exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-13

Fedora Linux SOCK_DIAG Local Root
Posted Mar 13, 2013
Authored by Thiebaud Weksteen

Local root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability.

tags | exploit, local, root
systems | linux, fedora
advisories | CVE-2013-1763
SHA-256 | 1ab629c5ad74a701d6a87ea1e2c30d5f307d18d3171c1f44adb7736878b5c4ba
Mandriva Linux Security Advisory 2013-024
Posted Mar 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-024 - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by this security flaw.

tags | advisory, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2013-0787
SHA-256 | e61b7c3cf6e2442b66fc8fa3431802d4c6cc8341aead4e8f91ed11c2d82ae1f3
Mandriva Linux Security Advisory 2013-023
Posted Mar 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-023 - Long line inputs could trigger a segfault in the sort, uniq and join utilities. The updated packages have been patched to correct these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
SHA-256 | 6f6b35d2bbd2840b2a3e41f95241250d6c792d13e18b3380d9ab2879d0fc34bd
Mandriva Linux Security Advisory 2013-022
Posted Mar 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-022 - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service by periodically making many new TCP connections. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, shell, tcp
systems | linux, mandriva
advisories | CVE-2010-5107, CVE-2012-0814
SHA-256 | bee473f9707063a23fbf49f1f2986f75bfe44988e5231b688428c1c9f062130b
Drupal Node Parameter Control 6.x Access Bypass
Posted Mar 13, 2013
Authored by Talbot

Drupal Node Parameter Control third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | a6fd0bf0a802d4d8be9ff88a955fa9cf9891236d1a13246be5bce6509c8a5f82
Red Hat Security Advisory 2013-0636-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2012-6075, CVE-2013-0166, CVE-2013-0169, CVE-2013-1619
SHA-256 | b9a7ef0ff18dd828c5d57c86d14d909fe246d0a7a1f774fcff12bfc8e24254c1
Red Hat Security Advisory 2013-0643-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0643-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.275.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375
SHA-256 | 81799c278148d560668a700315f0181cd4e6219f77615fb315bc0f17a14a6892
Linux Kernel SCTP_GET_ASSOC_STATS() Buffer Overflow
Posted Mar 13, 2013
Authored by Petr Matousek

Proof of concept code that demonstrates a stack-based buffer overflow in the Linux kernel SCTP_GET_ASSOC_STATS() function.

tags | exploit, overflow, kernel, proof of concept
systems | linux
advisories | CVE-2013-1828
SHA-256 | 588169341383534eb48214aef23de1ecd3b8f43f820fc7090163879acbcb9dc3
Technical Cyber Security Alert 2013-71A
Posted Mar 13, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-71A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 57a1a50ee9fe3afe65a25ff9a43f11074350efbbfde73afe59aa1e4ec0f27ceb
Ruby Gem Curl Command Execution
Posted Mar 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.

tags | exploit, remote, ruby
SHA-256 | c96fc864359b4f3b2f30998551d780075c8307fbf1c24791422f696b650146ef
Ruby Gem Minimagic Command Execution
Posted Mar 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.

tags | exploit, remote, code execution, ruby
SHA-256 | f3b4827a94b047303ccc02b88c3f74c2860bb4df87e899281dfb759760495123
Ruby Gem Fastreader 1.0.8 Command Execution
Posted Mar 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.

tags | exploit, remote, code execution, ruby
SHA-256 | 1fab775f0aafbbbde6c3e31e5072977d382d54542fa209d3fc109a74349d293a
Ubuntu Security Notice USN-1758-2
Posted Mar 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1758-2 - USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0787
SHA-256 | f4c52da91a0567cbf0ae3291c95b9297f94bf425fa956d9fa86f756330cb5173
Debian Security Advisory 2643-1
Posted Mar 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2643-1 - Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275
SHA-256 | 626b2c43b3fc60e5818364c42a1dce9ed4a162377a90fdd4f2f3cc47cac16b60
Ubuntu Security Notice USN-1760-1
Posted Mar 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1760-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, memory leak
systems | linux, ubuntu
advisories | CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773
SHA-256 | c3317eecf58e61478a36793dcf24f32a044bee7a9120041fb1d605b234c9c673
Ubuntu Security Notice USN-1759-1
Posted Mar 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1759-1 - It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could use this issue to possibly execute arbitrary code on the master. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1653, CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-1655, CVE-2013-2275, CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2275
SHA-256 | cccb65197566007976c698911967efc5871071adafb220b210b3946a8aba7461
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close