Twenty Year Anniversary
Showing 1 - 25 of 13,034 RSS Feed

Local Files

PHP-Proxy 5.1.0 Local File Inclusion
Posted Nov 15, 2018
Authored by Ameer Pornillos

PHP-Proxy version 5.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, php, file inclusion
advisories | CVE-2018-19246
MD5 | 96c23b5c4ac90b08c6b144a53cf3862d
Ubuntu Security Notice USN-3823-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3823-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646
MD5 | 6b37d20c06583bdf2df8bbda520645eb
Ubuntu Security Notice USN-3822-2
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3822-2 - USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-9588, CVE-2017-13168, CVE-2017-16649, CVE-2018-16658, CVE-2018-9363
MD5 | 38d2319298757b9ae2fa55baae267955
Ubuntu Security Notice USN-3822-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3822-1 - Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-9588, CVE-2017-13168, CVE-2017-16649, CVE-2018-16658, CVE-2018-9363
MD5 | 07f71bea3d47114cf186b3745cee0c23
Ubuntu Security Notice USN-3821-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3821-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-10880, CVE-2018-13053, CVE-2018-13096, CVE-2018-14609, CVE-2018-14617, CVE-2018-17972, CVE-2018-18021
MD5 | a90659bad625eafc560423ef26975554
Ubuntu Security Notice USN-3820-3
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3820-3 - Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-13168, CVE-2018-15471, CVE-2018-16658, CVE-2018-9363
MD5 | 740182e23aa6554edf5fee4302b78e30
Ubuntu Security Notice USN-3820-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3820-1 - Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-13168, CVE-2018-15471, CVE-2018-16658, CVE-2018-9363
MD5 | b0fc3d0f53413d388b30ff0693802f54
Red Hat Security Advisory 2018-3601-01
Posted Nov 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3601-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. Issues addressed include a failure to delete data.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2017-15139
MD5 | f5ed118fdc0a9adac8fd4edb6a26fd32
xorg-x11-server Local Privilege Escalation
Posted Nov 13, 2018
Authored by bolonobolo

xorg-x11-server versions prior to 1.20.1 local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2018-14665
MD5 | ce4740c7124e0487c7d13eb8e1491e28
Surreal ToDo 0.6.1.2 Local File Inclusion
Posted Nov 13, 2018
Authored by Ihsan Sencan

Surreal ToDo version 0.6.1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 4544bbb63c826c4b3fdfc2422dc06211
Ubuntu Security Notice USN-3816-1
Posted Nov 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3816-1 - Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2018-15686, CVE-2018-15687, CVE-2018-6954
MD5 | 0d1d149d094bc787a61b8d9a8420e7bb
Cisco Immunet / Cisco AMP For Endpoints Scanning Denial Of Service
Posted Nov 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. Cisco Immunet versions prior to 6.2.0 and Cisco AMP For Endpoints version 6.2.0 are affected.

tags | exploit, local
systems | cisco, windows
advisories | CVE-2018-15437
MD5 | 7a4ff17f412569211f6751de8fc14501
Microsoft Windows 10 Build 17134 Local Privilege Escalation
Posted Nov 9, 2018
Authored by Tenable Network Security

Microsoft Windows 10 Build 17134 local privilege escalation exploit with UAC bypass.

tags | exploit, local
systems | windows
MD5 | 5bfd9fbfd023c4f2d5237ed2729d79ad
Red Hat Security Advisory 2018-3522-01
Posted Nov 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3522-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-7506
MD5 | 24eb3ab5c01cfe4fdd69858d462761c2
LibreHealth 2.0.0 File Read / File Delete / LFI
Posted Nov 7, 2018
Authored by Carlos Avila

LibreHealth version 2.0.0 suffers from arbitrary file read, file delete, and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, file inclusion
MD5 | c623d621a1af63ea7a2cc412995fc1a4
Ubuntu Security Notice USN-3811-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-1 - It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-15705, CVE-2018-11780, CVE-2018-11781
MD5 | 7fcbfde9589d7977e424e44fe80a9ea7
TOR Virtual Network Tunneling Tool 0.3.4.9
Posted Nov 5, 2018
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.4.9 is the second stable release in its series. It backports numerous fixes, including a fix for a bandwidth management bug that was causing memory exhaustion on relays. Anyone running an earlier version of Tor 0.3.4.9 should upgrade.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 8a303c7c2491cd27b1646f6efdc4a5d0
PHP Proxy 3.0.3 Local File Inclusion
Posted Nov 5, 2018
Authored by Ozkan Mustafa Akkus

PHP Proxy version 3.0.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, php, file inclusion
MD5 | 87c29784be880e65ee17bc44869c13be
Gentoo Linux Security Advisory 201810-09
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-9 - A vulnerability in X.Org X Server allows local users to escalate privileges. Versions less than 1.20.3 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2018-14665
MD5 | 35a3cbf4f00562f110cc646146a55981
SIPp 3.3.990 Local Buffer Overflow
Posted Oct 31, 2018
Authored by Nawaf Alkeraithe

SIPp version 3.3.990 local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
MD5 | 00bccdabe0cb799dfd74de07201294db
Local Server 1.0.9 Denial Of Service
Posted Oct 29, 2018
Authored by Ihsan Sencan

Local Server version 1.0.9 suffers from a denial of service vulnerability.

tags | exploit, denial of service, local
advisories | CVE-2018-18756
MD5 | dd236578be0ec9c835d2590b5190d0ad
ASRock Drivers Privilege Escalation / Code Execution
Posted Oct 27, 2018
Authored by Core Security Technologies, Diego Juarez | Site secureauth.com

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.

tags | exploit, local, vulnerability
advisories | CVE-2018-10709, CVE-2018-10710, CVE-2018-10711, CVE-2018-10712
MD5 | 21d4d95e72ff845d830ec7e7c0d06a11
Ubuntu Security Notice USN-3802-1
Posted Oct 27, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3802-1 - Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2018-14665
MD5 | 80f70d72f03779fe81b0034effbe13c1
xorg-x11-server Local Root
Posted Oct 25, 2018
Authored by infodox

xorg-x11-server versions prior to 1.20.3 local root exploit.

tags | exploit, local, root
advisories | CVE-2018-14665
MD5 | 0cfe0a9fcf4939ea10fe0f53904f85b6
xorg-x11-server Local Privilege Escalation
Posted Oct 25, 2018
Authored by Hacker Fantastic

xorg-x11-server versions prior to 1.20.3 local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2018-14665
MD5 | a9661d06bec66a11b19ad5eeed19cc2e
Page 1 of 522
Back12345Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close