exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-02-26

Red Hat Security Advisory 2013-0567-01
Posted Feb 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0567-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0871
SHA-256 | df9e621f7456eb9a73a631da3e476442cdd07e31b345df61d337cbbb9670e4b8
Red Hat Security Advisory 2013-0568-01
Posted Feb 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0568-01 - dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-0292
SHA-256 | f115f8f456a5b073c3c794a1f1c4435ef97f30b0ff1398b9309a9019ea8e3fac
Ubuntu Security Notice USN-1750-1
Posted Feb 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1750-1 - Brad Spengler discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1763
SHA-256 | 73e13acda7d9d77b7969d9503affe8ed8dc750ce6f661c289555fcad458576a7
Mandriva Linux Security Advisory 2013-015
Posted Feb 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-015 - Multiple vulnerabilities has been found and corrected in apache. Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. XSS in mod_proxy_balancer manager interface. Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-3499, CVE-2012-4558
SHA-256 | 94833505f389d6e6209ac42e6b69342490887f9f5804bcc9728626e073cc31c9
Slackware Security Advisory - seamonkey Updates
Posted Feb 26, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 86d92b3b2f7a535d4a89c45c0eaa6ff4582c09480cde5f8f160d499eb9778223
Debian Security Advisory 2632-1
Posted Feb 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2632-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0231, CVE-2013-0871
SHA-256 | 54cf45d8989693da62afdd45038b3a32302b8109d2cab63de5e5015476212995
Kernel Attacks Through User-Mode Callbacks
Posted Feb 26, 2013
Authored by Tarjei Mandt

In this paper, the author discusses the many challenges and problems concerning user-mode callbacks in win32k. In particular, they show how win32k's dependency on global locks in providing a thread-safe environment does not integrate well with the concept of user-mode callbacks. Although many vulnerabilities related to user-mode callbacks have been addressed, their complex nature suggests that more subtle flaws might still be present in win32k. Thus, in an effort to mitigate some of the more prevalent bug classes, they conclusively provide some suggestions as to how users may protect themselves against future kernel attacks.

tags | paper, kernel, vulnerability
SHA-256 | 51d1563fd83b26e69b8116dfefd3de44db9d463eea1972b575297a33f15a2fc2
Brewthology 0.1 SQL Injection
Posted Feb 26, 2013
Authored by cr4wl3r

Brewthology version 0.1 remote SQL injection exploit that dumps the user table and leverages beerxml.php.

tags | exploit, remote, php, sql injection
SHA-256 | 2a468fd42e9ff8f4ed89e105b058173e97ccfb7bcac8a4635e83bb2d0588d739
Ubuntu Security Notice USN-1749-1
Posted Feb 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1749-1 - Brad Spengler discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1763
SHA-256 | 65bc984bc8f52390b39659cf092b4a628b4c705c08421d06c434a898eca785c6
Archlinux/x86-64 3.3.x-3.7.x x86-64 sock_diag_handlers[] Local Root
Posted Feb 26, 2013
Authored by sd

Local root exploit for Archlinux that allows an unprivileged user to take over control in kernel mode due to an out-of-bounds access of the sock_diag_handlers[] array. Works reliably against x86-64 3.3-3.7.

tags | exploit, x86, kernel, local, root
advisories | CVE-2013-1763
SHA-256 | 25f2aab0c8030a52582b1a4727080cb36afc4818b3e2b57e373fe61a918c940d
War FTP Daemon 1.82 Denial Of Service
Posted Feb 26, 2013
Authored by Jarle Aase | Site warftp.org

War FTP Daemon version 1.82 suffers from a denial of service vulnerability in the way log messages are relayed from the internal log handler to the Windows Event log when the server is running as a Windows service.

tags | advisory, denial of service
systems | windows
SHA-256 | cdae585737ae9a5399b6284d3c2f475b31f3286086f62769ba975f53fa17a9ad
Glossword 1.8.12 Arbitrary File Upload
Posted Feb 26, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.

tags | exploit, arbitrary, file upload
advisories | OSVDB-89960
SHA-256 | 6a00fc56bffca149e62d8602fbecdb81bf01e94e53c11f7eba4da3baed5c74a4
Ubuntu Security Notice USN-1748-1
Posted Feb 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1748-1 - Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Thunderbird. Frederik Braun discovered that Thunderbird made the location of the active browser profile available to JavaScript workers. Scripting for Thunderbird is disabled by default in Ubuntu. Various other issues were also addressed.

tags | advisory, remote, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0781, CVE-2013-0782, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
SHA-256 | 4295ba720441084e4395afdd80a04eadc905f04335128d2e3c50297585ec504e
Debian Security Advisory 2629-1
Posted Feb 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2629-1 - Multiple OpenJPEG issues have been addressed. Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow when decoding JPEG2000 images.

tags | advisory, overflow
systems | linux, redhat, debian
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
SHA-256 | f5a211f64f0275309bc3f98a01bf8d552052d9e43cec1d291991394d2ff0966e
Microsoft Windows OLE Automation Remote Code Execution
Posted Feb 26, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the "SysAllocStringLen()" function within the "Oleaut32.dll" (Object Linking and Embedding Automation) library, which could allow remote attackers to execute arbitrary code via a specially crafted web page or Office document.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
SHA-256 | 8e67f8b3f49e0baf5c8cdedac5b1335d0cde5c5ed9ab9eb564c2802292ccb781
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close