Ray versions prior to 2.8.1 are vulnerable to a local file inclusion vulnerability.
bd052a339883d4fb2b7584d0b637a7cf11576c8925a84f832d496feb70c87eff
It was found that Internet Explorer allows the disclosure of local file names. This issue exists due to the fact that Internet Explorer behaves different for file:// URLs pointing to existing and non-existent files. When used in combination with HTML5 sandbox iframes it is possible to use this behavior to find out if a local file exists. This technique only works on Internet Explorer 10 and 11 since these support the HTML5 sandbox. Also it is not possible to do this from a regular website as file:// URLs are blocked all together. The attack must be performed locally (works with Internet zone Mark of the Web) or from a share.
0b30e1f06e794629552d9172732b96c2d1cf6a789686d06961747f044e43ffcb
This Metasploit module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read from disk may be cracked, potentially resulting in administrator-level access to the target device. This vulnerability is tracked as CVE-2024-24919.
169aeb5edb0fd49f3f4c9c7b61035ba1bf84b48fbb9e4daff74aeca573f80047
Microweber CMS v1.2.10 has a backup functionality. Upload and download endpoints can be combined to read any file from the filesystem. Upload function may delete the local file if the web service user has access.
d140c745b815fe81da082fc26473f314fb74dc65ae2d3694532c7cb7f81aa0b4
This Metasploit module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.
51c57f3920e9435bf62bbd93f1635f5a4935408c0f9db23d25b25d8babebaaee
This Metasploit module exploits a local file inclusion in QNAP QTS and Photo Station that allows an unauthenticated attacker to download files from the QNAP filesystem. Because the HTTP server runs as root, it is possible to access sensitive files, such as SSH private keys and password hashes. This Metasploit module has been tested on QTS 4.3.3 (unknown Photo Station version) and QTS 4.3.6 with Photo Station 5.7.9.
70107b0adbe195b76131c10cdea4a24c8ea076a3a1b93c6596908a86f7bcd91a
Generates a .webarchive file for Mac OS X Safari that will attempt to inject cross-domain Javascript (UXSS), silently install a browser extension, collect user information, steal the cookie database, and steal arbitrary local files. When opened on the target machine the webarchive file must not have the quarantine attribute set, as this forces the webarchive to execute in a sandbox.
111b8b484280c1043940976e5d33858cc2c48891b75d23d8260fce63f84a668f
This Metasploit module exploits a denial of service flaw in the Microsoft Windows SMB service on versions of Windows Server 2003 that have been configured as a domain controller. By sending a specially crafted election request, an attacker can cause a pool overflow. The vulnerability appears to be due to an error handling a length value while calculating the amount of memory to copy to a buffer. When there are zero bytes left in the buffer, the length value is improperly decremented and an integer underflow occurs. The resulting value is used in several calculations and is then passed as the length value to an inline memcpy operation. Unfortunately, the length value appears to be fixed at -2 (0xfffffffe) and causes considerable damage to kernel heap memory. While theoretically possible, it does not appear to be trivial to turn this vulnerability into remote (or even local) code execution.
83963f7202852444f496b9b32c24f1f420890784a7bc742ab76e1e65e71e2d4b
Ubuntu Security Notice 6972-4 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
d6b50c131f18f6b9b7c0f2300ad92a70f2206c0991d489417cdd16254ef44e85
Ubuntu Security Notice 6973-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
a325b799595b72a18154d2d301c9c5796e3969dac597c03abbaa74b4c02185e8
Das U-Boot suffers from a buffer overread vulnerability. An attacker with access to the local network and faster response times than the default DHCP server can trigger a memory leak by responding with malicious DHCP offers to a vulnerable U-Boot DHCP client.
eeff70713d71d99b1f63f18864f92054909a4869b0f21dc708548d13aad4f07a
Ubuntu Security Notice 6973-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
ae63bfb6e280dd009e2c0a5fe99dec56f207432686e72f972bd7822a124051d0
Ubuntu Security Notice 6972-3 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
3851e01a35e3009f6057ef8b82450d14866f3831ab11b59ea760316705789735
Ubuntu Security Notice 6972-2 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
acaa7aeb3c375a4913a07e5d0aa74402fb2d43b16512470a070fadc35ed53462
Ubuntu Security Notice 6976-1 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
05b1dd718bcd1e6c1a1d60a1aa46ca6c1f9381e6b519d89cafc379f7b4ae0c4a
Ubuntu Security Notice 6973-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
fbca997e8fb0b0108b19ed617ab716e3ace23ba2704b068d8f598bc8a75cc406
Ubuntu Security Notice 6972-1 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
7044bddad2c32a2e95843e009e31f1f4c2072c24a8eedbaf8408e0060bfface0
Ubuntu Security Notice 6967-1 - It was discovered that some Intel® Core™ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not correctly transition between the executive monitor and SMI transfer monitor. A privileged local attacker could use this to escalate their privileges.
08be1e8b8325d1c956aae2f3a5bf9466a45a45ffbf20319795691bd264cd5dbc
In K7 Ultimate Security versions prior to 17.0.2019, the driver file (K7RKScan.sys - this version 15.1.0.7) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of a null pointer dereference from IOCtl 0x222010 and 0x222014. At the same time, the drive is accessible to all users in the "Everyone" group.
bfb4ecddc23a05440389081ce78b782dbf92b391de062ebc99d6641e95cdaa89
Ubuntu Security Notice 6952-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
2ec5b9718d9b9c02dfbc17231e580ae35883ce5fe7b5f347d0827492d4006ee2
Ubuntu Security Notice 6957-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
1b6c671ad22c716b20a65f830f590ef38c4830f15665bdd63a827e4614b24266
Ubuntu Security Notice 6956-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f464d432d9b36ce1075f907239578c853edeab79402ddca247833a78cc930be9
Ubuntu Security Notice 6926-3 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.
67f80c016324f30ff3664a941b9a12abe1b24c7c9def9edb0d9cde6176d5315c
Ubuntu Security Notice 6952-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
4096317c1a9bde967a3c305817802b1b430dad31a7749285f4b9eebbdce233f9
Journyx version 11.5.4 has an issue where the soap_cgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
d02349f8de0a00286e575cc45dab4471af755c8a75e014e67fe77d724cd9c5fa