exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2013-05-21 to 2013-05-22

Infotecs ViPNet Products Privilege Escalation
Posted May 21, 2013
Authored by Maksim Chudakov, Andrey Kurtasanov

A common local privilege escalation vulnerability has been discovered in multiple Infotecs ViPNet products. The affected versions include ViPNet Client version 3.2.10 (15632), ViPNet Coordinator version 3.2.10 (15632), ViPNet SafeDisk version 4.1 (0.5643), and ViPNet Personal Firewall version 3.1. Prior versions of these products are also affected.

tags | advisory, local
systems | windows
advisories | CVE-2013-3496
SHA-256 | 50c86d88a6041ac4e748fce3b6213b340188033d52fb31503103bef9cc2cdbd2
Slackware Security Advisory - kernel Updates
Posted May 21, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix a security issue.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2013-2094
SHA-256 | 789b1959ad424171a49be0fe4ba4dc50597750f538a268707ec4d0a98d5e4e17
Red Hat Security Advisory 2013-0847-01
Posted May 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0847-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain, leading to a denial of service.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2013-0153
SHA-256 | 8e81c611a3c02fc85fcaadbe99aeb062e3ac24c067247932ad4b3037b58d37ff
Red Hat Security Advisory 2013-0848-01
Posted May 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0848-01 - Red Hat Network Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was discovered that Red Hat Network Satellite did not fully check the authenticity of a client beyond the initial authentication check during an Inter-Satellite Sync operation. If a remote attacker were to modify the satellite-sync client to skip the initial authentication call, they could obtain all channel content from any Red Hat Network Satellite server that could be reached, even if Inter-Satellite Sync support was disabled.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2056
SHA-256 | 1e1bacce042d7c5990538d17a74f3a97509aa024e7e528212b1beb9ab9ebad43
Ubuntu Security Notice USN-1832-1
Posted May 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1832-1 - Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1960, CVE-2013-1961
SHA-256 | da1e7a4397ce6b4924e6dcc6b98f9033747c7204e3235de87c073064fc8c44bf
Mandriva Linux Security Advisory 2013-166
Posted May 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-166 - The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack. The updated packages have been patched to correct this issue.

tags | advisory, udp
systems | linux, mandriva
advisories | CVE-2002-2443
SHA-256 | 54269d63b4e4f11f696201703214f8c37a3fa4a86e2f5659d21a5873f3f99ee0
Kimai 0.9.2.1306-3 SQL Injection
Posted May 21, 2013
Authored by drone | Site kimai.org

Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
systems | linux, windows
SHA-256 | 0500e2f1f7402ade9a36fb3bbcdf907836374db397c71ed558baeaefcc940edc
Ophcrack 3.50 Buffer Overflow / Code Execution
Posted May 21, 2013
Authored by xis_one | Site ophcrack.sourceforge.net

Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution.

tags | exploit, overflow, local, code execution
systems | windows
SHA-256 | 85e4c42a672fe0a884bdf1e279ba0680a6f49152f227aadb304bf714bbb09e86
Linksys WRT160n apply.cgi Remote Command Injection
Posted May 21, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 - firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.

tags | exploit, web
advisories | OSVDB-90093
SHA-256 | f9f09e58e33c3c7939cc2ed16b2c26b3cc52e2b7e29498141ef9d035fec7d9f7
Sony PS3 Firmware 4.31 Code Execution
Posted May 21, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject and execute code out of vulnerable PlayStation 3 menu main web context.

tags | exploit, web, local, code execution
SHA-256 | 0fd5bb46569459ce46c5312e622c6ab26a6e991cedaa4c04f931ae9f2b8e725c
Trend Micro DirectPass 1.5.0.1060 Command Injection / Denial Of Service
Posted May 21, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, and a denial of service vulnerability.

tags | exploit, denial of service, local, code execution
SHA-256 | 0bd4cb7f71fd9f6ce6c2774f8d033e3486c4b9de01400c5a1430a846c73e58c3
Reverse Engineering Camera Firmware
Posted May 21, 2013
Authored by Prayas Kulshrestha

This paper provides a walk-through on using binwalk and gzip to get to the disk image contained within a Sercomm IP Camera .bin firmware update.

tags | paper
SHA-256 | a99d9652075f6bd2513e0818fbec064dcce83e25ac29649075f49fd45abebeb0
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close