MAPLE Computer WBT SNMP Administrator version 2.0.195.15 remote buffer overflow exploit with egghunter.
893fde7732f15b12f55e3084296bc66ba46e14f248cded34af92a00bcc8d6150Red Hat Security Advisory 2012-1149-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. This update also fixes the following bugs:
beba8e6ed13cfb26fb7c7c1854aef7f93f140ed6cc736059b657a68db78e6e8fPower Bulletin Board versions prior to 2.1.4 authentication bypass and add administrator exploit.
029b52340f5c1e7a0fdaa00422646752976486d49f4a8818ec05d4afbc957dd2The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.
840d89136b0bbd34dcc7fbaa674c8f425af2c5bab7ef9bb1fac81338af82ef39conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.
e1da5f4c46094c252df5a167b28ecf2085dd73d1258316021d80612e5c9e332bRed Hat Security Advisory 2012-1131-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind.
fc644b1cb9cf0a8750b9b22679610ad70952fe4b170e2844397d3cea0bd64a5aNmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.
36e5626623975013ad17de674718bb242f7551a7c65755515d9aab44a7aa57eaThe Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74eRed Hat Security Advisory 2012-1081-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. All users of sudo are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
2dfbfa43bde13f32ff7b638eeb910225f286b002c9fd10e5b654f6375bb16e10Red Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0bMandriva Linux Security Advisory 2012-102 - A vulnerability has been discovered and corrected in krb5. A kadmind denial of service issue has been addressed, which could only be triggered by an administrator with the create privilege. The updated packages have been patched to correct this issue.
9811d67a56f6266e921605d63970c98925047dd6fd4ff986c85c9011098f43e2CMS DMS-Easy version 0.9.8 suffers from cross site request forgery, file disclosure, add administrator, and remote shell upload vulnerabilities.
7bcf5e1148964c841fe99106d5c5a057887f28fa0dd89c2797b40562b95b703aRed Hat Security Advisory 2012-0902-04 - The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.
b6831be7a80bfb064ce96ffee7b691ceb05ca7ce5ebc98fd5bf2e47dea32809aRed Hat Security Advisory 2012-0774-04 - libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state. If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.
3c03e868e79d870f5fd7c1ec1e25276d1ae7821980f54507b63d5e89bea9fc32Secunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9Secunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.
8ca8af4598071a83d2552f14b027f3fdb8f361c95b01bacf03d39857c306caeaHP Security Bulletin HPSBMU02776 SSRT100852 - Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access to data, unauthorized disclosure of information, and Denial of Service (DoS). Revision 1 of this advisory.
81bc660490835ba3e0d0c8bb863ac4728f1c3963fde22d565671ac239b46f148Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Onboard Administrator, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
8d1911634e157101a1ad0325ae2c325e52fea6bdd9480e4028992ef0bc5c0a91Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.
66fb5636308651b4c30914ee68b3d1dd0bb8281f93ba0f3b8d86229d271ee731Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
4887943b5dfe0cd8a8727842cf0bd736b62983162e36e137d3fa1390c6741a9bconntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.
7332b6fda82460bb4f07e93ce67e676b81a955d5738f3b67ca2f1063ddd4dc67Plown is a security scanner for Plone CMS. Although Plone has the best security track record of any major CMS and is considered highly secure, misconfigurations and weak passwords might enable system break-ins. Plown has been developed to ease the discovery of usernames and passwords, and act as an assistant to system administrators to strengthen their Plone sites.
49b65aa4f0f52ef71f03cc8968519322ebf0529377bec261d23cc1024bf2747eBy utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.
3f6c3c5b9e5e27e968adbe87afc167aa13e200b89a6647cbde10d03c9a021bacSecunia Security Advisory - HP has acknowledged a vulnerability in HP Onboard Administrator, which can be exploited by malicious people to cause a DoS (Denial of Service).
ce2b8e1b2430e1b4b59d862065181ad43a9d63156427d33ddb29b0773691ba46HP Security Bulletin HPSBMU02766 SSRT100624 - A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
2e9ccfbbee1de3ca1818aa7517b75f495f859618c8c98560ebcdeea64acb9a42
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed