exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Silver Peak VX Command Injection / Shell Upload / File Read
Posted Sep 14, 2015
Authored by Daniel Jensen | Site security-assessment.com

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.

tags | exploit, shell, root, vulnerability
SHA-256 | 36799a3c7e2af82faa6d01908af9360ddba720c30151c46a004891b6be136f05

Related Files

Mandriva Linux Security Advisory 2012-089
Posted Jun 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-089 - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1667
SHA-256 | a8217cffac821010635bfa2ad29fda43e42e61d06ec1bb8c1c4909f802aa412c
Mandriva Linux Security Advisory 2012-088
Posted Jun 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
SHA-256 | e45d0a9ecaaa6aa2057a7a0d53316462d0da0cafa4345f6f72cf7e998d9be6ec
Mandriva Linux Security Advisory 2012-087
Posted Jun 5, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-087 - Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2944
SHA-256 | 59c537bfb95b209de0cd8108e1c6f0a217ece674644b5d8578659d35b090558d
Mandriva Linux Security Advisory 2012-086
Posted Jun 1, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-086 - acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2011-1159
SHA-256 | c15d0e46cdada2dd1ae45af5a6bbb6ddf79e09ac03522b855d89fba15026903b
Mandriva Linux Security Advisory 2012-085
Posted May 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-085 - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-0022
SHA-256 | 0a5b185b8377e3d89ecf4eb5c1da3f094b87f8234235cc6ae5d3e4464a8ded72
MPlayer SAMI Subtitle File Buffer Overflow
Posted May 29, 2012
Authored by juan vazquez, Jacques Louw | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow found in the handling of SAMI subtitles files in MPlayer SVN Versions before 33471. It currently targets SMPlayer 0.6.8, which is distributed with a vulnerable version of mplayer. The overflow is triggered when an unsuspecting victim opens a movie file first, followed by loading the malicious SAMI subtitles file from the GUI. Or, it can also be done from the console with the mplayer "-sub" option.

tags | exploit, overflow
advisories | OSVDB-74604
SHA-256 | ff773c1737c09b314a58cb07dab372f6b99f077dc26dbd42fd59a36e56c907a7
Red Hat Security Advisory 2012-0690-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0690-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2012-2136
SHA-256 | 42f48969c33d14b422067a511d25a3ed7b2209d984bf368ba28a35ce8df3755b
Mandriva Linux Security Advisory 2012-081
Posted May 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.

tags | advisory
systems | linux, windows, mandriva
advisories | CVE-2012-0468, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2012-0479
SHA-256 | b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33
Mandriva Linux Security Advisory 2012-077
Posted May 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2010-4167, CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
SHA-256 | d7de3f7e0b80f09045f1b2c5f542725b115d3f5c08f7a893d8351dc7200e188a
Debian Security Advisory 2472-1
Posted May 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.

tags | advisory, root
systems | linux, debian
advisories | CVE-2012-0208
SHA-256 | fb5e1c809897c9f19723eac2b149d18e7bbd0d84cf8545cb5f93e9b78c5c44fb
Mandriva Linux Security Advisory 2012-072
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-072 - The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a login CSRF issue. Various other issues have also been addressed.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-1491, CVE-2011-1492, CVE-2011-2937, CVE-2011-4078
SHA-256 | 5db9be97f39831d6baffca7927339627ba7442fb01a60c527592f9e5db93ccb8
Mandriva Linux Security Advisory 2012-066
Posted Apr 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.

tags | advisory, remote, code execution
systems | linux, mandriva
advisories | CVE-2012-0468, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2012-0479
SHA-256 | 52c7580faddde89c8ddd93ee504f0bd91f907d7b0db98c6e88c400c8de82300c
Mandriva Linux Security Advisory 2012-065
Posted Apr 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php, sql injection
systems | linux, mandriva
advisories | CVE-2012-0788, CVE-2012-0807, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172
SHA-256 | a018be1990be06d135afc8ee885fd862474162711692134a45a97fbfa7ed502c
Mandriva Linux Security Advisory 2012-059
Posted Apr 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-059 - It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. The updated packages have been patched to correct this issue.

