what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files Date: 2013-11-14

VMware Security Advisory 2013-0013
Posted Nov 14, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0013 - VMware has updated VMware Workstation and VMware Player to address a vulnerability that could result in an escalation of privilege on Linux-based host machines.

tags | advisory
systems | linux
advisories | CVE-2013-5972
MD5 | 41cacf9cd8dab09fc3110a722aa1075c
Windows SYSTEM Escalation Via KiTrap0D
Posted Nov 14, 2013
Authored by H D Moore, Pusscat, Tavis Ormandy, OJ Reeves | Site metasploit.com

This Metasploit module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll and is not supported on x64 editions of Windows.

tags | exploit, x86
systems | windows
advisories | CVE-2010-0232, OSVDB-61854
MD5 | 684211c5a525c2bc561700bd9d39783b
Red Hat Security Advisory 2013-1523-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1523-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2013-4287
MD5 | 37ba023f6ba2e50d4b657b1b3cab25d1
Dahua DVR Authentication Bypass
Posted Nov 14, 2013
Authored by Jake Reynolds

Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Included in this archive is the advisory and a metasploit module proof of concept exploit.

tags | exploit, web, proof of concept, bypass
systems | linux
advisories | CVE-2013-6117
MD5 | 501768ec227d359ee51100950980b2fa
Red Hat Security Advisory 2013-1522-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1522-01 - The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ It was found that Foreman did not correctly sanitize values of the "fqdn" and "hostgroup" parameters, allowing an attacker to provide a specially crafted value for these parameters and perform an SQL injection attack.

tags | advisory, web, sql injection
systems | linux, redhat
advisories | CVE-2013-4386
MD5 | 8c45223e1c2bea6a78b250a36a5d909f
Android 4.3 Superuser Root Privilege Escalation
Posted Nov 14, 2013
Authored by Kevin Cernekee

The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root.

tags | exploit, root
advisories | CVE-2013-6770
MD5 | cab574fac28988da41223f59f6b75439
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
Posted Nov 14, 2013
Authored by Pedro Andujar

Checkpoint Endpoint Security Media Encryption Explorer version 4.97.2 (Endpoint Security R73) contains two issues which can help to bypass the failed password attempts limit established in the password policy.

tags | advisory, bypass
advisories | CVE-2013-5635, CVE-2013-5636
MD5 | da697a63cf1a11164411d7832782e2b0
Red Hat Security Advisory 2013-1521-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1521-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was discovered that the django.utils.http.is_safe_url() function considered any URL that used a scheme other than HTTP or HTTPS as safe. An attacker could potentially use this flaw to perform cross-site scripting attacks. A directory traversal flaw was found in Django's "ssi" template tag, which takes a file path as input and outputs that file's contents. An attacker able to alter templates that made use of the "ssi" tag on a site could use this flaw to access any local files accessible to Django.

tags | advisory, web, local, xss, python
systems | linux, redhat
advisories | CVE-2013-4315, CVE-2013-6044
MD5 | 13750663691177ae03c341f7675a7387
Red Hat Security Advisory 2013-1520-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1520-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces; this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-4162, CVE-2013-4299
MD5 | 3c1cc82e14cf78f8008f59c252fe2f92
Watermark Master 2.2.23 Buffer Overflow
Posted Nov 14, 2013
Authored by Mike Czumak

Watermark Master version 2.2.23 .wstyle buffer overflow exploit that uses SEH.

tags | exploit, overflow
MD5 | ee686f18b2e4337576b22933cc1218c0
Android 4.2.x Superuser Shell Character Escape
Posted Nov 14, 2013
Authored by Kevin Cernekee

Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root. These issues are due to a shell character escape vulnerability.

tags | exploit, arbitrary, shell, root
advisories | CVE-2013-6769
MD5 | b803657f82e503af96c8795ca5ee2470
Android 4.2.x Superuser Unsanitized Environment
Posted Nov 14, 2013
Authored by Kevin Cernekee

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. This advisoriy documents PATH and BOOTCLASSPATH vulnerabilities.

tags | exploit, arbitrary, root
advisories | CVE-2013-6768, CVE-2013-6774
MD5 | d2bb212a9239dd2ba2999c47e10064c9
Debian Security Advisory 2797-1
Posted Nov 14, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2797-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, and other implementation errors may lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
MD5 | 0d2009d8531510db943b2a4ab6d0b635
Debian Security Advisory 2796-1
Posted Nov 14, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2796-1 - Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4495
MD5 | 83c14aed280ac5e395de295d310e29fb
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    1 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close