what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 7,322 RSS Feed

Code Execution Files

Red Hat Security Advisory 2023-5048-01
Posted Sep 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5048-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-22219
SHA-256 | 1b365a34b16889359fcc8481b976ae49cc7c6cc9c698ea9b0de82a0cb18aa06f
VMware vRealize Log Insight Unauthenticated Remote Code Execution
Posted Sep 11, 2023
Authored by Ege Balci, Horizon3.ai Attack Team | Site metasploit.com

VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. This Metasploit module achieves code execution via triggering a RemotePakDownloadCommand command via the exposed thrift service after obtaining the node token by calling a GetConfigRequest thrift command. After the download, it will trigger a PakUpgradeCommand for processing the specially crafted PAK archive, which then will place the JSP payload under a certain API endpoint (pre-authenticated) location upon extraction for gaining remote code execution. Successfully tested against version 8.0.2.

tags | exploit, remote, arbitrary, root, vulnerability, code execution, info disclosure
advisories | CVE-2022-31704, CVE-2022-31706, CVE-2022-31711
SHA-256 | 2e4132d3093987ff065179429e52ff5e9baad8185fde7f58136c18d0aa950a90
Red Hat Security Advisory 2023-5042-01
Posted Sep 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5042-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-22219
SHA-256 | 46ad0e6a3d2fc6630d26645b5800104de631a00aae30f64ab569b6d49ea99c23
Apple Security Advisory 2023-09-07-2
Posted Sep 11, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2023-41061, CVE-2023-41064
SHA-256 | fd20b111827d07d8bda96091f843054ac7d0ea5fa60ccac308e10fe281177b55
Red Hat Security Advisory 2023-5043-01
Posted Sep 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-22219
SHA-256 | 278844d653bdf17304891f0eabf2b305ad2eecae048f026a410cff5f45d0db39
Apple Security Advisory 2023-09-07-1
Posted Sep 11, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-09-07-1 - macOS Ventura 13.5.2 addresses buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2023-41064
SHA-256 | 7fa91002f2a7602d06f544259143bc3f6377087ecef2b48129989da01a360c92
WinRAR Remote Code Execution
Posted Sep 8, 2023
Authored by Alexander Hagenah | Site metasploit.com

This Metasploit module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.

tags | exploit, code execution
advisories | CVE-2023-38831
SHA-256 | 28f3b59d37ee5a8aa6ff17510a7cd49a93cb8fcb3b1027ca4545c6a2e7de6f4f
LG Simple Editor Remote Code Execution
Posted Sep 8, 2023
Authored by rgod, Ege Balci | Site metasploit.com

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious JSP payload with the SYSTEM user permissions.

tags | exploit, vulnerability, code execution
advisories | CVE-2023-40498
SHA-256 | 6932d8048db104bdeaa927b23fea68a29152e32fd74b6498bd70fa53bbc37270
Sonicwall GMS 9.9.9320 Remote Code Execution
Posted Sep 8, 2023
Authored by Ron Bowes, fulmetalpackets | Site metasploit.com

This Metasploit module exploits a series of vulnerabilities - including auth bypass, SQL injection, and shell injection - to obtain remote code execution on SonicWall GMS versions 9.9.9320 and below.

tags | exploit, remote, shell, vulnerability, code execution, sql injection
advisories | CVE-2023-34124, CVE-2023-34127, CVE-2023-34132, CVE-2023-34133
SHA-256 | 90d7acef05664be1e0b28da7f711f5c30f094179ef8916c47f28a2418a07056e
OpenTSDB 2.4.1 Unauthenticated Command Injection
Posted Sep 8, 2023
Authored by Erik Wynter, Gal Goldstein, Daniel Abeles | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.1 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the key parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.4.1.

tags | exploit, remote, root, code execution
advisories | CVE-2023-25826, CVE-2023-36812
SHA-256 | 34f1ed88046d0a1cb1d6424711b6f621117f401a0d42ebfc307dc277ada181d2
Kibana Timelion Prototype Pollution Remote Code Execution
Posted Sep 8, 2023
Authored by h00die, Gaetan Ferry, Michal Bentkowski | Site metasploit.com

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the host system. Exploitation will require a service or system reboot to restore normal operation. The WFSDELAY parameter is crucial for this exploit. Setting it too high will cause MANY shells (50-100+), while setting it too low will cause no shells to be obtained. WFSDELAY of 10 for a docker image caused 6 shells.

tags | exploit, arbitrary, shell, javascript, code execution
advisories | CVE-2019-7609
SHA-256 | 218aabf6c87ec8ccc508ad1d2d5d2ca8b265eead008ca12a1926cb66c80614ab
WordPress Media Library Assistant 3.09 LFI / Remote Code Execution
Posted Sep 5, 2023
Authored by Florent Montel | Site patrowl.io

