what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 17,214 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-7126-1
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7126-1 - It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
SHA-256 | cdd94a4f3569687a23d5f90580cbb143f94576b6385e0c33dfac46abdac253a6
Ubuntu Security Notice USN-7127-1
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7127-1 - It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
SHA-256 | 8eab9b3c18eec9367e7c8330678731ff248eafd1a6652553de40ab2d374e7f6e
Ubuntu Security Notice USN-7125-1
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7125-1 - It was discovered that RapidJSON incorrectly parsed numbers written in scientific notation, leading to an integer underflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-38517
SHA-256 | 5959e05a4f919e8c421949a58be5b383c74c195a0627c0a6b62be2aa7a5df935
Ubuntu Security Notice USN-7129-1
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7129-1 - It was discovered that TinyGLTF performed file path expansion in an insecure way on certain inputs. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-3008
SHA-256 | 43b97184d979319f1754c2eac1453cd4112977dacc04a1b4e5f6bf6b99ea7ad7
Ubuntu Security Notice USN-7117-2
Posted Nov 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7117-2 - USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem. Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 6045c90f6a06c6c706541b8ae686bc492ee7f2e736d368452534e35f1f2ef3cc
Debian Security Advisory 5817-1
Posted Nov 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5817-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-11110, CVE-2024-11111, CVE-2024-11112, CVE-2024-11113, CVE-2024-11114, CVE-2024-11115, CVE-2024-11116, CVE-2024-11117, CVE-2024-11395
SHA-256 | 8bc594abf735e22959a49511e3a91ff6c647f6a7177161ba0f70782c58881269
Judge0 Sandbox Escape
Posted Nov 21, 2024
Authored by Takahiro Yokoyama | Site metasploit.com

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox.

tags | exploit, arbitrary, code execution
advisories | CVE-2024-28185, CVE-2024-28189
SHA-256 | a1ba2cf035b4baf95b438349ee60b5d61abfbe14ea74073871109b698ce41265
Debian Security Advisory 5816-1
Posted Nov 20, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5816-1 - The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.

tags | advisory, arbitrary, shell, perl
systems | linux, debian
advisories | CVE-2024-10224
SHA-256 | be57e41b4a34c57cf7b234b08605df86cb03fd9a15befc05712e6544727af3bb
Debian Security Advisory 5815-1
Posted Nov 20, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).

tags | advisory, arbitrary, local, root, perl, vulnerability, python, ruby
systems | linux, debian
advisories | CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3
Ubuntu Security Notice USN-7123-1
Posted Nov 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7123-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, x86, kernel
systems | linux, ubuntu
advisories | CVE-2022-48666, CVE-2023-52757, CVE-2023-52889, CVE-2023-6610, CVE-2024-25744, CVE-2024-26661, CVE-2024-26669, CVE-2024-26800, CVE-2024-38577, CVE-2024-38602, CVE-2024-38611, CVE-2024-40915, CVE-2024-41011, CVE-2024-41012
SHA-256 | 0f33e2b0d9d4e9003aac62a268df3eec34205925efe7c3aefc683aecc1fe44d6
Ubuntu Security Notice USN-7117-1
Posted Nov 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7117-1 - Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands.

tags | advisory, arbitrary, shell, local, root, perl
systems | linux, ubuntu
advisories | CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 243f9908492121d33be291aab7ae169001482e1d128c0417a2f83b5ed1d56c6e
Ubuntu Security Notice USN-7116-1
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.

tags | advisory, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2024-9287
SHA-256 | 446a88199d9186d03c7cdc7b5e4b83cd8d96c3cfc050d5bbded309e03b02cb0c
Ubuntu Security Notice USN-7113-1
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2024-44244
SHA-256 | dd5f06682ca93a1fe2093e0af57570ec9766114fd67a9256775ecb3b152853a5
Pyload Remote Code Execution
Posted Nov 18, 2024
Authored by Spencer McIntyre, jheysel-r7 | Site metasploit.com

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.

tags | exploit, remote, arbitrary, javascript, code execution, python
advisories | CVE-2024-28397, CVE-2024-39205
SHA-256 | 80427d657de061fee48a9f5adbb6c131d9fca4ddd53f67cf67ca1b3ed439fddd
Gentoo Linux Security Advisory 202411-09
Posted Nov 18, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202411-9 - Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected.

tags | advisory, arbitrary, perl, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-36770, CVE-2023-31486, CVE-2023-47038
SHA-256 | 3595d9ddc5c7b57b0fc6a001f6671c27b47cdadd1a00fb459436bae50b95624c
Gentoo Linux Security Advisory 202411-07
Posted Nov 18, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202411-7 - A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution. Versions greater than or equal to 10.3.0 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2024-28219
SHA-256 | f33ea09ad2289f635434f7ee97a896c3bcb59965736b5163ab8e08d19639a6af
Debian Security Advisory 5812-1
Posted Nov 18, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5812-1 - Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
SHA-256 | abb6dfdb39e0f1210c77d3a3255391005a7200482ed21d2007d66c5cb1de9267
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
Posted Nov 14, 2024
Authored by Andreas Kolbeck, Steffen Robertz | Site sec-consult.com

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.

tags | exploit, arbitrary, local
advisories | CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879
SHA-256 | f3ace4f4cb5b84a560a9593357976ec236f7e116327a16dffefa142cb8440217
GravCMS 1.10.7 Arbitrary YAML Write / Update
Posted Nov 14, 2024
Site github.com

Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-21425
SHA-256 | 5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32
Ubuntu Security Notice USN-7107-1
Posted Nov 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7107-1 - It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-45853
SHA-256 | b29823bfaf7715177aa099252dea5c17d60d20ee2a13e95c6592b075179da5bc
Ubuntu Security Notice USN-7100-2
Posted Nov 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, arbitrary, x86, kernel
systems | linux, ubuntu
advisories | CVE-2022-48666, CVE-2024-25744, CVE-2024-26607, CVE-2024-26669, CVE-2024-26893, CVE-2024-36484, CVE-2024-38577, CVE-2024-38602, CVE-2024-38611, CVE-2024-39472, CVE-2024-40915, CVE-2024-41011, CVE-2024-41012, CVE-2024-41017
SHA-256 | 163422edaa457d7b18dd68f3c52d86764e74e2b0d95f740cb2caa422b41f81a3
Debian Security Advisory 5810-1
Posted Nov 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5810-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-10826, CVE-2024-10827
SHA-256 | d32a922b2a8d1eb876c604388b3eb6f5ddd165adb14cc7d91e3d4b65f709a256
Debian Security Advisory 5811-1
Posted Nov 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5811-1 - An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2024-10573
SHA-256 | d8e041870369384cf1c57cd3b97f22c616a739f5c0a8d9d88154d1d723d68857
Debian Security Advisory 5808-1
Posted Nov 11, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5808-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956
SHA-256 | e70bdb1f83b40c199ddc64cb93137bbf95782aeb413c59e47cefffa7b6c905fd
Ubuntu Security Notice USN-7100-1
Posted Nov 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7100-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, arbitrary, x86, kernel
systems | linux, ubuntu
advisories | CVE-2022-48666, CVE-2024-25744, CVE-2024-26607, CVE-2024-26800, CVE-2024-26893, CVE-2024-36484, CVE-2024-38577, CVE-2024-38602, CVE-2024-38611, CVE-2024-39472, CVE-2024-40915, CVE-2024-41012, CVE-2024-41015, CVE-2024-41020
SHA-256 | 149202c681713c94c011a6f610cf658675b27f1348643a377029ea858ada57be
Page 1 of 689
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close