exploit the possibilities
Showing 126 - 150 of 13,737 RSS Feed

Local Files

TOR Virtual Network Tunneling Tool 0.4.4.6
Posted Nov 13, 2020
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020-005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 3635b2f7b6645910bf702ce8eaeffd0d
Citrix ADC NetScaler Local File Inclusion
Posted Nov 13, 2020
Authored by Donny Maasland, Ramella Sebastien | Site metasploit.com

This Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.

tags | exploit, local, file inclusion
advisories | CVE-2020-8193, CVE-2020-8195, CVE-2020-8196
MD5 | d988d9b9c395233084520c1b63a93177
Ubuntu Security Notice USN-4171-6
Posted Nov 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-6 - USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.

tags | advisory, denial of service, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
MD5 | bf6d214866122a7e4c574dda44e1251b
Sifter 11
Posted Nov 12, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: GHunt added for email reconnaissance. DeadTrap has been readded. Various other updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 2f14f230c864cc0ae600f8a638d40a88
Microsoft Windows Local Spooler Bypass
Posted Nov 11, 2020
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a local spooler bypass vulnerability.

tags | exploit, local, bypass
systems | windows
advisories | CVE-2020-1337, CVE-2020-17001
MD5 | 3f3c10cd2d2b0c404a73cddec7d03575
Ubuntu Security Notice USN-4628-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4628-1 - Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
MD5 | d5b28c9aff5b23a7f8ad7249a7633849
Ubuntu Security Notice USN-4627-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4627-1 - Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8694
MD5 | 68280722e12e55bac74350f6bcd8f78a
Ubuntu Security Notice USN-4626-1
Posted Nov 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4626-1 - Simon Scannell discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information or gain administrative privileges. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-27194, CVE-2020-8694
MD5 | 826290928fcd6e76f591d4feea48dd2f
Ubuntu Security Notice USN-4623-1
Posted Nov 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4623-1 - Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2020-25654
MD5 | a404c7158aa20923e972db53c69bdbcc
Ubuntu Security Notice USN-4621-1
Posted Nov 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-1513, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812
MD5 | 7787dcf98d9b4adb884f3713beabae3a
Ubuntu Security Notice USN-4616-2
Posted Nov 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4616-2 - USN-4616-1 fixed several vulnerabilities in AccountsService. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-14036, CVE-2020-16126
MD5 | 0cf5a3b172b2a9f7f18f5eb3b16aeda1
Ubuntu Security Notice USN-4617-1
Posted Nov 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4617-1 - Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service. Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service, or obtain sensitive file contents. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653
MD5 | eb32f5b8ddb04d03715a53a339bea7a0
Red Hat Security Advisory 2020-4568-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4568-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, remote, local, vulnerability
systems | linux, redhat
advisories | CVE-2020-10730
MD5 | e2b1db22bf574177857ee6a604708cc2
Sifter 10.6m
Posted Nov 4, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Various updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | f5f4272a5173462d780001a1c8b6d88a
Processwire CMS 2.4.0 Local File Inclusion
Posted Nov 3, 2020
Authored by Y1LD1R1M

Processwire CMS version 2.4.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a16eb58aefe5f14c1f9c09c294a49bed
Ubuntu Security Notice USN-4616-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4616-1 - Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2018-14036, CVE-2020-16126, CVE-2020-16127
MD5 | 459484efda1c6062d667f1c0c7fe58a1
Ubuntu Security Notice USN-4614-1
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4614-1 - Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-16125
MD5 | 39b3740000f421ed649cff459f6228fa
Ubuntu Security Notice USN-4605-2
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4605-2 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. While a previous security update fixed the issue, this update provides additional improvements by enabling PolicyKit authentication for privileged commands. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-15238
MD5 | a1e9ea67ece2df45ff33e037fb695ef5
Red Hat Security Advisory 2020-4391-01
Posted Oct 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4391-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2020-10755
MD5 | d7d644f1e0cca176509c26368eef462f
Ubuntu Security Notice USN-4552-3
Posted Oct 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.

tags | advisory, local, root, python
systems | linux, ubuntu
advisories | CVE-2019-16729
MD5 | 632ca4e5ebf9fb3048aa8ec5c35d3c54
Red Hat Security Advisory 2020-4283-01
Posted Oct 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4283-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2020-10755
MD5 | 770ac2ee761092d1f8affbe880ff74f2
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
Posted Oct 28, 2020
Authored by Ivo Palazzolo

Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
advisories | CVE-2020-14864
MD5 | 067512dbc1fd13c960d6837eb1c78dd9
Blueman Local Root / Privilege Escalation
Posted Oct 28, 2020
Authored by Vaisha Bernard

Blueman versions prior to 2.1.4 suffer from a local privilege escalation vulnerability that achieves root.

tags | exploit, local, root
advisories | CVE-2020-15238
MD5 | d12eee8c984e0886c5230dcda82b9d70
Ubuntu Security Notice USN-4605-1
Posted Oct 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4605-1 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-15238
MD5 | c8704c3d9669c74ad12984c2c0623dc0
Sifter 10.5f
Posted Oct 26, 2020
Authored by s1l3nt78 | Site github.com

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Changes: Various updates.
tags | tool, remote, local, scanner, vulnerability
systems | unix
MD5 | 8df56851108239cc216beff14d5b8a3a
Page 6 of 550
Back45678Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    2 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    21 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close