exploit the possibilities
Showing 1 - 25 of 41 RSS Feed

Files Date: 2013-11-21

DesktopCentral AgentLogUpload Arbitrary File Upload
Posted Nov 21, 2013
Authored by Thomas Hibbert | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in DesktopCentral 8.0.0 below build 80293. A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution.

tags | exploit, web, arbitrary, root, code execution, file upload
SHA-256 | a58c7e48a0560ea998d7234b701c9f96d4b2b76ae74d19faf4f38e4420896922
Debian Security Advisory 2801-1
Posted Nov 21, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2801-1 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.

tags | advisory, web, perl
systems | linux, debian
advisories | CVE-2013-4407
SHA-256 | ab519a2ad25a4dd355fa972fa98e656f4b1f2cc7c32d2e60a9114ecd18c29725
Facebook Friends Disclosure
Posted Nov 21, 2013
Authored by Irene Abezgauz

Facebook suffers from a private friend list disclosure vulnerability via the People You May Know functionality.

tags | exploit, info disclosure
SHA-256 | d030133808977a7f18f69a66e094c58123568c276c0c6c0b10cd9d391b0dd11f
Red Hat Security Advisory 2013-1615-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1615-02 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers.

tags | advisory, remote, web, spoof, php
systems | linux, redhat
advisories | CVE-2006-7243, CVE-2013-1643, CVE-2013-4248
SHA-256 | e9c43b76ec5610e3455ac53f39d2e0ecc1fbdf12915676ffe3014f05ce897df2
Red Hat Security Advisory 2013-1569-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1569-02 - Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3559, CVE-2013-3561, CVE-2013-4081, CVE-2013-4083, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934
SHA-256 | 7f3f7798dc92e097ef305e4b1e31fdf494b6ba631fb4d04aeb99e0eeff06aeea
Red Hat Security Advisory 2013-1582-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1582-02 - Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.

tags | advisory, spoof, python
systems | linux, redhat
advisories | CVE-2013-4238
SHA-256 | 5318bfc58a04f6c630a98000db359d1fd38a86056966b53d50fec165f8a5e4e4
Red Hat Security Advisory 2013-1540-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1540-02 - Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2013-4166
SHA-256 | 9fb326f3b1b47a580643bac3c257f224e35acd6f987a04d2349a2234d18d3e18
Red Hat Security Advisory 2013-1553-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1553-02 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | linux, redhat
advisories | CVE-2013-4344
SHA-256 | 345c5293e46bc430ccaa14628978829b0fc3469e03734f2a2879bd54beda014f
Red Hat Security Advisory 2013-1543-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1543-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. Note: This issue did not affect the default configuration of the Samba server.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2013-4124
SHA-256 | 46c5800f1d860d2fb58a17790ac3e3d0fc87f12c834aa604c4d748102d5f7295
Red Hat Security Advisory 2013-1757-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1757-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-2487
SHA-256 | 32c2122e8a7193d79725dce73ae920676d3ef68ab4465ddf8c15705506156034
Mandriva Linux Security Advisory 2013-278
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-278 - Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream. The updated packages has been upgraded to the 3.6.20 version which resolves various upstream bugs and is not vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-4475
SHA-256 | b31f82e0966c17284644296fbef37274eca0094d10a4659c90eb51bbaec2833c
Mandriva Linux Security Advisory 2013-274
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-274 - A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2806, CVE-2013-6629, CVE-2013-6630
SHA-256 | a699eb9668adc83d9e220126707f88b19e9c60554afb68016efe762bd8825c95
Mandriva Linux Security Advisory 2013-276
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-276 - Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4545
SHA-256 | 2c78af201db1bef05c4d5d012d53ff1328f14122e461d40a5c38c8ccb71ff218
Mandriva Linux Security Advisory 2013-277
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-277 - lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. In lighttpd before 1.4.34, if setuid() fails for any reason, for instance if an environment limits the number of processes a user can have and the target uid already is at the limit, lighttpd will run as root. A user who can run CGI scripts could clone() often; in this case a lighttpd restart would end up with lighttpd running as root, and the CGI scripts would run as root too. In lighttpd before 1.4.34, if fam is enabled and there are directories reachable from configured doc roots and aliases on which FAMMonitorDirectory fails, a remote client could trigger a DoS.

tags | advisory, remote, cgi, root
systems | linux, mandriva
advisories | CVE-2013-4508, CVE-2013-4559, CVE-2013-4560
SHA-256 | 6d54d7717fee044facf5cc6be20d74bfb730c37e562ce656133448445748efee
Red Hat Security Advisory 2013-1537-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1537-02 - Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-0786, CVE-2012-0787
SHA-256 | 5008f7320f7881f778fae0bc5fea8d996161320e3e8f604577f7896737be6bb3
Mandriva Linux Security Advisory 2013-275
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-275 - If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1418
SHA-256 | dc59648ec9fe44b636fcb6b1a8f71f58309d9bc6c508a60ef278263afb5d7b85
Mandriva Linux Security Advisory 2013-272
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-272 - Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploits may result in denial-of-service conditions. Poppler was found to have a user controlled format string vulnerability because it fails to sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4473, CVE-2013-4474
SHA-256 | 01f1f6815c08ca4c3c51d4b15d1497e2630f7357152d5fc3f03cf443ba07f38b
Mandriva Linux Security Advisory 2013-271
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-271 - The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to bsd.lib.mk and bsd.prog.mk.

tags | advisory, arbitrary, local
systems | linux, netbsd, bsd, mandriva
advisories | CVE-2011-1920
SHA-256 | dd6ff5a136347b3053ebbbda605e0be6517aff4b83c128f53148a143c2f059fa
Mandriva Linux Security Advisory 2013-273
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-273 - libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component in presence of valid chroma data. libjpeg-turbo will use uninitialized memory when handling Huffman tables.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | 5ab93357e99a13fa424ef091ade9a5dad87aacf8255791e14c00578bc7cd0c4e
Ubuntu Security Notice USN-2032-1
Posted Nov 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2032-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607
SHA-256 | 9aa88e3eda8943f778c88e0749132dc9a27173331f5b3c38f6fcee613a0b6504
Red Hat Security Advisory 2013-1754-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1754-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Virtualization Manager. A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4344
SHA-256 | aa31bff7997a6a28ade769be214c9176656adc59509cac112ebd996d0e7833ee
Red Hat Security Advisory 2013-1527-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1527-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2010-5107, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-4238, CVE-2013-4344
SHA-256 | 14c05f5415b232ba5013430dc6302052cda7f8421372edc37ce49c0008e3a968
Red Hat Security Advisory 2013-1753-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1753-01 - The redhat-ds-base packages provide Red Hat Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the Red Hat Directory Server did not properly handle certain Get Effective Rights search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the Red Hat Directory Server could cause it to crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-4485
SHA-256 | 5b8559c1c646e6733875d75f877cdff2a226c1740058ecaee6c40c29d1d6dd4d
Red Hat Security Advisory 2013-1752-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1752-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-4485
SHA-256 | 20a8d6d2869bfb3ed8d47cd06a93bce63301dddd20e9086a8e255a4e2fe0d15c
Red Hat Security Advisory 2013-1661-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1661-02 - Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications.

tags | advisory, remote, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2012-4516, CVE-2013-2561
SHA-256 | 8089e1d7759d7d5835e5734d3452f0ae3908b2bd35c8eb8f9983af0f999e5ebf
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close