what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-08-10

EyeLock nano NXT 3.5 Remote Root
Posted Aug 10, 2016
Authored by LiquidWorm | Site zeroscience.mk

EyeLock's nano NXT firmware latest version 3.5 (released 25.07.2016) suffers from multiple unauthenticated command injection vulnerabilities. The issue lies within the 'rpc.php' script located in the '/scripts' directory and can be triggered when user supplied input is not correctly sanitized while updating the local time for the device and/or get info from remote time server. The vulnerable script has two REQUEST parameters 'timeserver' and 'localtime' that are called within a shell_exec() function for setting the local time and the hardware clock of the device. An attacker can exploit these conditions gaining full system (root) access and execute OS commands on the affected device by injecting special characters to the affected parameters and further bypass the access control in place.

tags | exploit, remote, local, root, php, vulnerability
SHA-256 | 2db3de6e6596a89e57769cef80da46c6a4c1cf11032cf1f05060be7c5da869f6
EyeLock nano NXT 3.5 Local File Disclosure
Posted Aug 10, 2016
Authored by LiquidWorm | Site zeroscience.mk

nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.

tags | exploit, local, php
SHA-256 | 1f2f82965c87acd146118e4dc36df0cfd90aa6f1adef76742db3642b5c89a599
EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation
Posted Aug 10, 2016
Authored by LiquidWorm | Site zeroscience.mk

EyeLock Myris version 3.3.2 suffers from an unquoted search path issue impacting the service 'MyrisService' for Windows deployed as part of Myris solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
SHA-256 | 9944b9c11776ab7fd7b3d7678b418928869f0f411d1520d8bd1bf55a41f75093
LINE Instant Messenger Pre-June 2016 SSRF / Authorization Bypass
Posted Aug 10, 2016
Authored by P. Morimoto | Site sec-consult.com

LINE Instant Messenger versions before June 2016 suffer from authorization bypass and server-side request forgery vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 8b06a080228cc5d67268fee0ebddc5be63e937694570091aeb595350317d2067
Microsoft Security Bulletin Summary For August, 2016
Posted Aug 10, 2016
Site microsoft.com

This bulletin summary lists nine released Microsoft security bulletins for August, 2016.

tags | advisory
SHA-256 | b7358893d5f134b0f91ecae238c6f7ef22ff96c7545eafb4fcfcef4b3e2a7e97
Ubuntu Security Notice USN-3050-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3050-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3134, CVE-2016-3961, CVE-2016-4470, CVE-2016-5243
SHA-256 | 25d3e707bc3e04dc34cc4046ae0bd60268ea7d5bb3ac12b317f68afd34cc10d8
Ubuntu Security Notice USN-3051-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3051-1 - It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after a n error condition occurred. A local attacker could use this to cause a denial of service. Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4470, CVE-2016-5243
SHA-256 | 6a2979ef146941bff45ef030836a1ac3c64a52306361f465ba3afdff4daf283a
Red Hat Security Advisory 2016-1586-01
Posted Aug 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1586-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5403
SHA-256 | 4c1d1bc40e1e6367d724a8cda0f1bfc794595fdf5ac299d28294505a3b85e0e3
Red Hat Security Advisory 2016-1585-01
Posted Aug 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1585-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5403
SHA-256 | a9d0e3ffdd3d3da840f2c103a322b0f6f9596d929626d1f1a99fbffe30c5cd59
Ubuntu Security Notice USN-3057-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3057-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3135, CVE-2016-4470, CVE-2016-4794, CVE-2016-5243
SHA-256 | 030e1271bb7566a819d82ae5638f21d1a8b8bbeb3b2002fca12d928335283dcb
Ubuntu Security Notice USN-3056-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3056-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3135, CVE-2016-4470, CVE-2016-4794, CVE-2016-5243
SHA-256 | 5a5993fff7c587291f866734e6a557eea74f65989a06449853d48bcfa78b8f7d
Ubuntu Security Notice USN-3054-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3054-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a deni al of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3135, CVE-2016-4470, CVE-2016-4794, CVE-2016-5243
SHA-256 | 986a7a499ec97cecc4959f3265ef183088e85d94ade8531bcecc680ad7399f86
Ubuntu Security Notice USN-3055-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3055-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3135, CVE-2016-4470, CVE-2016-4794, CVE-2016-5243
SHA-256 | cf8c4be620feb49866d70f13c5c9925d654ba881ecacc4029183bc41fcb626f0
Ubuntu Security Notice USN-3053-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3053-1 - A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-1237, CVE-2016-4470, CVE-2016-4794, CVE-2016-5243
SHA-256 | 868205ccfbb5b02685dc08d99775077c773f785d462ef9352d2b3cec71ffebc3
Ubuntu Security Notice USN-3049-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3049-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3134, CVE-2016-3961, CVE-2016-4470, CVE-2016-5243
SHA-256 | 2b1009ae36d1ddcfe36aada07f3b8fd8c1364c30c25979dfd492e6fd7e67f232
Ubuntu Security Notice USN-3052-1
Posted Aug 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3052-1 - It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Kangjie Lu discovered an information leak in the netlink implementation o f the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4470, CVE-2016-5243
SHA-256 | b8de8320f66e8abd1152325a365a4aade72e43e9d61f7e60e750b220bdff2663
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close