exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

ESET 7.0 Kernel Memory Leak
Posted Oct 28, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability.

tags | advisory, kernel, memory leak
advisories | CVE-2014-4974
SHA-256 | 8b5888960f4d9b82098187fccdeffd23d87b222ac084d8ed2407392d581bf827

Related Files

dlink.txt
Posted Dec 18, 2007
Authored by Ph3mt

Remote reset exploit for the D-Link Wireless Router.

tags | exploit, remote
SHA-256 | 4bfa487aad947f3449803fa97e7cce9142e7131db6117065bce0eaa83222a2f2
Gentoo Linux Security Advisory 200711-22
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-22 - Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 5f52b9f84d9302e6e300d1d2e51875e562148246b4abd18aa941c15e42413c79
iDEFENSE Security Advisory 2007-11-14.4
Posted Nov 15, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 11.14.07 - Local exploitation of an access validation vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with root privileges. When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. By first creating and obtaining write access to a Mach port, and then executing a set-uid root binary, an attacker can write arbitrary data into the address space of the process running as root. This leads to arbitrary code execution in the privileged process.

tags | advisory, arbitrary, kernel, local, root, code execution
systems | apple, osx
advisories | CVE-2007-3749
SHA-256 | ddf3efb648c973e23481ba27247dee4c3391b50406769e418dd0d2779ae4fc6a
SUSE-SA-2007-060.txt
Posted Nov 15, 2007
Site suse.com

SUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.

tags | advisory, overflow
systems | linux, suse
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 5f88e680d2da9bf0a5cf06f3bcdfb825ad1ada6a02114a0c38c121fd3358df12
Ubuntu Security Notice 532-1
Posted Oct 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 532-1 - Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-5198
SHA-256 | 677e5058f12e473d485da0af4be16886fabcf37a7ba5d0487a4a71af1f170bd9
Mandriva Linux Security Advisory 2007.196
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode. The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments. A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions. The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers. The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source. A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference. A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size. The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, root, protocol, memory leak
systems | linux, mandriva
advisories | CVE-2006-7203, CVE-2007-1497, CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-3105, CVE-2007-3513, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573
SHA-256 | 64832840334304a0ea0bb133dcd8a2e85f8bbea606fab02ea59dc6a77f2fed01
Vuurmuur-0.5.73.tar.gz
Posted Sep 18, 2007
Authored by Victor Julien | Site vuurmuur.org

Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.

Changes: Updated links to reflect new site. Fixed a number of bugs.
tags | tool, firewall, bash
systems | linux
SHA-256 | 7aa2bb1d088f48e3d5ba171705a3d01e0b7c9569de0ae59764d9bf251dcb0db8
Ubuntu Security Notice 509-1
Posted Aug 31, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 509-1 - The Linux 2.6 kernel series suffers from multiple vulnerabilities. A flaw in the sysfs_readdir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional privileges. A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. It was discovered that certain setuid-root processes did not correctly reset process death signal handlers. A local user could manipulate this to send signals to processes they would not normally have access to. The Direct Rendering Manager for the i915 driver could be made to write to arbitrary memory locations. An attacker with access to a running X11 session could send a specially crafted buffer and gain root privileges. It was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-3104, CVE-2007-3105, CVE-2007-3513, CVE-2007-3848, CVE-2007-3851, CVE-2007-4308
SHA-256 | 739b16d5c2a6a6a15dde4c79a2547109bddace7cde6d485d1b7a618484a247e2
n.runs-SA-2007.018.txt
Posted Jul 23, 2007
Authored by Sergio Alvarez | Site nruns.com

ESET NOD32 Antivirus suffers from a divide by zero vulnerability when parsing ASPACK and FSG packed files.

tags | advisory
SHA-256 | 343a656eaaefb99ba095c462d08364f3d556324a3321bb3bf32ce70fdd02939d
n.runs-SA-2007.017.txt
Posted Jul 23, 2007
Authored by Sergio Alvarez | Site nruns.com

ESET NOD32 Antivirus suffers from an integer overflow vulnerability when handling ASPACK packed files.

tags | advisory, overflow
SHA-256 | 33554f046759e59c122079d582ab1f11cf561a5181b4ba4108fded5f2b995c13
n.runs-SA-2007.016.txt
Posted Jul 23, 2007
Authored by Sergio Alvarez | Site nruns.com

ESET NOD32 Antivirus suffers from a heap corruption vulnerability during the parsing of .CAB files.

tags | advisory
SHA-256 | 8dae8f5f74c1a686972ac290694b45ebd96e122d26950d506a99ac0cfc1ccb98
mailmarshall-password.txt
Posted Jul 18, 2007
Authored by Gary O'Leary-Steele | Site sec-1.com

The MailMarshal Spam Quarantine version 6.2.0.x HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address.

tags | advisory, web
advisories | CVE-2007-3796
SHA-256 | 413e168c92dfcc339ecd500754b6e240ebd1b59e709f687e96ac02bb9c73e549
psinjection-06_056.txt
Posted Jul 11, 2007
Authored by Tim Brown | Site portcullis-security.com

The P-Synch Windows domain password reset web applications style parameter allows JavaScript injection.

tags | advisory, web, javascript
systems | windows
SHA-256 | c811e757dfd03f032fd13506676e048f9ede59a8110969e28f822537f3024761
pligg-password.txt
Posted May 31, 2007
Authored by 242th.section

Pligg version 9.5 is susceptible to a guessable confirmation code for password reset.

tags | exploit
SHA-256 | 6a5c9c8df8272d2b5249a353b1d8ce0b89612a994e53e4f4926cabe84e513934
ath-v1.3.zip
Posted May 21, 2007
Site loranbase.com

