Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-13

Fedora Linux SOCK_DIAG Local Root
Posted Mar 13, 2013
Authored by Thiebaud Weksteen

Local root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability.

tags | exploit, local, root
systems | linux, fedora
advisories | CVE-2013-1763
MD5 | db70235620077d66d28b44e3310924f7
Mandriva Linux Security Advisory 2013-024
Posted Mar 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-024 - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by this security flaw.

tags | advisory, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2013-0787
MD5 | b1c52931c7f6f222f30d40bcd2048820
Mandriva Linux Security Advisory 2013-023
Posted Mar 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-023 - Long line inputs could trigger a segfault in the sort, uniq and join utilities. The updated packages have been patched to correct these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
MD5 | de75def23d4491e56fdeeae907fd91ad
Mandriva Linux Security Advisory 2013-022
Posted Mar 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-022 - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service by periodically making many new TCP connections. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, shell, tcp
systems | linux, mandriva
advisories | CVE-2010-5107, CVE-2012-0814
MD5 | 80b13dcfaf55cd05e7d4ca0be0ce9417
Drupal Node Parameter Control 6.x Access Bypass
Posted Mar 13, 2013
Authored by Talbot

Drupal Node Parameter Control third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 54623cdfe252a0629ce7b0113604b217
Red Hat Security Advisory 2013-0636-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2012-6075, CVE-2013-0166, CVE-2013-0169, CVE-2013-1619
MD5 | 88beca4dd1c8934b33bc0e3bb7709c10
Red Hat Security Advisory 2013-0643-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0643-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.275.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375
MD5 | 7bb71e053299e8080bfcf54938dc30b9
Linux Kernel SCTP_GET_ASSOC_STATS() Buffer Overflow
Posted Mar 13, 2013
Authored by Petr Matousek

Proof of concept code that demonstrates a stack-based buffer overflow in the Linux kernel SCTP_GET_ASSOC_STATS() function.

tags | exploit, overflow, kernel, proof of concept
systems | linux
advisories | CVE-2013-1828
MD5 | 77caec34a2d8fc6c303fc4b914387343
Technical Cyber Security Alert 2013-71A
Posted Mar 13, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-71A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
MD5 | bd01cf556ad5bbf271bc892039bfc441
Ruby Gem Curl Command Execution
Posted Mar 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.

tags | exploit, remote, ruby
MD5 | aa54ae67e0017e2fa2514c2e70b1c3d1
Ruby Gem Minimagic Command Execution
Posted Mar 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.

tags | exploit, remote, code execution, ruby
MD5 | 5b1afc06635d5c0dc1c6217aa0ea2640
Ruby Gem Fastreader 1.0.8 Command Execution
Posted Mar 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.

tags | exploit, remote, code execution, ruby
MD5 | 38729ad241ac5c64fde17ae6de9e1a3d
Ubuntu Security Notice USN-1758-2
Posted Mar 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1758-2 - USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0787
MD5 | a8e0015cb19487bba241c42ce0322226
Debian Security Advisory 2643-1
Posted Mar 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2643-1 - Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275
MD5 | 8cf673e2374b63046ab5ea295329d2a7
Ubuntu Security Notice USN-1760-1
Posted Mar 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1760-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, memory leak
systems | linux, ubuntu
advisories | CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773
MD5 | bf974e96001c4add92de0057fa912944
Ubuntu Security Notice USN-1759-1
Posted Mar 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1759-1 - It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could use this issue to possibly execute arbitrary code on the master. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1653, CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-1655, CVE-2013-2275, CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2275
MD5 | fa66a897bab2ba49bc57160f555c04c7
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close