exploit the possibilities
Showing 76 - 100 of 13,583 RSS Feed

Local Files

Gentoo Linux Security Advisory 202007-25
Posted Jul 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-25 - A vulnerability was discovered in arpwatch which may allow local attackers to gain root privileges. Versions less than 2.1.15-r11 are affected.

tags | advisory, local, root
systems | linux, gentoo
MD5 | 4e7940c097f7141584f2b7f5ee8b0ee6
F5 Big-IP 13.1.3 Build 0.0.6 Local File Inclusion
Posted Jul 27, 2020
Authored by Carlos E. Vieira

F5 Big-IP versions 13.1.3 Build 0.0.6 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-5902
MD5 | b2e61907a263f05cda5368c904a3e106
Bio Star 2.8.2 Local File Inclusion
Posted Jul 27, 2020
Authored by Bashaer AlHarthy, Rian Saaty, Safeyah Alhazmi

Bio Star version 2.8.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-15050
MD5 | 27371df2c5b87c59458e1241e0ee2306
Microsoft Windows Unsafe Handling Practices
Posted Jul 27, 2020
Authored by Stefan Kanthak

This post outlines multiple unsafe practices in Microsoft Windows that can allow for local privilege escalation.

tags | exploit, local
systems | windows
MD5 | 03789d62f112efaa28c4a21b48da3f31
Socusoft Photo To Video Converter Professional 8.07 Buffer Overflow
Posted Jul 27, 2020
Authored by MasterVlad

Socusoft Photo to Video Converter Professional version 8.07 SEH egghunter local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 795c779312ce9e494725b85da115a91f
DiskBoss 7.7.14 Local Buffer Overflow
Posted Jul 26, 2020
Authored by MasterVlad

DiskBoss version 7.7.14 SEH egghunter local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | efdae2b655edaeb74e71334da224fb92
Nidesoft DVD Ripper 5.2.18 Local Buffer Overflow
Posted Jul 26, 2020
Authored by Felipe Winsnes

Nidesoft DVD Ripper version 5.2.18 SEH local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 2a87e1326b8125eebb33c6184a3eb0ea
Frigate Professional 3.36.0.9 Local Buffer Overflow
Posted Jul 25, 2020
Authored by MasterVlad

Frigate Professional version 3.36.0.9 SEH egghunter local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 39627eb40a5146c8f7e292a59ed17548
Sifter 8.6
Posted Jul 24, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Additions and updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 9ccd5f6cc6d0d8788553c5243fefa244
Sifter 8.5_2
Posted Jul 23, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Additions and updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 0ddbf77e3f66668850e97c61ab715136
FTPDummy! 4.80 Local Buffer Overflow
Posted Jul 23, 2020
Authored by Felipe Winsnes

FTPDummy! version 4.80 local SEH buffer overflow exploit that pops calc.exe.

tags | exploit, overflow, local
MD5 | 5dcc1a08b3ade2f526a2a0acfc1b5bbc
Ubuntu Security Notice USN-4425-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4425-1 - It was discovered that the network block device implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service. It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-16089, CVE-2019-19462, CVE-2020-11935, CVE-2020-15780
MD5 | e1761cf826ff6144d075ef68b7a8162d
Ubuntu Security Notice USN-4427-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4427-1 - It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information. Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-12380, CVE-2019-19947, CVE-2019-20810, CVE-2019-20908, CVE-2020-10732, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-11935, CVE-2020-13974
MD5 | f507315d6608e55168aa521403f99c05
Ubuntu Security Notice USN-4426-1
Posted Jul 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4426-1 - Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-20908, CVE-2020-10757, CVE-2020-11935, CVE-2020-15780
MD5 | 214e26f4f8e9c0137ebda05513d8ff05
Simple Startup Manager 1.17 Buffer Overflow
Posted Jul 17, 2020
Authored by Povlteksttv

Simple Startup Manager version 1.17 local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
MD5 | 04b3558b2a638d3ad2f31773374f1d75
Sifter 8.5
Posted Jul 17, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Additions and updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 648a4a1b121aef29f6ad6efa41f49b08
BSA Radar 1.6.7234.24750 Local File Inclusion
Posted Jul 14, 2020
Authored by William Summerhill

BSA Radar version 1.6.7234.24750 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-14946
MD5 | 4f8724486f85bed5c6ebc292e5dde54d
Sifter 8.2
Posted Jul 13, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Additions and updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | fa37134a6d1b9096eeba0482a13fd6e1
Pandora FMS 7.0 NG 7XX Remote Command Execution
Posted Jul 11, 2020
Authored by Fernando Catoira, Erik Wynter, Julio Sanchez | Site metasploit.com

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).

tags | exploit, web, arbitrary, shell, local, php
systems | linux, centos
advisories | CVE-2020-13851
MD5 | f5291266eaebb8b290e3a0b7e6659455
Sifter 8
Posted Jul 10, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Additions include Espionage, KatanaFramework, PowerHub, MetaSploit, Spiderfoot, and Email2PhoneNumber. Various fixes.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 32d4677dbd11ce03da6fd2315b2f43f0
Microsoft OneDrive 19.232.1124.0010 DLL Hijacking
Posted Jul 10, 2020
Authored by Yorick Koster, Securify B.V.

A file hijacking vulnerability was found in the Microsoft OneDrive client. This vulnerability allows a local attacker to plant a DLL file on the local machine. This DLL will then be loaded whenever (another) user launches OneDrive, running with the privileges of the victim. This issue was successfully verified on Microsoft OneDrive version 19.232.1124.0010.

tags | exploit, local
MD5 | 834603f1a95f27a160459efee2807af1
TOR Virtual Network Tunneling Tool 0.4.3.6
Posted Jul 9, 2020
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.4.3.6 backports several bugfixes from later releases, including some affecting usability. This release also fixes TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020-15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2020-15572
MD5 | 78a733e2f528354c1706b143119579f6
Ubuntu Security Notice USN-4419-1
Posted Jul 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4419-1 - It was discovered that a race condition existed in the Precision Time Protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-10690, CVE-2020-10711, CVE-2020-12770, CVE-2020-13143, CVE-2020-8992
MD5 | 1a43296b82c72fbb0f52cc4e8828d2f4
Sony PS4 / FreeBSD ip6_setpktopt Local Privilege Escalation
Posted Jul 7, 2020
Authored by TheFloW

Sony PS4 versions prior to 7.02 and FreeBSD versions 9 and 12 ip6_setpktopt kernel local privilege escalation proof of concept exploit.

tags | exploit, kernel, local, proof of concept
systems | freebsd, bsd
MD5 | 66081af37b3d9c2473d365c7b2e2bfc3
openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
MD5 | 07a638401a07dae3fe0cc15b5a196965
Page 4 of 544
Back23456Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close