WordPress Media Library Assistant plugin versions prior to 3.10 are affected by an unauthenticated remote reference to Imagick() conversion which allows attacker to perform local file inclusion and remote code execution depending on the Imagick configuration on the remote server.

tags | exploit, remote, local, code execution, file inclusion
advisories | CVE-2023-4634
SHA-256 | 215d90f7b23ba2c6491523ea488e0b6086485144b12a9481dd5f5a3182326981
Ivanti Avalance Remote Code Execution
Posted Sep 4, 2023
Authored by Robel Campbell

Ivanti Avalanche versions prior to 6.4.0.0 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-32560
SHA-256 | fbb31ff5f38dd146b12a471e205d680b8205fc2fdb41ac774f03201dcb313808
VMWare Aria Operations For Networks Remote Code Execution
Posted Sep 2, 2023
Authored by Harsh Jaiswal, Sina Kheirkhah, Rahul Maini | Site summoning.team

VMWare Aria Operations for Networks (vRealize Network Insight) static SSH key remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2023-34039
SHA-256 | ae67475970c05c39bc93428dddf3a98ddfed987c1bd13fb23f729e242a686959
Red Hat Security Advisory 2023-4889-01
Posted Aug 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-38408
SHA-256 | 903adfa69d078e0a5ec7e59ab81c4797891534ed0e68348a9ada32b2fb46db1d
Apache NiFi H2 Connection String Remote Code Execution
Posted Aug 30, 2023
Authored by h00die, Matei Mal Badanoiu | Site metasploit.com

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells (5-7). Successfully tested against Apache nifi 1.17.0 through 1.21.0.

tags | exploit, shell, code execution
advisories | CVE-2023-34468
SHA-256 | 0160a2622a4649020abd8fb0d476ca59d2c4968c668499c8167e44d6c9276020
Juniper JunOS SRX / EX Remote Code Execution
Posted Aug 30, 2023
Authored by watchTowr Labs Team | Site github.com

A proof of concept exploit for chaining four CVEs to achieve remote code execution in Juniper JunOS within SRX and EX Series products.

tags | exploit, remote, code execution, proof of concept
systems | juniper
advisories | CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847
SHA-256 | ab0b70a7cc6a4a947d8faceced29674fb6ad7bf45e8a329120e642cb825e3c05
GOM Player 2.3.90.5360 MITM / Remote Code Execution
Posted Aug 29, 2023
Authored by M. Akil Gundogan

GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution exploit.

tags | exploit, remote, code execution, proof of concept
SHA-256 | f2826517a53fda0ce64b48c45b78c7b264d5e4695963f36c0f2cda3c61797dce
Red Hat Security Advisory 2023-4694-01
Posted Aug 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-21235, CVE-2022-36227, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469
SHA-256 | df5b6bf27415d0f0788ad8872c30f911b13af6a0a83ca9e18061e9c719c9225b
Jorani Remote Code Execution
Posted Aug 21, 2023
Authored by RIOUX Guilhem | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.

tags | exploit, remote, spoof, code execution
advisories | CVE-2023-26469
SHA-256 | a4309a794ac0f54cb65920512a047c08d1fe2fb20e8fd4e92250ccc7c03334ba
Red Hat Security Advisory 2023-4612-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section. Issues addressed include bypass, code execution, denial of service, and deserialization vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-46877, CVE-2022-1471, CVE-2022-31684, CVE-2022-45143, CVE-2023-1108, CVE-2023-20860, CVE-2023-20861
SHA-256 | 9fce17aaf4b1e17b6dd5371a535e817dbb5fd71c7e4c095fca880dd19e594fbd
Red Hat Security Advisory 2023-4582-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4582-01 - Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-21235
SHA-256 | 83d9f3399f06049a50aecd7cab6994d78263156f001b66a39abef4a0dfe9753b
Ubuntu Security Notice USN-6289-1
Posted Aug 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-38133, CVE-2023-38595, CVE-2023-38611
SHA-256 | 56a23505c39e15a9992e4da11ed2253e380d5dccf0c819aca7b95fda96df2aaf
Ubuntu Security Notice USN-6278-2
Posted Aug 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

tags | advisory, remote, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2023-35390, CVE-2023-38178, CVE-2023-38180
SHA-256 | bbe5ad0ccef22ad3d5b80f2a669f69b1767e2bc58e7c496afd4da28a17cdf5c5
Maltrail 0.53 Remote Code Execution
Posted Aug 11, 2023
Authored by Iyaad Luqman K

Maltrail version 0.53 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-27163
SHA-256 | 70b042d50fdc203d8e1986d293b79d29dfbe257b66f324c957458fd97107fff0
Page 2 of 293
Back12345Next

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    5 Files
  • 29
    Sep 29th
    12 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close