

Microsoft Exchange ProxyNotShell Remote Code Execution
Posted Nov 30, 2022
Authored by Soroush Dalili, Spencer McIntyre, Orange Tsai, Rich Warren, Piotr B, DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q | Site metasploit.com

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.

tags | exploit, vulnerability, code execution
advisories | CVE-2022-41040, CVE-2022-41082
SHA-256 | 52e94b2539eeb923ed6dfcf33bf21788d037db18208e166670e34916d20844dd
Debian Security Advisory 5290-1
Posted Nov 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5290-1 - Apache Commons Configuration, a Java library providing a generic configuration interface, performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, debian
advisories | CVE-2022-33980
SHA-256 | 20b74b9fbd86a759f5b71128ce07de054cfbec59f6d32a7281454300d1ea201e
F5 BIG-IP iControl Remote Command Execution
Posted Nov 24, 2022
Authored by Ron Bowes | Site metasploit.com

This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, root, code execution
advisories | CVE-2022-41800
SHA-256 | ab0811cdeca1e7b40855fbeb9922d915dac86f0ccb16efdb3855d5d39ebf43ac
Ubuntu Security Notice USN-5735-1
Posted Nov 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5735-1 - It was discovered that Sysstat did not properly check bounds when performing certain arithmetic operations on 32 bit systems. An attacker could possibly use this issue to cause a crash or arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2022-39377
SHA-256 | 45f097bdfc4f75ce6f2004c8ec2587ccbdede20ee7a418d1e6ecf22083803e00
Red Hat Security Advisory 2022-8598-01
Posted Nov 23, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8598-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2022-3515, CVE-2022-38177, CVE-2022-38178, CVE-2022-40674, CVE-2022-41974
SHA-256 | 87a90dba5877135f592e7fac3e437f62fc8129797e43ffcbcdc48798f34760eb
Gentoo Linux Security Advisory 202211-07
Posted Nov 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-7 - An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution. Versions less than 12.7.1 are affected.

tags | advisory, overflow, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2022-39377
SHA-256 | 7f2205c4fc69cb1dd9841f09de7e7b025708e1abc6f838dfeaf880d23cbba2a7
Gentoo Linux Security Advisory 202211-06
Posted Nov 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-6 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.5.0:esr are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-40674, CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45413, CVE-2022-45415, CVE-2022-45416
SHA-256 | f50ec699e2c17ced6601f0fbfc93a24c04d0dee7b7960d8b413c91779b5ed7f3
Gentoo Linux Security Advisory 202211-05
Posted Nov 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-5 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. Versions less than 102.5.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421
SHA-256 | f5be9c1927ab61cd022542e0d2c378d2459fe575be93b22f8e3b469cc72c23d2
Gentoo Linux Security Advisory 202211-11
Posted Nov 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-11 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in arbitrary code execution. Versions less than 9.56.1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-3781, CVE-2022-2085
SHA-256 | 673f8003ddcf46ee086f90168684c4f88259dcb070f2ee64831f29b383c7f16d
Gentoo Linux Security Advisory 202211-09
Posted Nov 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-9 - A vulnerability has been found in xterm which could allow for arbitrary code execution. Versions less than 375 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2022-45063
SHA-256 | 4de8d15918d54131dac498401618d453a7109ffa39e7477dfa607b3eb0264476
Gentoo Linux Security Advisory 202211-10
Posted Nov 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-10 - Multiple vulnerabilities have been found in Pillow, the worst of which could result in arbitrary code execution. Versions less than 9.3.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-23437, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816, CVE-2022-22817, CVE-2022-24303, CVE-2022-45198, CVE-2022-45199
SHA-256 | bd07c387b443095d407c903a3cd8cafea5051d92e07375c3d52c1299151d97bc
ChurchInfo 1.2.13-1.3.0 Remote Code Execution
Posted Nov 21, 2022
Authored by m4lwhere | Site metasploit.com

This Metasploit module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmp_attach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a PHP attachment and then browsing to the location of the uploaded PHP file on the web server, arbitrary code execution as the web daemon user (e.g. www-data) can be achieved.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2021-43258
SHA-256 | d722a625744f0e9dc54c97184f41f3a6b314c7e49874af507dfdc2295535278e
Gentoo Linux Security Advisory 202211-03
Posted Nov 21, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

tags | advisory, arbitrary, php, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-37454
SHA-256 | 9a1678e24b2e3feff0e005708de8cc73ed15cb45dc823e4705b0397f6d11473c
Debian Security Advisory 5286-1
Posted Nov 21, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).

