what you don't know can hurt you
Showing 1 - 25 of 13,688 RSS Feed

Local Files

Local Services Search Engine Management System 1.0 Cross Site Scripting
Posted Mar 3, 2021
Authored by Tushar Vaidya

Local Services Search Engine Management System (LSSMES) version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, local, xss
MD5 | 46876b9312a0d7f98c43a6325f026855
Local Services Search Engine Management System 1.0 SQL Injection
Posted Mar 3, 2021
Authored by Tushar Vaidya

Local Services Search Engine Management System (LSSMES) version 1.0 suffers from blind and error-based authenticated remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection
MD5 | 6051bc313dd2683b38e4b7e7256fd08a
Ubuntu Security Notice USN-4752-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4752-1 - Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437, CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815, CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369, CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
MD5 | 9add7841f0ccf8f64e1da83e75e06c64
Ubuntu Security Notice USN-4751-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4751-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25656, CVE-2020-25668, CVE-2020-25669, CVE-2020-25704, CVE-2020-27673, CVE-2020-27675, CVE-2020-27777, CVE-2020-27815, CVE-2020-27830, CVE-2020-27835, CVE-2020-28588, CVE-2020-28974, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
MD5 | 7bb32fb3e62f03bec71b2c606776cd36
Ubuntu Security Notice USN-4750-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4750-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25669, CVE-2020-27815, CVE-2020-28588, CVE-2020-28941, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661, CVE-2021-20177
MD5 | c85137173facaaae05662060f5c26ad1
Ubuntu Security Notice USN-4749-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4749-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25669, CVE-2020-27815, CVE-2020-29374, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660, CVE-2020-29661
MD5 | e814a088294feb0a838a75b2880951cd
Ubuntu Security Notice USN-4748-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4748-1 - It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-27815, CVE-2020-29374, CVE-2020-29568, CVE-2020-29660, CVE-2020-29661
MD5 | 89dfc2cac6b4f51b038cdb39707b3c65
dataSIMS Avionics ARINC 664-1 4.5.3 Buffer Overflow
Posted Feb 19, 2021
Authored by Kagan Capar

dataSIMS Avionics ARINC 664-1 version 4.5.3 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | b35c61735f270473a31e925b82681d2e
Apport 2.20 Privilege Escalation
Posted Feb 18, 2021
Authored by Gr33nh4t

Apport version 2.20 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 41ed08c45f621a8c566d4fe5ff7b8474
TOR Virtual Network Tunneling Tool 0.4.5.6
Posted Feb 16, 2021
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes related to Windows relay performance. It also includes numerous smaller features and bugfixes.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 22a04ef62c714b7d9d8928ebe238e4c4
Ubuntu Security Notice USN-4731-1
Posted Feb 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4731-1 - It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, local, info disclosure
systems | linux, ubuntu
advisories | CVE-2020-15250
MD5 | 3c3186cd3a91fda92432153a933f95e3
Ubuntu Security Notice USN-4727-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4727-1 - Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-26708
MD5 | a8c89d3cda17bd2462a03e3fd24d9971
Ubuntu Security Notice USN-4728-1
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4728-1 - Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-27352
MD5 | 086df1dbda8bd6351da6a2f9cd5a4644
Millewin 13.39.028 Unquoted Service Path / Insecure Permissions
Posted Feb 8, 2021
Authored by Andrea Intilangelo

Millewin version 13.39.028 suffers from a local privilege escalation issue due to insecure permission and unquoted service path vulnerabilities.

tags | exploit, local, vulnerability
advisories | CVE-2021-3394
MD5 | f069ddcee4ed6d84c74d51def0f46982
WordPress Supsystic Backup 2.3.9 Local File Inclusion
Posted Feb 8, 2021
Authored by Erik David Martin

WordPress Supsystic Backup plugin version 2.3.9 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | aa7db6fb704f48b330319ce9f9b505e6
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
Posted Feb 5, 2021
Authored by Blasty, Spencer McIntyre, Qualys Security Advisory, bwatters-r7, Alexander Krog | Site metasploit.com

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.

tags | exploit, overflow, local
advisories | CVE-2021-3156
MD5 | 5a520123546e73d450b7fef8df23c9de
TOR Virtual Network Tunneling Tool 0.4.4.7
Posted Feb 4, 2021
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 6ea60eb939ab3633a682a81fb46dd37f
Ubuntu Security Notice USN-4720-1
Posted Feb 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4720-1 - Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-25682, CVE-2021-25684
MD5 | 34798d94c26a3bd12acc34173bea402f
Ubuntu Security Notice USN-4720-2
Posted Feb 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4720-2 - USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-25682, CVE-2021-25684
MD5 | 49e34ac829aa531d6ce391a79f60d6fa
Kernel Live Patch Security Notice LSN-0074-1
Posted Feb 1, 2021
Authored by Benjamin M. Romer

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux
advisories | CVE-2020-0427, CVE-2020-12352, CVE-2020-25645, CVE-2020-28374
MD5 | 6330d3eeacc7aa6e678f919eefeb140b
Gentoo Linux Security Advisory 202101-38
Posted Jan 29, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-38 - A vulnerability was discovered in NSD which could allow a local attacker to cause a Denial of Service condition. Versions less than 4.3.4 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
advisories | CVE-2020-28935
MD5 | 966f120d946325517cbc311ac7388e47
Ubuntu Security Notice USN-4705-2
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-3156
MD5 | 83bcf987c775a6200689ce72ac3bb60a
Sifter 11.5
Posted Jan 27, 2021
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Install and run-time fixes added.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 3c86c5de8576ed5c3253bf01f0c44fd8
Ubuntu Security Notice USN-4705-1
Posted Jan 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4705-1 - It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-23239, CVE-2021-3156
MD5 | 7441929fd8273b9e8c967ac727cda7ea
Selea CarPlateServer 4.0.1.6 Local Privilege Escalation
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea CarPlateServer (CPS) version 4.0.1.6 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 1fdb0ca0e6a83adb86d6020b489e504c
Page 1 of 548
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close