exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 47 of 47 RSS Feed

Files Date: 2012-09-14 to 2012-09-15

Linux udev Netlink Local Privilege Escalation
Posted Sep 14, 2012
Authored by Kingcope, Jon Oberheide, egypt | Site metasploit.com

Versions of udev < 1.4.1 do not verify that netlink messages are coming from the kernel. This allows local users to gain privileges by sending netlink messages from userland.

tags | exploit, kernel, local
advisories | CVE-2009-1185
SHA-256 | a339530d415e4d147ac5e6556a603790385a27c54518e11e95069181161f0615
qdPM 7 Arbitrary PHP File Upload
Posted Sep 14, 2012
Authored by loneferret, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in qdPM - a web-based project management software. The user profile's photo upload feature can be abused to upload any arbitrary file onto the victim server machine, which allows remote code execution. Please note in order to use this module, you must have a valid credential to sign in.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-82978
SHA-256 | f5f6ba93d6feeeed1d320115b76b89c669688a7089990888c0aafa5f2993314c
Ubuntu Security Notice USN-1565-1
Posted Sep 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1565-1 - Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2012-3540
SHA-256 | 812f48cccf540f40acdfa9f208f5a9fc6997a10f42d0192b5df2b1fe2ec4f1e2
Ubuntu Security Notice USN-1564-1
Posted Sep 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1564-1 - Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-4413
SHA-256 | a0585a27790aa493dcd3b0422e1b3b22791dccdfb16386176e89ac47dfb086ff
Debian Security Advisory 2548-1
Posted Sep 14, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2548-1 - Severel vulnerabilities have been discovered in Tor, an online privacy tool.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3518, CVE-2012-3519, CVE-2012-4419
SHA-256 | 7c12c1bb198059f418d98a783d17c970ceac8c78f4b178312dd97b0621450b41
Red Hat Security Advisory 2012-1265-01
Posted Sep 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1265-01 - libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871
SHA-256 | 9920cb411b2c3aa2362ffe225a52581712a70d0901996f2acabf529dcdc400d4
Red Hat Security Advisory 2012-1263-01
Posted Sep 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1263-01 - PostgreSQL is an advanced object-relational database management system. It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations. An unprivileged database user could use this flaw to read and write to local files and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query.

tags | advisory, remote, local
systems | linux, redhat
advisories | CVE-2012-3488, CVE-2012-3489
SHA-256 | 56815e3f6c74e90aad1fc30e0b05b48e7a3e672cd78f7b2f9630ab9db203ab87
Red Hat Security Advisory 2012-1264-01
Posted Sep 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1264-01 - PostgreSQL is an advanced object-relational database management system. It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations. An unprivileged database user could use this flaw to read and write to local files and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query.

tags | advisory, remote, local
systems | linux, redhat
advisories | CVE-2012-3488
SHA-256 | 9529a3b496c076b9fdf2ba1c92ec057945d0620a3e4c76543bddf61155b5f5b9
Red Hat Security Advisory 2012-1261-01
Posted Sep 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1261-01 - D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library. Note: With this update, libdbus ignores environment variables when used by setuid or setgid applications. The environment is not ignored when an application gains privileges via file system capabilities; however, no application shipped in Red Hat Enterprise Linux 6 gains privileges via file system capabilities.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-3524
SHA-256 | 2fe96101f99eb2291e6510b5544d7a0828b7b2f84e24ba06f09f3b0c8005cd8a
Red Hat Security Advisory 2012-1262-01
Posted Sep 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1262-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3480, CVE-2012-3515
SHA-256 | 11979e71f57cd7fa51e61d9196b4b841df1d1259804ccd26b3beef5ccec7db4a
Ubuntu Security Notice USN-1566-1
Posted Sep 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1566-1 - It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-4244
SHA-256 | b74563c6dca9a227ad5695d5f517c3cabcaf41f15e3beeeee490cd11f74318a0
360-FAAR Firewall Analysis Audit And Repair 0.2.9
Posted Sep 14, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release further upgrades the NAT analysis capabilities, more NAT details are listed in 'print' mode.
tags | tool, perl
systems | unix
SHA-256 | eca2eafd31b73f79158ba4318dcdb341d71a40f8cdc578fd284dec7337fc4348
Secunia Security Advisory 50544
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, redhat
SHA-256 | fdd0541762daeee1ae4e140e2753b907f1ac7cc20c6a8ff49a2af413c9edffc3
Secunia Security Advisory 50579
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | 4078e6fd3d547dccf8219790403f0da299fde4555905d25d398b9d069cdc1399
Secunia Security Advisory 50537
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, suse
SHA-256 | f346d77823d582fee3f9464a0a08aa42d956d2d07003d979a0f515af82b2ddee
Secunia Security Advisory 50598
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in OpenX, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | feb24792c980628707ece07113220a680d7a33410c6d894e8b6ff45a344807ee
Secunia Security Advisory 50618
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | apple
SHA-256 | daeee9fbd165a39a7652dea20581b792c4fc5312ec603b1e4992c32a3f3e1e1d
Secunia Security Advisory 50592
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Cisco ASA-CX Context-Aware Security and Cisco Prime Security Manager (PRSM), which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | cisco
SHA-256 | 47633728611472e4f2c904235b8082fc1a5f888ee8bd29ba8fe0262bf2c9281b
Secunia Security Advisory 50610
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 7fc861703725c8b69d5cdafd18cf5f10957b777da22ad7756f9cf26929c74357
Secunia Security Advisory 50546
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Mass Contact module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | 6b64de941342344eb1b77b5fe50954e05257d1e0c4706eebb120aa6b4ed611a2
Secunia Security Advisory 50612
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 4d950a5afe2f6858232b2e5cb2aead375129d65ee76d23296e010a4fa2c98752
Secunia Security Advisory 50613
Posted Sep 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome for Android, which can be exploited by malicious people to disclose certain sensitive information and conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | b2267ee79b0e51d589d36f412606dd8ceb1da3d0b9ac2cf42ff186a5871687a5
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close