VMware Security Advisory 2013-0013 - VMware has updated VMware Workstation and VMware Player to address a vulnerability that could result in an escalation of privilege on Linux-based host machines.
3bc47daa98136732b874042b14387b0cf0891a83da155e6373c023b5444f3117This Metasploit module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll and is not supported on x64 editions of Windows.
b61f14f2873aa1c647ab01600db74d813ae4c68913ed531266fd588ac8aff25aRed Hat Security Advisory 2013-1523-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion.
87f29239c7e2f52b6486a676d86548aacadbd440f6c8196abcfa2d987d9e6ad9Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Included in this archive is the advisory and a metasploit module proof of concept exploit.
96d9b275b8fb781ce81072271e7c916990a3b1533948680e2de9477c048e9956Red Hat Security Advisory 2013-1522-01 - The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ It was found that Foreman did not correctly sanitize values of the "fqdn" and "hostgroup" parameters, allowing an attacker to provide a specially crafted value for these parameters and perform an SQL injection attack.
882fbca6772b0916e0958e824ed243b5219a9837225a71e9a0e65782c286fb07The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root.
720557d982f3ef8aaa06d07b9d53d8da0492b2a5ee7ee8cdb30161f8cc7b9f96Checkpoint Endpoint Security Media Encryption Explorer version 4.97.2 (Endpoint Security R73) contains two issues which can help to bypass the failed password attempts limit established in the password policy.
d45ede8228777b255c99202f1374063461f34fa72e724348fe261b37ed4a87e9Red Hat Security Advisory 2013-1521-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was discovered that the django.utils.http.is_safe_url() function considered any URL that used a scheme other than HTTP or HTTPS as safe. An attacker could potentially use this flaw to perform cross-site scripting attacks. A directory traversal flaw was found in Django's "ssi" template tag, which takes a file path as input and outputs that file's contents. An attacker able to alter templates that made use of the "ssi" tag on a site could use this flaw to access any local files accessible to Django.
7944b271df0a414473dfe8d8e114b4c4bbe4b1fc6747d98e0d3bd3fc081b215bRed Hat Security Advisory 2013-1520-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces; this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
7008a13256f2ff111c9742864c6951d05dc88eb72924ebacdbb0c1381a4ed58aWatermark Master version 2.2.23 .wstyle buffer overflow exploit that uses SEH.
3f8b35ba44bb69476776635c9e60bb68ff49e8d457b8e2b19675529dc10243b4Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root. These issues are due to a shell character escape vulnerability.
f6134df3ff0263a6cd72271f82d052f4901243c942b8062a434fa2292a742fabVulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. This advisoriy documents PATH and BOOTCLASSPATH vulnerabilities.
12b763de306db7a0f6da5ae622fa69aa12764251a01b3dfaf8577292ab988109Debian Linux Security Advisory 2797-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, and other implementation errors may lead to the execution of arbitrary code.
029e07b0bb2ef86a6578517759da390da13badd9b547fa9b121c3f711992923cDebian Linux Security Advisory 2796-1 - Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system.
8c1ab3f9d4ec34b474a39b54a38613b2324aa25e984e9b49b4c99b5a3a39637f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed