exploit the possibilities
Showing 1 - 25 of 13,594 RSS Feed

Local Files

Red Hat Security Advisory 2020-4391-01
Posted Oct 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4391-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2020-10755
MD5 | d7d644f1e0cca176509c26368eef462f
Ubuntu Security Notice USN-4552-3
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-16729
MD5 | 632ca4e5ebf9fb3048aa8ec5c35d3c54
Red Hat Security Advisory 2020-4283-01
Posted Oct 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4283-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2020-10755
MD5 | 770ac2ee761092d1f8affbe880ff74f2
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
Posted Oct 28, 2020
Authored by Ivo Palazzolo

Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
advisories | CVE-2020-14864
MD5 | 067512dbc1fd13c960d6837eb1c78dd9
Blueman Local Root / Privilege Escalation
Posted Oct 28, 2020
Authored by Vaisha Bernard

Blueman versions prior to 2.1.4 suffer from a local privilege escalation vulnerability that achieves root.

tags | exploit, local, root
advisories | CVE-2020-15238
MD5 | d12eee8c984e0886c5230dcda82b9d70
Ubuntu Security Notice USN-4605-1
Posted Oct 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4605-1 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-15238
MD5 | c8704c3d9669c74ad12984c2c0623dc0
Sifter 10.5f
Posted Oct 26, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Various updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 8df56851108239cc216beff14d5b8a3a
Ubuntu Security Notice USN-4552-2
Posted Oct 24, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4552-2 - Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-16729
MD5 | 8e2cfd8ac01a04276fbc8e5bfac08a5e
Hrsale 2.0.0 Local File Inclusion
Posted Oct 21, 2020
Authored by Sosecure

Hrsale version 2.0.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 88dac6a7e7cede1e94e86a14088dd82f
Sifter 10.4g
Posted Oct 20, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: GHunt added for email reconnaissance. DeadTrap has been readded. Various other updates and additions.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 295e8fb0ea4fe941b286e8c39240f816
ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal
Posted Oct 19, 2020
Authored by LiquidWorm | Site zeroscience.mk

ReQuest Serious Play Media Player version 3.0 suffers from an unauthenticated file disclosure vulnerability when input passed through the file parameter in tail.html and file.html script is not properly verified before being used to read web log files. This can be exploited to disclose contents of files from local resources.

tags | exploit, web, local
MD5 | 89e3f397315931eb686bb1c49abbbdca
CS-Cart 1.3.3 Local File Inclusion
Posted Oct 16, 2020
Authored by 0xmmnbassel

Details for performing a local file inclusion attack on CS-Cart version 1.3.3, a really old version.

tags | exploit, local, file inclusion
MD5 | efd32d23b8016e8ae463a6c744326e4e
Kernel Live Patch Security Notice LSN-0072-1
Posted Oct 14, 2020
Authored by Benjamin M. Romer

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). Other issues where also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2020-0067, CVE-2020-11494, CVE-2020-11935, CVE-2020-12114, CVE-2020-14386, CVE-2020-16119, CVE-2020-16120
MD5 | 14f02287095aa69b1f4a060649c3f887
Ubuntu Security Notice USN-4582-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4582-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. Various other issues were also addressed.

tags | advisory, arbitrary, shell, local
systems | linux, ubuntu
advisories | CVE-2017-17087, CVE-2019-20807
MD5 | e6159e2f38d8be01d2ed2841a3b41473
Ubuntu Security Notice USN-4580-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4580-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-16119
MD5 | 47ad87c37ce75e1cc13c79f7ebbb8cfa
Ubuntu Security Notice USN-4579-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4579-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2018-10322, CVE-2020-14314, CVE-2020-16119, CVE-2020-25285
MD5 | add5a165267e2db5c97379f45065737e
Ubuntu Security Notice USN-4578-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4578-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2018-10322, CVE-2019-19448, CVE-2020-14314, CVE-2020-16119, CVE-2020-16120, CVE-2020-25212, CVE-2020-26088
MD5 | d9b01e11bdf2b74c3573fcc5c0826039
Ubuntu Security Notice USN-4577-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4577-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-16119, CVE-2020-16120
MD5 | c65fe18f5d37112dbf0049f05d753dd1
Ubuntu Security Notice USN-4576-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4576-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-14314, CVE-2020-14385, CVE-2020-16119, CVE-2020-16120, CVE-2020-25285, CVE-2020-25641
MD5 | 73dae97a670b565b41f5e2687d970fc6
Sifter 10.21g
Posted Oct 14, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Updated README and various other bits.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 19f9c969f57d541617c0a2b33296dead
D-Link DSR-250N Denial Of Service
Posted Oct 8, 2020
Site redteam-pentesting.de

RedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.

tags | exploit, denial of service, local, cgi
advisories | CVE-2020-26567
MD5 | a274e955321f841c08a4f5a2f4a1dca9
Ubuntu Security Notice USN-4566-1
Posted Oct 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, arbitrary, local, imap
systems | linux, ubuntu
advisories | CVE-2019-11356, CVE-2019-19783
MD5 | 24a0f0b0c12ffc0d122c2f3854f8df99
Checkmk 1.6.0p16 Local Privilege Escalation
Posted Oct 2, 2020
Authored by Thierry Viaccoz

Checkmk version 1.6.0p16 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | e21d1df7920482548d547d5f1366637f
Cisco AnyConnect Privilege Escalation
Posted Sep 30, 2020
Authored by Yorick Koster, Christophe de la Fuente, Antoine Goichot | Site metasploit.com

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.

tags | exploit, arbitrary, local, tcp
systems | cisco, windows
advisories | CVE-2020-3153, CVE-2020-3433
MD5 | 6dab51a6758b6569e7dba4af74f482ed
Red Hat Security Advisory 2020-3944-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3944-01 - Universal Office Converter is a command line tool to convert any document format that LibreOffice can import to any document format that LibreOffice can export. It makes use of the LibreOffice's UNO bindings for non-interactive conversion of documents. Issues addressed include local file inclusion and server-side request forgery vulnerabilities.

tags | advisory, local, vulnerability, file inclusion
systems | linux, redhat
advisories | CVE-2019-17400
MD5 | 1a894e0156c35551711c8faebaf9c44b
Page 1 of 544
Back12345Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close