Sends an icmp echo request including +++ATH0 string in its ICMP data. This data resets vulnerable modems if victim replies the request. Only works on Windows XP prior to SP2. Includes Delphi source code.

tags | denial of service
systems | windows
SHA-256 | 292e5a0f49bc5fa0f5224e5e7ade8b35988d806db25ed0868b2f54bc5ed760c9
iDEFENSE Security Advisory 2007-04-03.1
Posted Apr 4, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Remote exploitation of a design error in certain kernel GDI functions in multiple versions of Microsoft Corp.'s Windows operating system may allow an attacker to cause a denial of service condition. During testing of the MS06-001 WMF (Windows Metafile) vulnerability, a flaw was found in the handling of WMF files. This flaw can cause the kernel to perform a bug check, also known as a "blue screen" or system crash, when it tries to parse the file. The cause of this bug check is an attempt by a function in a kernel system call to read a value obtained by dereferencing an offset into a kernel structure. This value had been previously created and then reset by previous system calls, and at the point it is accessed it does not contain a valid memory reference. This results in an access violation error, which in turn triggers the bug check. This vulnerability is different from both the Microsoft MS06-001 WMF vulnerability and the MS05-053 WMF vulnerability and is not fixed by either of these patches.

tags | advisory, remote, denial of service, kernel
systems | windows
advisories | CVE-2007-1211
SHA-256 | fdb46849d9f76d152ab6e6cebaabd4b8f591b50d77c6a09dfcafae4521d8a637
CA Security Advisory 35145
Posted Mar 9, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

The CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password interface. This vulnerability is exploitable only through physical interactive access or through Remote Desktop. Affected products include eTrust Admin 8.1 SP2 (8.1.2), eTrust Admin 8.1 SP1 (8.1.1), and eTrust Admin 8.1 (8.1.0).

tags | advisory, remote
advisories | CVE-2007-1345
SHA-256 | 3962113ae17c146b5640bd4ec12da7a3f96a4ed5be77c2f201e85de1071f6d9e
SA-20070226-0.txt
Posted Mar 6, 2007
Authored by D. Matscheko | Site sec-consult.com

SEC Consult Security Advisory 20070226-0 - The 3rd party module Pagesetter for PostNuke is susceptible to a local file inclusion vulnerability. Versions 6.2.0 and 6.3.0 beta 5 are affected.

tags | exploit, local, file inclusion
SHA-256 | 575fbb65bb1e067007269f53fe512d45d47ee97dd535d2999d2ace632822781a
psad-2.0.5.tar.gz
Posted Mar 4, 2007
Site cipherdyne.org

Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.

Changes: Bug fixes and some cool new features.
tags | remote, kernel, udp, perl, tcp
systems | linux
SHA-256 | ec3dca8cf70f0e310a22325a33557bd2bf197b958d18dce5c3e73f7bd5ab0e25
Secunia Security Advisory 24299
Posted Feb 27, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Pagesetter, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | ca27fea201cb9cde58fb06ab6028b83901c2df18b7016f7058ab8f09780834c2
Mandriva Linux Security Advisory 2007.040
Posted Feb 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4, as well as the 2.6 kernel, does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. The listxattr syscall can corrupt user space under certain circumstances. The problem seems to be related to signed/unsigned conversion during size promotion. The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. The mincore function in the Linux kernel before 2.4.33.6, as well as the 2.6 kernel, does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

tags | advisory, denial of service, kernel, local
systems | linux, mandriva
advisories | CVE-2006-5749, CVE-2006-5753, CVE-2006-6053, CVE-2006-4814
SHA-256 | 3f1e7bc824821ea2b210030bdddf0ed3535f8f6790b69937d9be3fbbb072c5a7
Secunia Security Advisory 23765
Posted Jan 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in OS/400, which can be exploited by malicious people to reset established TCP connections on a vulnerable system.

tags | advisory, tcp
SHA-256 | e7806f921bf69b70453de9dca256f322cf22a97050c585c8af8d7bf2906186aa
snews1530.txt
Posted Jan 14, 2007
Authored by rgod | Site retrogod.altervista.org

sNews versions 1.5.30 and below remote administrative password reset and code execution exploit.

tags | exploit, remote, code execution
SHA-256 | f04a733858f7408bda758be8c1e8792d544592a36499c3ed1ccccda1dfcc1e61
Vuurmuur-0.5.72.tar.gz
Posted Jan 13, 2007
Authored by Victor Julien | Site vuurmuur.sourceforge.net

Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.

Changes: Multiple bug fixes and some translations added.
tags | tool, firewall, bash
systems | linux
SHA-256 | bf91812261ccf3ab3c1b88ae7d8c7fb6cfd95f7bc833d7e309f3ff9bb69f2b7a
Mandriva Linux Security Advisory 2007.002
Posted Jan 3, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which could allow a local user to cause a Denial of Service (process crash). The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users to cause a DoS (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. An integer overflow in the 2.6 kernel prior to 2.6.18.4 could allow a local user to execute arbitrary code via a large maxnum value in an ioctl request. A race condition in the ISO9660 filesystem handling could allow a local user to cause a DoS (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. A vulnerability in the bluetooth support could allow for overwriting internal CMTP and CAPI data structures via malformed packets.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2006-5757, CVE-2006-5751, CVE-2006-5173, CVE-2006-5619, CVE-2006-6106
SHA-256 | 29b627a6c57f64a58aaf5181124bc69b0a5710ab41f40daa39be76a6fe15e058
Page 4 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close