tags | advisory, remote, denial of service, overflow, code execution
systems | linux, debian
advisories | CVE-2022-42898
SHA-256 | 4054bf326761b93798ba5e87ed9c11954014650895f0887f6de6e704d4f0b728
Microsoft Outlook 2019 16.0.13231.20262 Remote Code Execution
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.

tags | exploit, paper, remote, code execution, proof of concept
advisories | CVE-2020-16947
SHA-256 | e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3
Microsoft Outlook 2019 16.0.12624.20424 Remote Code Execution
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.

tags | advisory, paper, remote, code execution
advisories | CVE-2020-1349
SHA-256 | 0cbeab94a42718d9dc0fbddcb25e670799fb9171ff9f4aa0d640945941711759
Gentoo Linux Security Advisory 202211-04
Posted Nov 21, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202211-4 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in remote code execution. Versions greater than or equal to 10.22:10 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-23214, CVE-2021-23222, CVE-2021-32027, CVE-2021-32028, CVE-2021-3677, CVE-2022-1552, CVE-2022-2625
SHA-256 | 71880d0d6245b1983636aab28aca723a5ddf8d538cf706cff9fa682f7fca99ab
Trojan.Win32.Platinum.gen MVID-2022-0657 Code Execution
Posted Nov 21, 2022
Authored by malvuln | Site malvuln.com

Trojan.Win32.Platinum.gen malware suffers from a code execution vulnerability.

tags | exploit, trojan, code execution
systems | windows
SHA-256 | cdc9993c4bb438c0123a75bf753431e3118f0f97de1d721144c5ddb34cf6a07e
Red Hat Security Advisory 2022-7874-01
Posted Nov 18, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-45485, CVE-2021-45486, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-2588, CVE-2022-26945, CVE-2022-30321, CVE-2022-30322
SHA-256 | 85e6274c67ee28e8ecf094f45e514c4c3e9eeadc0ca46dce10845a5ae0bac975
Ubuntu Security Notice USN-5686-2
Posted Nov 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5686-2 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a crash or arbitrary code execution.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2022-39260
SHA-256 | 7c55176af95c8d316fd0b090742e85481704c14d13826cce6e070cdc7d1c71f0
Ubuntu Security Notice USN-5730-1
Posted Nov 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-32888, CVE-2022-42824
SHA-256 | 82f654d00686895db438b4366f58202c68cffce2c89495df58f2794e67d2ca38
Red Hat Security Advisory 2022-8506-01
Posted Nov 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, code execution, xss, sql injection
systems | linux, redhat
advisories | CVE-2021-37136, CVE-2021-37137, CVE-2022-22818, CVE-2022-24836, CVE-2022-25648, CVE-2022-29970, CVE-2022-32209, CVE-2022-34265
SHA-256 | 2d5699b272bf62135c49021ecfc5e70e3ef3e624c94ce2a33e3c23d5cd96ba6d
Red Hat Security Advisory 2022-8054-01
Posted Nov 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8054-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, code execution, information leakage, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22662, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293
SHA-256 | 32b47d1891cf07ddfe39ec8d58f7232c36145d5b3c67ff0e051965a4fc90f7bd
Red Hat Security Advisory 2022-8267-01
Posted Nov 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8267-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, denial of service, double free, information leakage, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-36516, CVE-2021-3640, CVE-2022-0168, CVE-2022-0617, CVE-2022-0854, CVE-2022-1016, CVE-2022-1048, CVE-2022-1184, CVE-2022-1280, CVE-2022-1353, CVE-2022-1679, CVE-2022-1852, CVE-2022-1998, CVE-2022-20368
SHA-256 | 61bdc9d3c34a59e606122d76bd54edf2c632981ed9b9216c4d074ec3e2c68e88
Backdoor.Win32.Quux MVID-2022-0656 Hardcoded Credential
Posted Nov 16, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Quux malware suffers from a weak hardcoded credential vulnerability that can allow an attacker to achieve remote code execution.

tags | exploit, remote, code execution
systems | windows
SHA-256 | b4e768cfae821d6b42a6a1558a7ebf632c607467e2460738406164be6973a5b9
Page 1 of 277
Back12345Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close