S.S.T (Save Typed Text) javascript proof of concept keylogging code.
3d93476f79d386daaf0081e819a0e2b9b68992bbd8af9ed271d5b909759e9021Red Hat Security Advisory 2016-1378-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.
cf0653a60b67d585ed9588c8088bcba3f2e30c854c60789ef0985ca54cbb1db7Red Hat Security Advisory 2016-1377-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.
d0bf2032c8fc6f463979829d9f140ec32ab10ca2f36f474f914a721b83f2f3acHP Security Bulletin HPSBMU03377 2 - A potential security vulnerability has been identified with HP Release Control running RC4. A vulnerability in SST/TLS RC4 stream cipher known as Bar Mitzah was addressed by HPE Release Control. The vulnerability could be exploited to allow remote disclosure of information. Revision 2 of this advisory.
4a94ecae79f15bff50ee993b4a368bc87c1663772c14a553a0431dd5b25590ccWhen accessing resources via the ServletContext methods getResource() getResourceAsStream() and getResourcePaths() the paths should be limited to the current web application. The validation was not correct and paths of the form "/.." were not rejected. Note that paths starting with "/../" were correctly rejected. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.64, and 8.0.0.RC1 through 8.0.26.
b1f753e54e5215e5b5e3807834777c09565ba6a20e0a2b3c9fb5433a181e671aghrc.nsstc.nasa.gov suffered from a cross site scripting vulnerability.
39c8465d756607f1fcd5544160fdda382abab5af697af9fa153ba65efff5fa84The NtUserGetClipboardAccessToken win32k system call exposes the access token of the last user to lower-privileged users. It can also be used to open an anonymous impersonation thread token which normally OpenThreadToken shouldn't be able to do. This is a bypass of the fix for CVE-2015-0078.
9bcf7274e363f1dc579d9ed68048a01019d56cc2f841f1a4a04c182389196296An instance of ActionScript's Sound class allows for loading and extracting for further processing any kind of external data, not only sound files. Same-origin policy doesn't apply here. Each input byte of raw data, loaded previously from given URL, is encoded by an unspecified function to the same 8 successive sample blocks of output. The sample block consists of 8 bytes (first 4 bytes for left channel and next 4 bytes for right channel). Only 2 bytes from 8 sound blocks (64 bytes) are crucial, the rest 52 bytes are useless. Each byte of input from range 0-255 has corresponding constant unsigned integer value (a result of encoding), so for decoding purposes you can use simply lookup table (cf. source code from BoundlessTunes.as).
fc4873a13244f4cbc031eca310103bf8bf2dd9f88a4c98659fde47aa2310d88dA type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.
b3a8329c29d10dca9d7ddc4c0f46af58e29999c11da31e6009cf9c41975e1db6Red Hat Security Advisory 2014-0423-01 - The openshift-origin-broker package provides the OpenShift Broker service that manages all user logins, DNS name resolution, application states, and general orchestration of the applications. The rubygem-openshift-origin-auth-remote-user package provides the remote user authentication plug-in. A flaw was found in the way openshift-origin-broker handled authentication requests via the remote user authentication plug-in. A remote attacker able to submit a request to openshift-origin-broker could set the X-Remote-User header, and send the request to a passthrough trigger, resulting in a bypass of the authentication checks to gain access to any OpenShift user account on the system.
f598489c43378ab1d4e656502a914e058b9c591b74e6b3a5a7c8e9656ca0e1afRed Hat Security Advisory 2014-0422-01 - The openshift-origin-broker package provides the OpenShift Broker service that manages all user logins, DNS name resolution, application states, and general orchestration of the applications. The rubygem-openshift-origin-auth-remote-user package provides the remote user authentication plug-in. A flaw was found in the way openshift-origin-broker handled authentication requests via the remote user authentication plug-in. A remote attacker able to submit a request to openshift-origin-broker could set the X-Remote-User header, and send the request to a passthrough trigger, resulting in a bypass of the authentication checks to gain access to any OpenShift user account on the system.
4bdc39e07f063683224e2c5b173c10db71b79172f5adf98767338f036c361d58The file agc/manager_send.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru() function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with default passwords and the manager_send.php file has a SQL injection vulnerability that can be used to bypass the session check as long as at least one session has been created at some point in time. In case there isn't any valid session, the user can provide astGUIcient credentials in order to create one. The results of the injected command are returned as part of the response from the web server. Affected versions include 2.7RC1, 2.7, and 2.8-403a. Other versions are likely affected as well. The default credentials used by Vicidial are VDCL/donotedit and VDAD/donotedit.
fe43d040fa2032ae8b0f68df36ad62a56693b4bfc023c7d6761cb75f72c9869fMandriva Linux Security Advisory 2013-216 - ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
e270d97c7c30cd1dfa32136b75cbfb5d2f2f8687db2bbac9746b8e5e5f17ef6aMandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
222e6a9b6c229fb8760fbf864b56dd9ad305b2f5b2210ae92ec97c2c2809405bThis Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
e4e301239f9dd9233d1f53f7eeec494854791ab17cbfc496d7ff9fc4c9b4e501Red Hat Security Advisory 2012-0358-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting.
98902c733d28dde86a19c4de285d3fdd02cc5ae6d870d00196d370a40c1b38bfRed Hat Security Advisory 2011-1801-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.
f08148ae167c0768b601225b0105f767e9cb21cde5993cc3bc42b1cd64876d00Red Hat Security Advisory 2011-1777-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.
f437ff73654ec441c37ee0a258656d8a2c9469e20690c2704d525a4c711b0de4Secunia Security Advisory - A security issue has been discovered in the Proc::ProcessTable module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
8feeef65e17ae75af2f21b5a0368354a65090937c5722ad7e8ff75e502b4ae45Red Hat Security Advisory 2011-1479-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Various other issues were also addressed.
ed68520a6ee2920e3e52edf771936c03f68718a31b6a9055d5cb9d1c38a033e1This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more.
4b62d88653f707028740984998a846bce54234865cd62cec045e7c6dffb125edRed Hat Security Advisory 2011-1189-01 - Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.
d97ef6720ae8e063983b3824218d93b24db61be0bd9859deee9eb835fea7f6a9Red Hat Security Advisory 2011-1005-01 - The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack.
67b1dcce5be13e37cd2984523d1ddf937e78182e6e8cb6deeab1273daf93197dSecunia Security Advisory - Red Hat has issued an update for sysstat. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
69be46da54e2c65b8ed1247ae62e28fac5bd67ca29550d95cfdc9c402241d4d5Secunia Security Advisory - A vulnerability has been discovered in CSSTidy, which can be exploited by malicious people to conduct cross-site scripting attacks.
95189c7fcd2409b41e6daf3eedf7e55c5df6b6bd911ed5354acbf99c049dfbcaRsstatic suffers from a remote SQL injection vulnerability.
40e5ad5b8ab22b136411b1d6305a2131e5e2bebd4eb01ba990c79c42b34b60f0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed