exploit the possibilities
Showing 1 - 25 of 66 RSS Feed

Files Date: 2012-01-24

Red Hat Security Advisory 2012-0061-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0061-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-0056
MD5 | 2c7f6352637285cdd3fcf505c8de3db0
Red Hat Security Advisory 2012-0062-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
MD5 | 9ea950efb5794da0e621631a4deb253c
Red Hat Security Advisory 2012-0060-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0060-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
MD5 | 709f69e5769118d2d6d5fed19cf732ac
Red Hat Security Advisory 2012-0058-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0058-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2011-4609
MD5 | ae46ab93e5692fdf420a71e5fd8b7b5f
Red Hat Security Advisory 2012-0059-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0059-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619
MD5 | a636af2b52c38fc06f22d9c101925e8f
Ubuntu Security Notice USN-1346-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1346-1 - Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-0036
MD5 | e9d37387a1af50a4bbffd4fcb652979e
Joomla Jesubmit Shell Upload
Posted Jan 24, 2012
Authored by Robert Cooper

The Joomla Jesubmit component suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 09b63779ca8a258c22282c0d527ce905
A Backdoor In The Next Generation Active Directory
Posted Jan 24, 2012
Authored by Dmitriy Evteev

This is a brief whitepaper called A Backdoor in the Next Generation Active Directory.

tags | paper
MD5 | 4322964f07c8caf1a4bd6cd89912fef5
Stoneware WebNetwork6 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 24, 2012
Authored by Jacob Holcomb

Stoneware WebNetwork6 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2012-0285, CVE-2012-0286
MD5 | 410c8e4b6faf31dc32c91fa135a2682b
Linux 64-Bit Stack Pointer Underflow
Posted Jan 24, 2012
Authored by teach

Local root exploit for Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms that leverages a flaw in the compat_alloc_user_space functions.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2010-3081
MD5 | fe099495f6779df14bbb29db41b292ee
Linux 2.6.18 udp_sendmsg Local Root
Posted Jan 24, 2012
Authored by teach

Local root exploit that affects Linux kernel versions up to 2.6.18. It takes advantage of a flaw in the udp_sendmsg function.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2009-2698
MD5 | 59d8386395f746baeb1ed0d939512f3a
Ultimate Locator SQL Injection
Posted Jan 24, 2012
Authored by Robert Cooper

Ultimate Locator suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 284e3d923f227596446886cb106707d7
Alkon Consulting Group SQL Injection
Posted Jan 24, 2012
Authored by Skote Vahshat

Alkon Consulting Group suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 366cfaca10cc4683e15d5d72af718cda
DataArmor / DriveArmor Privilege Escalation
Posted Jan 24, 2012
Authored by Stuart Passe | Site ngssoftware.com

DataArmor versions 3.0.10 and above and DriveArmor versions 3.0.0 and above suffer from restricted environment breakout, privilege escalation and full disk encryption vulnerabilities.

tags | advisory, vulnerability
MD5 | 37dfc6d09f0fc97a5cf4f29fff834973
UltraPlayer 2.112 Buffer Overflow
Posted Jan 24, 2012
Authored by KedAns-Dz

UltraPlayer version 2.112 stack buffer overflow exploit that creates a malicious .m3u file that will trigger a reverse shell.

tags | exploit, overflow, shell
MD5 | 29b400cba8275eb0700ec0e803dd527f
UltraPlayer 2.112 Denial Of Service
Posted Jan 24, 2012
Authored by KedAns-Dz

UltraPlayer version 2.112 local crash exploit that creates a malicious .avi file.

tags | exploit, local
MD5 | 8e50facde9fc9a93cfdb531b9770453e
Nuit Du Hack 2012 Call For Papers
Posted Jan 24, 2012
Authored by Nuit Du Hack CFP

The Nuit Du Hack Call For Papers has been announced. It will be held June 23rd, 2012 at the Disneyland Paris Conference Centre.

tags | paper, conference
MD5 | 69f9dfa8aa9023b57716d506351a8a02
Ubuntu Security Notice USN-1343-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1343-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
MD5 | 0f8571925867199abb232af84ec0af74
Ubuntu Security Notice USN-1345-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1345-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-2203, CVE-2011-4110
MD5 | 039e84ec4a32ff402e597c6c545b255e
Ubuntu Security Notice USN-1344-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1344-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-2203, CVE-2011-4110
MD5 | bbdc00be4a164e6e4a907bdeafaa589f
glFusion CMS 1.2.2 Shell Upload / SQL Injection
Posted Jan 24, 2012
Authored by KedAns-Dz

glFusion CMS version 1.2.2 suffers from shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 92bc08f7211c745ea9b227f006f98110
Dark D0rk3r 0.4
Posted Jan 24, 2012
Authored by baltazar

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.

Changes: Various updates.
tags | tool, local, scanner, sql injection, python, file inclusion
systems | unix
MD5 | 805a42d36e42f5901d0a6497306713a7
Joomla Advert SQL Injection
Posted Jan 24, 2012
Authored by the_cyber_nuxbie

The Joomla Advert component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e462fc413fcb78a100f7707bf01849aa
Joomla Welcome Local File Inclusion
Posted Jan 24, 2012
Authored by the_cyber_nuxbie

The Joomla Welcome component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 926cf83153bece9c8f9e76be320e2174
Joomla Funny News Local File Inclusion
Posted Jan 24, 2012
Authored by the_cyber_nuxbie

The Joomla Funny News component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 38edbe7eaf59fc1e34a5b1d655fd977a
Page 1 of 3
Back123Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close