tags | advisory, sql injection
systems | linux, mandriva
advisories | CVE-2012-0805
SHA-256 | d5f88c588379acc2bfa9ff43617fc1860c078b4a3e19d62cf9688284b0d95395
V-CMS PHP File Upload And Execute
Posted Apr 17, 2012
Authored by sinn3r, AutoSec Tools | Site metasploit.com

This Metasploit module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inline_image_upload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script (such as PHP) without authentication, and then execute it with a GET request. The issue is fixed in 1.1 by checking the extension name. By default, 1.1 only allows jpg, jpeg, png, gif, bmp, but it is still possible to upload a PHP file as one of those extension names, which may still be leveraged in an attack.

tags | exploit, web, php
advisories | CVE-2011-4828
SHA-256 | 5db10ec6f958334e9330d4c85475a69cd8b4c04de7b7b2ad6e87bd5f504d7f81
Mandriva Linux Security Advisory 2012-055
Posted Apr 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-055 - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1182
SHA-256 | 676cd5caa1a00ec6655d780e2a43329e69c8af366edce0bac72c298a8f52bb1d
Adobe Flash Player Information Leak
Posted Apr 10, 2012
Authored by Fermin J. Serna

Adobe Flash Player versions prior to 10.3.183.16 and 11.x before 11.1.102.63 suffer from an information disclosure vulnerability. This archive has research related to this issue, proof of concept source code, and a swf that demonstrates the issue.

tags | exploit, proof of concept, info disclosure
systems | linux
advisories | CVE-2012-0769
SHA-256 | a3e0acb403967ecb2ab50b95e92c7801505af37a7f830f9ad5119219170efa9f
Csound hetro File Handling Stack Buffer Overflow
Posted Apr 7, 2012
Authored by Secunia, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like "csound -U het_import msf.csd file.het". This exploit doesn't work if the "het_import" command is used directly to convert the file.

tags | exploit, overflow
advisories | CVE-2012-0270, OSVDB-79491
SHA-256 | 2cf13f78ded375c63bae698c2466604d37bb00327f7749fa76c00ef2cae3a62c
Mandriva Linux Security Advisory 2012-045
Posted Mar 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-4128
SHA-256 | 9d3027f3aebc071f3740544e88a82db2c4435c748db9687f95fffe022c747c8e
Mandriva Linux Security Advisory 2012-040
Posted Mar 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1573
SHA-256 | 8c82c1513bd666093f762efb98cbc93ba20dbed872d8c6c946cbde14ef5e7aa3
Mandriva Linux Security Advisory 2012-039
Posted Mar 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-039 - The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1569
SHA-256 | d68b51c860745669ed80a9760b3d0f8d33e9fbc141c0beef7e8da27438734c22
Red Hat Security Advisory 2012-0429-01
Posted Mar 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

tags | advisory, remote, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-4128, CVE-2012-1573
SHA-256 | 501c1430723c183990aa23d2ad91107cca4dcdaf2c0b1b2c34ceca0d912eefd3
Mandriva Linux Security Advisory 2012-038
Posted Mar 26, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-038 - The implementation of Cryptographic Message Syntax and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack adaptive chosen ciphertext attack. The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, crypto
systems | linux, mandriva
advisories | CVE-2012-0884, CVE-2012-1165
SHA-256 | 39adc297298f941be7a71d3df5bf4130fda4950b19b1987d86909215135fc84e
Debian Security Advisory 2440-1
Posted Mar 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2440-1 - Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1569
SHA-256 | 01d12d9f8ddd16ac567c95dd7153688791594884149e58d6cb2857338fc72539
Mandriva Linux Security Advisory 2012-037
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-037 - The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, imap
systems | linux, mandriva
advisories | CVE-2011-3481
SHA-256 | 6312ad5564a296e8450f12e2352d9bae331005446a5cb929d3c19bf32bef7291
Page 2 of 4
Back1234Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close