exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2014-12-10

Asterisk Project Security Advisory - AST-2014-019
Posted Dec 10, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the session was subsequently torn down this memory would get freed yet again causing a crash. Users of the WebSocket functionality also did not take into account that provided text frames are not guaranteed to be NULL terminated. This has been fixed in chan_sip and chan_pjsip in the applicable versions.

tags | advisory
MD5 | 199d71b570df3f72b699ecfa9a017dea
K7 Computing Multiple Products K7Sentry.sys Out-Of-Bounds Write
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Latest, and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the 'K7AV Sentry DeviceDriver', suffers from an out-of-bounds write condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results into vertical privilege escalation.

tags | advisory, kernel
advisories | CVE-2014-8956
MD5 | 956ce09feb65942d846b3c4289b18b37
FreeBSD Security Advisory - file / libmagic Denial Of Service
Posted Dec 10, 2014
Site security.freebsd.org

FreeBSD Security Advisory - There are a number of denial of service issues in the ELF parser used by file(1). An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can cause the application to crash or consume excessive CPU resources, resulting in a denial-of-service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
MD5 | 5c39786c6e9f552f14d38694736de171
K7 Computing Multiple Products Null Pointer Dereference
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

K7Sentry.sys kernel mode driver version 12.8.0.104 suffers from a null pointer dereference vulnerability.

tags | advisory, kernel
advisories | CVE-2014-8608
MD5 | f551bcf8c70d643944d917c9bea78db8
FreeBSD Security Advisory - stdio Buffer Overflow
Posted Dec 10, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A programming error in the standard I/O library's __sflush() function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write(2) system call returns an error. The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

tags | advisory, overflow, arbitrary
systems | freebsd
advisories | CVE-2014-8611
MD5 | a0b764641601f4e8629003f59b114d23
VMware Security Advisory 2014-0014
Posted Dec 10, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2014-8372
MD5 | 0b58c16885502b46248b3fcece3fe0b9
SGI Tempo Database Exposure
Posted Dec 10, 2014
Authored by John Fitzpatrick

It is possible for users of ICE-X supercomputers to gain access to backups of system configuration databases.

tags | exploit, info disclosure
advisories | CVE-2014-7303
MD5 | b0145c7764f82782216a3e18a44720cc
SGI Tempo Database Password Disclosure
Posted Dec 10, 2014
Authored by John Fitzpatrick

SGI Tempo systems expose a database password in the world readable /etc/odapw file.

tags | exploit, info disclosure
advisories | CVE-2014-7301
MD5 | 8a8adb713bcf5b950553995957aedf04
SGI Tempo vx Setuid Privilege Escalation
Posted Dec 10, 2014
Authored by Luke Jennings, John Fitzpatrick, MWR Labs

/opt/sgi/sgimc/bin/vx, a setuid binary on SGI Tempo systems, allows for privilege escalation.

tags | exploit
advisories | CVE-2014-7302
MD5 | e101f84019925fb5ab6fb2b018ce509b
Microsoft Security Bulletin Revision Increment For December, 2014
Posted Dec 10, 2014
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for December, 2014.

tags | advisory
MD5 | 228401c5f3980536451c1904f472954a
HP Security Bulletin HPSBMU03043 1
Posted Dec 10, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03043 1 - A potential security vulnerability has been identified in HP Smart Update Manager for Windows and Linux. The vulnerability could be exploited to allow the local disclosure of information. Revision 1 of this advisory.

tags | advisory, local
systems | linux, windows
advisories | CVE-2014-2608
MD5 | ca8101bafe053529396492ebe46e7c16
HP Security Bulletin HPSBST03106 2
Posted Dec 10, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03106 2 - A potential security vulnerability has been identified in the HP P2000 G3 MSA Array System, the HP MSA 2040 Storage, and the HP MSA 1040 Storage running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 8213f4bca976cbbda284fa980819dd7d
Ubuntu Security Notice USN-2436-2
Posted Dec 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2436-2 - USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | 860a665b86e1a6e77dbd269acc61c60a
Ubuntu Security Notice USN-2438-1
Posted Dec 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2438-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8091, CVE-2014-8098, CVE-2014-8298
MD5 | d69a6e0a541db991a854fed3b5992104
Debian Security Advisory 3095-1
Posted Dec 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3095-1 - Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102
MD5 | 7e84b0e3e7ca7ca2f66b9ddb5ebb5637
Red Hat Security Advisory 2014-1981-01
Posted Dec 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1981-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-27, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
MD5 | 5e69100b97c074d77dce731bbbc00e05
InfiniteWP SQL Injection / File Upload / Insecure Password Storage
Posted Dec 10, 2014
Authored by Walter Hop

InfiniteWP suffers from remote shell upload, insecure password storage, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, file upload
MD5 | 1962fb4d261a61f9e32a5e90d544209f
K7 Computing Multiple Products K7FWFilt.sys Privilege Escalation
Posted Dec 10, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Latest, and possibly earlier versions of K7FWFilt.sys kernel mode driver, also named as the 'K7Firewall Packet Driver', suffers from a heap overflow condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results in vertical privilege escalation.

tags | advisory, overflow, kernel
advisories | CVE-2014-7136
MD5 | 6c74b0a692b7c8164e09996bae322996
PuttyRider DLL Injection
Posted Dec 10, 2014
Authored by Adrian Furtuna

PuttyRider is a tool for performing dll injection of Putty and allows an attacker to inject Linux commands.

tags | tool
systems | linux, windows
MD5 | 6fbc12f018da7a4933bc2aab95d19a58
Mobilis 3G mobiconnect Privilege Escalation
Posted Dec 10, 2014
Authored by Hadji Samir

Mobilis 3G mobiconnect 3G++ ZD Server version 1.0.1.2 suffers from a trusted path privilege escalation vulnerability.

tags | exploit
MD5 | 41ccf8c7b91259531fd977cbaf4a81f6
NIELD (Network Interface Events Logging Daemon) 0.6.0
Posted Dec 10, 2014
Authored by t2mune | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules, and traffic control.

Changes: This release includes support for state of bridge port.
tags | tool, kernel, system logging
systems | unix
MD5 | 4350348aa27acd3d4aac2bbc87cc3eb3
VMware Security Advisory 2014-0013
Posted Dec 10, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0013 - VMware vCloud Automation Center (vCAC) product updates address a critical vulnerability in the vCAC VMware Remote Console (VMRC) function which could lead to a remote privilege escalation.

tags | advisory, remote
advisories | CVE-2014-8373
MD5 | 44176f2aef6d50e03d8ecc83fb819797
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close