exploit the possibilities
Showing 101 - 125 of 13,720 RSS Feed

Local Files

Boxoft Convert Master 1.3.0 Local Buffer Overflow
Posted Nov 20, 2020
Authored by Achilles

Boxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | f956aa989b00a65c070070cfbabf0008
Medical Center Portal Management System SQL Injection
Posted Nov 17, 2020
Authored by gh1mau

Medical Center Portal Management System released prior to November 16, 2020 have been identified as being susceptible to a local file inclusion vulnerability.

tags | exploit, local, sql injection, file inclusion
MD5 | ebb1a8cb615f15dc9ac1503fc00676dc
Online News Portal Local File Inclusion
Posted Nov 17, 2020
Authored by gh1mau

Online News Portal versions released prior to November 16, 2020 have been identified as being susceptible to a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 150d4a01deee247d05bff4f6b2ff5485
AIX 5.3L libc Buffer Overflow
Posted Nov 17, 2020
Authored by Hacker Fantastic

AIX version 5.3L libc local environment handling local root exploit. The AIX 5.3L (and possibly others) libc is vulnerable to multiple buffer overflow issues in the handling of locale environment variables. This allows for exploitation of any setuid root binary that makes use of functions such as setlocale() which do not perform bounds checking when handling LC_* environment variables. An attacker can leverage this issue to obtain root privileges on an impacted AIX system. This exploit makes use of the "/usr/bin/su" binary to trigger the overflow through LC_ALL and obtain root.

tags | exploit, overflow, local, root
systems | aix
MD5 | 5a8e7e11f2da1598bdca5bdbbf71d224
Gentoo Linux Security Advisory 202011-18
Posted Nov 16, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202011-18 - Apache Ant uses various insecure temporary files possibly allowing local code execution. Versions less than 1.10.9 are affected.

tags | advisory, local, code execution
systems | linux, gentoo
advisories | CVE-2020-11979
MD5 | 7cc68dbbc5e2a4e57e20b6c2186249bb
Intel NUC Local Privilege Escalation
Posted Nov 16, 2020
Authored by S.AbenMassaoud | Site vulnerability-lab.com

Intel NUC suffers from a local privilege escalation vulnerability.

tags | advisory, local
MD5 | 931800d146c2676dcfdd36f0e0f77374
AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation
Posted Nov 16, 2020
Authored by Hacker Fantastic

AIX version 5.3L /usr/sbin/lquerypv local root privilege escalation exploit.

tags | exploit, local, root
systems | aix
MD5 | 404c3fced5ca1174299093282bd7c407
PMB 5.6 Local File Disclosure / Directory Traversal
Posted Nov 16, 2020
Authored by 41-trk

PMB version 5.6 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | 431ff9b71930385b5b2560f2e379a207
TOR Virtual Network Tunneling Tool 0.4.4.6
Posted Nov 13, 2020
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020-005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 3635b2f7b6645910bf702ce8eaeffd0d
Citrix ADC NetScaler Local File Inclusion
Posted Nov 13, 2020
Authored by Donny Maasland, Ramella Sebastien | Site metasploit.com

This Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.

tags | exploit, local, file inclusion
advisories | CVE-2020-8193, CVE-2020-8195, CVE-2020-8196
MD5 | d988d9b9c395233084520c1b63a93177
Ubuntu Security Notice USN-4171-6
Posted Nov 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-6 - USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.

tags | advisory, denial of service, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | bf6d214866122a7e4c574dda44e1251b
Sifter 11
Posted Nov 12, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: GHunt added for email reconnaissance. DeadTrap has been readded. Various other updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 2f14f230c864cc0ae600f8a638d40a88
Microsoft Windows Local Spooler Bypass
Posted Nov 11, 2020
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a local spooler bypass vulnerability.

tags | exploit, local, bypass
systems | windows
advisories | CVE-2020-1337, CVE-2020-17001
MD5 | 3f3c10cd2d2b0c404a73cddec7d03575
Ubuntu Security Notice USN-4628-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4628-1 - Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
MD5 | d5b28c9aff5b23a7f8ad7249a7633849
Ubuntu Security Notice USN-4627-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4627-1 - Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8694
MD5 | 68280722e12e55bac74350f6bcd8f78a
Ubuntu Security Notice USN-4626-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4626-1 - Simon Scannell discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information or gain administrative privileges. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-27194, CVE-2020-8694
MD5 | 826290928fcd6e76f591d4feea48dd2f
Ubuntu Security Notice USN-4623-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2020-25654
MD5 | a404c7158aa20923e972db53c69bdbcc
Ubuntu Security Notice USN-4621-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-1513, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812
MD5 | 7787dcf98d9b4adb884f3713beabae3a
Ubuntu Security Notice USN-4616-2
Posted Nov 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4616-2 - USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-14036, CVE-2020-16126
MD5 | 0cf5a3b172b2a9f7f18f5eb3b16aeda1
Ubuntu Security Notice USN-4617-1
Posted Nov 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4617-1 - Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service. Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service, or obtain sensitive file contents. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653
MD5 | eb32f5b8ddb04d03715a53a339bea7a0
Red Hat Security Advisory 2020-4568-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4568-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, remote, local, vulnerability
systems | linux, redhat
advisories | CVE-2020-10730
MD5 | e2b1db22bf574177857ee6a604708cc2
Sifter 10.6m
Posted Nov 4, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Various updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | f5f4272a5173462d780001a1c8b6d88a
Processwire CMS 2.4.0 Local File Inclusion
Posted Nov 3, 2020
Authored by Y1LD1R1M

Processwire CMS version 2.4.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a16eb58aefe5f14c1f9c09c294a49bed
Ubuntu Security Notice USN-4616-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4616-1 - Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2018-14036, CVE-2020-16126, CVE-2020-16127
MD5 | 459484efda1c6062d667f1c0c7fe58a1
Ubuntu Security Notice USN-4614-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4614-1 - Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-16125
MD5 | 39b3740000f421ed649cff459f6228fa
Page 5 of 549
Back34567Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close