Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.
22e3af92e387283941072a466bbafa59aa472e2642354166a328c50464384720A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used after that data has been removed from the stack. This results in a stack-based analog to a heap use-after-free vulnerability. The stack memory where the data was stored can be modified by an attacker before it is used, allowing remote code execution.
2181d9fec4fc8ff576c68d4466f163e14f8053fbd37a0a6039c5e12080b6e94cAbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.
cd2c80f0f2e023291ed5e53db6d2e1c91a7f1528bc8a646f1cb9183d97851883Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
3d523c5581a434f432187c46da013e29973b0e1e3675d1744c96600fe6349d80Red Hat Security Advisory 2016-2872-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges.
8e41cabe0b6906610a2b234cb672a2d7cfec3592a3b6f1a8c617eab6e4f006faRed Hat Security Advisory 2016-2871-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
fa6473273e61b60cd7193e68e5c5b0bd7ef710cda977793d7b048a71383b1cd1Gentoo Linux Security Advisory 201612-15 - Multiple vulnerabilities have been found in ARJ, the worst of which may allow attackers to execute arbitrary code. Versions less than 3.10.22-r5 are affected.
93ed680b4b8f65b624060451139142724745ff36774c1addc0f775b16cc6ee38Gentoo Linux Security Advisory 201612-14 - A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code. Versions less than 2.26 are affected.
d3385716f80151ebb4a86fe44909384782335a2b981d22392f199815a3ab9af2180 bytes small Linux/x86 Netcat with -e option disabled reverse shell shellcode.
26296736b0ffca25f81746da4feef3a90d0468e331a8f918be4135b5b0f5f212A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge.
dbee67cc4774436af0a97fc95c4282934e4d90645ab6bff130f5ae660df69677WordPress Single Personal Message plugin version 1.0.3 suffers from a remote SQL injection vulnerability.
469150d5e57c22c3a1a7f76ddb2fbd3f08717c9951bfc87535172e7159a56433Dup Scout Enterprise version 9.1.14 buffer overflow SEH exploit.
09f037c972288c527580a43c0779237fb87818b52be4fda12e9de4612a86a66c31c0n has announced its call for papers. It will take place February 23rd through the 24th, 2017 in Auckland, New Zealand.
7f985c756a8b5be3da50e0096babb554bd4fe234ddcb8b58d1a8674aa0cf0c04Assisted GPS/GNSS data provided by Qualcomm for compatible receivers is often being served over HTTP without SSL. Additionally many of these files do not provide a digital signature to ensure that data was not tampered in transit. This can allow a network-level attacker to mount a MITM attack and modify the data while in transit. While HTTPS and digitally-signed files are both available, they are newer and not widely used yet.
2a18e13d34c037e28a3cfc8bbbe4a5b490d1f0516e9c8f7a3662df12c3658de3Ubuntu Security Notice 3151-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
366ea99803b45007b28975fba950ee825bcae8c517bc90500e532dac943f504eUbuntu Security Notice 3150-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
01114ec8168ca06ef876602f632596b5ac0058fb4b42a72b0b74d82c64e9f60dUbuntu Security Notice 3149-2 - USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.
9731ac046103f9c340d873b560f2afaaa0ca3c84506deef542342b131629c0e3Ubuntu Security Notice 3149-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
47b1b3821d04bf4ee88ff830c4355b2043041b0a774d187a6a18134e753cad2fUbuntu Security Notice 3152-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
6a40f0ee04b23e2fabfc56131ab430587cf990f38c7a6483b09550b5949ad6eeUbuntu Security Notice 3151-4 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
d2fab5298c22b5a5a949676daea4e21714110552ff25f80853e30f529249f2bfUbuntu Security Notice 3150-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
e27b7f3da4c744e96fa266bd5562b86cb4562b856349a55c52cd669f78d9bafbUbuntu Security Notice 3151-3 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
9db0f9cd682d4172f274216dae7fda69a6d76e1c289494ea22b16c4e3962bfd5Ubuntu Security Notice 3152-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
2fc1600c5a1b891c887eccc1ab9690b55958aad6e3ae9df58df425149b8c8df8Ubuntu Security Notice 3151-2 - USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.
cac405c82a1b4cf4918d416971f4626ddaf020310ddbee3aac884eb9ea77af02DiskBoss Enterprise version 7.4.28 GET buffer overflow exploit.
14e13aa97f4a215295ab0b996def24ed7ffe4046ca60bd8503154967f3b9d915
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed