Exploit the possiblities
Showing 26 - 50 of 12,685 RSS Feed

Local Files

Bomgar Remote Support Local Privilege Escalation
Posted Oct 26, 2017
Authored by Mitch Kucia, Robert Wessen | Site vsecurity.com

Bomgar Remote Support suffers from a local privilege escalation vulnerability. Versions affected include 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4.

tags | advisory, remote, local
advisories | CVE-2017-5996
MD5 | 0039b1714200148c18f1cccb6f865461
TOR Virtual Network Tunneling Tool 0.3.1.8
Posted Oct 26, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.1.7 is the second stable release in the 0.3.1 series. It includes several bugfixes, including a bugfix for a crash issue that had affected relays under memory pressure. It also adds a new directory authority, Bastet.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | d04334a15527f9391a46d5ebf3d34782
Sophos UTM 9 Management Appplication Local File Inclusion
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Sophos UTM 9 suffers from a local file inclusion vulnerability. Version 9.410 is affected.

tags | exploit, local, file inclusion
MD5 | 9dd2a9188e82f74e56570b54972a43c5
CometChat Local File Inclusion
Posted Oct 25, 2017
Authored by Luke Paris

CometChat versions prior to 6.2.0 BETA 1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 581727ce83f6335ab8ce9ade243546d8
Ubuntu Security Notice USN-3462-1
Posted Oct 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3462-1 - Jan PokornA1/2 and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker could possibly use this issue to shut down connections, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2016-7035, CVE-2016-7797
MD5 | a5d252d4d1b9c6e38ac137a0ec0f33a1
Mikogo 5.4.1.160608 Local Credentials Disclosure
Posted Oct 24, 2017
Authored by LiquidWorm | Site zeroscience.mk

Mikogo version 5.4.1.160608 is vulnerable to local credential disclosure. The supplied password is stored as a MD5 hash format in memory. A potential attacker could reveal the supplied password hash and re-use it or store it via the configuration file in order to gain access to the account.

tags | exploit, local
MD5 | 419a8443310d3d0785a7ddbe412a4f5d
Ubuntu Security Notice USN-3461-1
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3461-1 - It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-6257, CVE-2017-6259, CVE-2017-6266, CVE-2017-6267, CVE-2017-6272
MD5 | b36d6a3043d7c58c72e12d941ea51360
Red Hat Security Advisory 2017-2931-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2931-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | c1dbd6840e2e16c4205c17a6e62ec9fa
Red Hat Security Advisory 2017-2930-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2930-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | bde81e8df0854f9e0da92d2d031727b7
BMC Remedy LFI / RFI / XSS / Code Execution
Posted Oct 19, 2017
Authored by Simon Rawet

BMC Remedy suffers from log hijacking, code execution, cross site scripting, local/remote file inclusion, and various other vulnerabilities.

tags | advisory, remote, local, vulnerability, code execution, xss, file inclusion
MD5 | 6a00391d6567c156d616b913657c8b20
Red Hat Security Advisory 2017-2918-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2918-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-14340, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | 8518b2d326398c1a3d949f4ea8241046
Hashicorp vagrant-vmware-fusion 4.0.24 Local Root Privilege Escalation
Posted Oct 18, 2017
Authored by Mark Wadham

Hashicorp vagrant-vmware-fusion versions 4.0.24 and below suffer from a local privilege escalation vulnerability. This is the same issue that affected the last version but the vendor failed to properly address the issue.

tags | exploit, local
advisories | CVE-2017-12579
MD5 | 6c5c0f0f63ac31c446e807ee7d596117
Gentoo Linux Security Advisory 201710-17
Posted Oct 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-17 - Multiple vulnerabilities have been found in Xen, the worst of which may allow local attackers to escalate privileges. Versions less than 4.7.3 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10918, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922
MD5 | 63531e2c2da18568085bb8fc3ea2d365
HP Security Bulletin HPESBHF03789 2
Posted Oct 17, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03789 2 - A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data. Revision 2 of this advisory.

tags | advisory, remote, local
advisories | CVE-2017-15361
MD5 | 6cc8c26e097ef2b276493dd3f2b13fbc
DuckieTV CMS 1.1.5 Local File Inclusion
Posted Oct 13, 2017
Authored by M.R.S.L.Y

DuckieTV CMS version 1.1.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2016-4314
MD5 | 0f7c3ac190d24812bb19d4a0af0f7e8a
Typo3 Restler 1.7.0 Local File Disclosure
Posted Oct 13, 2017
Authored by CrashBandicot

Typo3 Restler extension version 1.7.0 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | db484565b63241f99e97deaf4de0e92b
Kernel Live Patch Security Notice LSN-0031-1
Posted Oct 11, 2017
Authored by Benjamin M. Romer

net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local, tcp
systems | linux
advisories | CVE-2017-11600
MD5 | 06dff9f017da1957172af525b25cfd62
Ubuntu Security Notice USN-3443-3
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3443-3 - Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2017-14106
MD5 | cf13fc16151a8ca7752a3f37d942f30b
Ubuntu Security Notice USN-3445-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3445-1 - Eyal Itkin discovered that the IP over IEEE 1394 implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2016-8633, CVE-2017-14106
MD5 | 4f1cff5d96815c2ffb8075194ffc53da
Ubuntu Security Notice USN-3444-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3444-1 - Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2017-12134, CVE-2017-14106, CVE-2017-14140
MD5 | 69e05e53e6c024f8c444c2dfccbfb315
Ubuntu Security Notice USN-3443-2
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3443-2 - USN-3443-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000255, CVE-2017-14106
MD5 | 91164309cd3b29bf3210db52dcd49238
Ubuntu Security Notice USN-3443-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3443-1 - It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2017-1000255, CVE-2017-14106
MD5 | 0b9e8c257d9b94091abf3f9093e86b5b
Ubuntu Security Notice USN-3442-1
Posted Oct 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3442-1 - It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2017-13720, CVE-2017-13722
MD5 | f1b96fa2976eb69edd55a904b06a7e78
WordPress Ad Widget 2.10.0 Local File Inclusion
Posted Oct 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a02c1bb177145fdea032f28a60278396
PyroBatchFTP 3.17 Buffer Overflow
Posted Oct 9, 2017
Authored by Kevin McGuigan

PyroBatchFTP version 3.17 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
advisories | CVE-2017-15035
MD5 | bf52c10ef56c7f41656ce36b50a4981f
Page 2 of 508
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close