what you don't know can hurt you
Showing 1 - 25 of 13,241 RSS Feed

Local Files

FlightPath Local File Inclusion
Posted Jul 15, 2019
Authored by Mohammed Althibyani

FlightPath versions prior to 4.8.2 and 5.0-rc2 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2019-13396
MD5 | 81a5a17dad2e62aa8208195f197d9a8c
Ubuntu Security Notice USN-4051-2
Posted Jul 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4051-2 - USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-7307
MD5 | 733b6aa2acd3d9fb477fc75c12b7e718
Ubuntu Security Notice USN-4053-1
Posted Jul 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4053-1 - It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-12447, CVE-2019-12449, CVE-2019-12795
MD5 | 7299d5d25ade3a7cb44bb496e5b0fbc5
Ubuntu Security Notice USN-4051-1
Posted Jul 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4051-1 - Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-7307
MD5 | 23144505a813252b7919bf5f1a86185f
Ubuntu Security Notice USN-4052-1
Posted Jul 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4052-1 - Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-11476
MD5 | 676f56ff3a2471481b6312ae1fb3db60
Karenderia CMS 5.1 Local File Inclusion
Posted Jul 4, 2019
Authored by Mehmet Emiroglu

Karenderia CMS version 5.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 2952a4c298b557165f29dd1aac506d88
Linux Mint 19.1 yelp Command Injection
Posted Jul 1, 2019
Authored by b1ack0wl | Site metasploit.com

This Metasploit module exploits a vulnerability within the "ghelp", "help" and "man" URI handlers within Linux Mint's "ubuntu-system-adjustments" package. Invoking any one the URI handlers will call the python script "/usr/local/bin/yelp" with the contents of the supplied URI handler as its argument. The script will then search for the strings "gnome-help" or "ubuntu-help" and if doesn't find either of them it'll then execute os.system("/usr/bin/yelp %s" % args). User interaction is required to exploit this vulnerability. Versions 18.3 through 19.1 are affected.

tags | exploit, local, python
systems | linux, ubuntu
MD5 | 314957596e0141c5ba05cd2c7a3cd537
Nagios XI Magpie_debug.php Root Remote Code Execution
Posted Jun 25, 2019
Authored by Chris Lyne, Guillaume Andre | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.

tags | exploit, remote, shell, local, root, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
MD5 | 6f7a8dbb53ba27c5718670f3c77faad2
Ubuntu Security Notice USN-4031-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4031-1 - It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-12817
MD5 | 05d74247facac291d092a3fd048fdbf3
Ubuntu Security Notice USN-3977-3
Posted Jun 21, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3977-3 - USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
MD5 | 7d6f28963f36a25f076f4f2ec44f1ea3
Tuneclone 2.20 SEH Buffer Overflow
Posted Jun 20, 2019
Authored by Achilles

Tuneclone version 2.20 local SEH buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 479a2fb1fba4ae47f29b260c79eb4bfc
Ubuntu Security Notice USN-4021-1
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4021-1 - Daniel P. Berrangé discovered that libvirt incorrectly handled socket permissions. A local attacker could possibly use this issue to access libvirt. It was discovered that libvirt incorrectly performed certain permission checks. A remote attacker could possibly use this issue to access the guest agent and cause a denial of service. This issue only affected Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-10132, CVE-2019-3886
MD5 | 86af14faf8c00a8bd9502479439a44ed
Red Hat Security Advisory 2019-1517-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1517-01 - GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol, Secure Shell File Transfer Protocol, Web Distributed Authoring and Versioning, Common Internet File System, Server Message Block, and other protocols. GVFS integrates with the GNOME I/O abstraction layer. A file access vulnerability has been addressed.

tags | advisory, remote, web, shell, local, protocol
systems | linux, redhat
advisories | CVE-2019-3827
MD5 | 44ff7086c4d65b921692f456eef85006
Serv-U FTP Server 15.1.6 Privilege Escalation
Posted Jun 18, 2019
Authored by Guy Levin

Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2019-12181
MD5 | 568a7c41b8727741f4dca72a4167fdc1
Exim 4.91 Local Privilege Escalation
Posted Jun 17, 2019
Authored by Marco Ivaldi

Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2019-10149
MD5 | 1d5aa0f1d059b2ed175b1fa8c14d897f
Dell EMC Avamar ADMe Web UI 1.0.50 / 1.0.51 Local File Inclusion
Posted Jun 14, 2019
Authored by Dell Product Security Incident Response Team, Ken Pyle | Site dellemc.com

Dell EMC Avamar ADMe Web Interface is affected by a local file inclusion vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. Versions 1.0.50 and 1.0.51 are affected.

tags | advisory, web, arbitrary, local, file inclusion
advisories | CVE-2019-3737
MD5 | b08560c4e11f44a30c641145b375c2f5
CentOS 7.6 ptrace_scope Privlege Escalation
Posted Jun 14, 2019
Authored by Marcelo Vazquez

CentOS version 7.6 ptrace_scope misconfiguration local privilege escalation exploit.

tags | exploit, local
systems | linux, centos
MD5 | 3119c59ec26a7612366c8c03e0353aef
Aida64 6.00.5100 SEH Buffer Overflow
Posted Jun 14, 2019
Authored by Nipun Jaswal

Aida64 version 6.00.5100 Log to CSV File local SEH buffer overflow exploit.

tags | exploit, overflow, local
MD5 | b7d09dcd2ab63b14316e0b11aef8cde5
Debian Security Advisory 4462-1
Posted Jun 13, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4462-1 - Joe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system. The implementation of the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a symbolic link attack. A local attacker could take advantage of this flaw to bypass authentication and connect to a DBusServer with elevated privileges.

tags | advisory, local, bypass
systems | linux, debian
advisories | CVE-2019-12749
MD5 | 9816094dce3bede2d44f5d97fcc1650e
Pronestor Health Monitoring Privilege Escalation
Posted Jun 13, 2019
Authored by Povlteksttv

Pronestor Health Monitoring versions prior to 8.1.12.0 suffer from a local privilege escalation vulnerability due to weak file permissions.

tags | exploit, local
advisories | CVE-2018-19113
MD5 | 12a7fed8e5e3f2a77594a5bc82b47e2f
Telus Actiontec T2200H Local Privilege Escalation
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2019-12789
MD5 | e98dd080d3db4e14385e367484d9e1a8
Ubuntu Security Notice USN-4015-2
Posted Jun 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4015-2 - USN-4015-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-12749
MD5 | 858566474c9d65682eb11736fb49e199
Telus Actiontec WEB6000Q Privilege Escalation
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities.

tags | exploit, remote, local, vulnerability
advisories | CVE-2018-15555, CVE-2018-15556, CVE-2018-15557
MD5 | ca74c3825d757d6127b49c81ec399a93
Ubuntu Security Notice USN-4015-1
Posted Jun 11, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4015-1 - Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-12749
MD5 | a1dc0907e7644ed8277face860754923
ProShow 9.0.3797 Privilege Escalation
Posted Jun 11, 2019
Authored by Yonatan Correa

ProShow version 9.0.3797 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2019-12788
MD5 | 42b3988cfa22cf6463fa6636034919af
Page 1 of 530
Back12345Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close