what you don't know can hurt you
Showing 26 - 50 of 13,201 RSS Feed

Local Files

Red Hat Security Advisory 2019-0917-01
Posted May 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0917-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fibre Channel, iSCSI, and NFS mounts attached to Compute nodes. Issues addressed include a data retention issue post deletion.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2017-15139
MD5 | 5142f017c19ecf1c4c99522e0bc2030c
osTicket 1.11 Cross Site Scripting / Local File Inclusion
Posted Apr 25, 2019
Authored by Ozkan Mustafa Akkus

osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | c6bdf1690086d5f3d63da393f7da49fb
Ubuntu Security Notice USN-3952-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3952-1 - Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2018-16877, CVE-2018-16878, CVE-2019-3885
MD5 | 6d6606b6866df85302940916894d495a
WordPress Contact Form Builder 1.0.67 CSRF / LFI
Posted Apr 22, 2019
Authored by Panagiotis Vagenas

WordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | f6686ff9fc966ce12dba21aec12aaeb0
Ubuntu Security Notice USN-3914-2
Posted Apr 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3914-2 - USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
MD5 | 638dfeb13e7ed7bedc1821f142a0ea35
Nagios XI 5.5.10 XSS / Remote Code Execution
Posted Apr 12, 2019
Authored by Abdel Adim Oisfi

Various vulnerabilities have been found in Nagios XI version 5.5.10, which allow a remote attacker able to trick an authenticated victim (with "autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation.

tags | exploit, remote, shell, local, root, vulnerability, code execution, xss
advisories | CVE-2019-9164, CVE-2019-9165, CVE-2019-9166, CVE-2019-9167, CVE-2019-9202, CVE-2019-9203, CVE-2019-9204
MD5 | a57f6817171de50e793d88c586dbe05c
FTPShell Server 6.83 Account Name To Ban Local Buffer Overflow
Posted Apr 10, 2019
Authored by Dino Covotsos

FTPShell Server version 6.83 Account name to ban local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | f72312aa5b4338768208026da2709235
FTPShell Server 6.83 Virtual Path Mapping Local Buffer Overflow
Posted Apr 10, 2019
Authored by Dino Covotsos

FTPShell Server version 6.83 Virtual Path Mapping local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 2e94eb3631317d0ae0e34bf110f586ea
Debian Security Advisory 4428-1
Posted Apr 9, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4428-1 - Jann Horn discovered that the PAM module in systemd insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. A remote attacker with SSH access can take advantage of this issue to gain PolicyKit privileges that are normally only granted to clients in an active session on the local console.

tags | advisory, remote, local, spoof
systems | linux, debian
advisories | CVE-2019-3842
MD5 | 581ff7de6fc4c8317db5062a9bb2215a
Ubuntu Security Notice USN-3938-1
Posted Apr 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3938-1 - Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges.

tags | advisory, local, spoof
systems | linux, ubuntu
advisories | CVE-2019-3842
MD5 | 1ea66e9f11b68b91474bff6257eec73d
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
Posted Apr 8, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 up to 2.4.38 apache2ctl graceful logrotate local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2019-0211
MD5 | 5c83e7c4b08d7c21ba57dab3c4dc0116
River Past Cam Do 3.7.6 Local Buffer Overflow
Posted Apr 8, 2019
Authored by Chris Au

River Past Cam Do version 3.7.6 suffers from an activation code local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | a562f9e2659de19cabd62a345ea43543
WordPress Form Maker 1.13.2 Cross Site Request Forgery / Local File Inclusion
Posted Apr 5, 2019
Authored by Panagiotis Vagenas

WordPress Form Maker plugin version 1.13.2 suffers from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 8deea4221b9f9ccb2ca588bc0021f050
WordPress 5.0.0 crop-image Shell Upload
Posted Apr 4, 2019
Authored by RIPSTECH Technology, Wilfried Becard | Site metasploit.com

This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.

tags | exploit, local, file inclusion
systems | unix
advisories | CVE-2019-8942, CVE-2019-8943
MD5 | 7a9d7962c7566662c546f3360497c2ce
Apache 2.4.38 Root Privilege Escalation
Posted Apr 4, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.

tags | exploit, arbitrary, local, root
advisories | CVE-2019-0211
MD5 | a10477996e9695e8e509d183fa786a50
Ubuntu Security Notice USN-3935-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517, CVE-2018-20679
MD5 | 537cbc38c3f21a909d462cda7acf5390
Ubuntu Security Notice USN-3934-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3934-1 - It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-6133
MD5 | 7bcf3c55b5d0c03de851971d584765dc
Ubuntu Security Notice USN-3933-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3933-1 - It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000410, CVE-2017-18360, CVE-2018-19824, CVE-2019-3460, CVE-2019-6974, CVE-2019-7222, CVE-2019-9213
MD5 | c6a1e9ef0ee7cd623c284d5d2c87b9a1
Ubuntu Security Notice USN-3932-2
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3932-2 - USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18249, CVE-2018-14610, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14616, CVE-2018-16884, CVE-2018-9517, CVE-2019-3459, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213
MD5 | c8aeb128181b7d8ea050f623d95a395e
Ubuntu Security Notice USN-3932-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3932-1 - It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-18249, CVE-2018-14610, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14616, CVE-2018-16884, CVE-2018-9517, CVE-2019-3459, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213
MD5 | 8a7e323053a3b6c044afbb4d8c0594bb
phpFileManager 1.7.8 Local File Inclusion
Posted Apr 2, 2019
Authored by Murat Kalafatoglu

phpFileManager version 1.7.8 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | f47a6582f630e20a6c4444e709ce0680
AIDA64 Extreme Edition 5.99.4800 Buffer Overflow
Posted Apr 2, 2019
Authored by Peyman Forouzan

AIDA64 Extreme Edition version 5.99.4800 local SEH buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 3336b41b986d7e003d9f1d0d650daddb
Ubuntu Security Notice USN-3928-1
Posted Apr 1, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3928-1 - It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-7524
MD5 | e8e381e3194fa8e084140ffae3875bdb
Ubuntu Security Notice USN-3927-1
Posted Mar 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3927-1 - It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-18506, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9810
MD5 | 0d66fa4f21353894c143dec150943113
Thomson Reuters Concourse And Firm Central Local File Inclusion / Directory Traversal
Posted Mar 29, 2019
Authored by 0v3rride

Thomson Reuters Concourse and Firm Central versions prior to 2.13.0097 suffer from directory traversal and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
advisories | CVE-2019-8385
MD5 | 2f1c67379d50d0c5a6e338f892cd9916
Page 2 of 528
Back12345Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close