MAPLE Computer WBT SNMP Administrator version 2.0.195.15 remote buffer overflow exploit with egghunter.
893fde7732f15b12f55e3084296bc66ba46e14f248cded34af92a00bcc8d6150
Red Hat Security Advisory 2012-1149-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. This update also fixes the following bugs:
beba8e6ed13cfb26fb7c7c1854aef7f93f140ed6cc736059b657a68db78e6e8f
Power Bulletin Board versions prior to 2.1.4 authentication bypass and add administrator exploit.
029b52340f5c1e7a0fdaa00422646752976486d49f4a8818ec05d4afbc957dd2
The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.
840d89136b0bbd34dcc7fbaa674c8f425af2c5bab7ef9bb1fac81338af82ef39
conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.
e1da5f4c46094c252df5a167b28ecf2085dd73d1258316021d80612e5c9e332b
Red Hat Security Advisory 2012-1131-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind.
fc644b1cb9cf0a8750b9b22679610ad70952fe4b170e2844397d3cea0bd64a5a
Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.
36e5626623975013ad17de674718bb242f7551a7c65755515d9aab44a7aa57ea
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74e
Red Hat Security Advisory 2012-1081-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. All users of sudo are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
2dfbfa43bde13f32ff7b638eeb910225f286b002c9fd10e5b654f6375bb16e10
Red Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0b
Mandriva Linux Security Advisory 2012-102 - A vulnerability has been discovered and corrected in krb5. A kadmind denial of service issue has been addressed, which could only be triggered by an administrator with the create privilege. The updated packages have been patched to correct this issue.
9811d67a56f6266e921605d63970c98925047dd6fd4ff986c85c9011098f43e2
CMS DMS-Easy version 0.9.8 suffers from cross site request forgery, file disclosure, add administrator, and remote shell upload vulnerabilities.
7bcf5e1148964c841fe99106d5c5a057887f28fa0dd89c2797b40562b95b703a
Red Hat Security Advisory 2012-0902-04 - The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.
b6831be7a80bfb064ce96ffee7b691ceb05ca7ce5ebc98fd5bf2e47dea32809a
Red Hat Security Advisory 2012-0774-04 - libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state. If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes.
3c03e868e79d870f5fd7c1ec1e25276d1ae7821980f54507b63d5e89bea9fc32
Secunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9
Secunia Security Advisory - A security issue has been reported in Symantec LiveUpdate Administrator, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
8bdc0d63e8cdfd234470ebf624f69b23025362655365bc21fda912a34ddf69d9
This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.
8ca8af4598071a83d2552f14b027f3fdb8f361c95b01bacf03d39857c306caea
HP Security Bulletin HPSBMU02776 SSRT100852 - Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access to data, unauthorized disclosure of information, and Denial of Service (DoS). Revision 1 of this advisory.
81bc660490835ba3e0d0c8bb863ac4728f1c3963fde22d565671ac239b46f148
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Onboard Administrator, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
8d1911634e157101a1ad0325ae2c325e52fea6bdd9480e4028992ef0bc5c0a91
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.
66fb5636308651b4c30914ee68b3d1dd0bb8281f93ba0f3b8d86229d271ee731
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
4887943b5dfe0cd8a8727842cf0bd736b62983162e36e137d3fa1390c6741a9b
conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.
7332b6fda82460bb4f07e93ce67e676b81a955d5738f3b67ca2f1063ddd4dc67
Plown is a security scanner for Plone CMS. Although Plone has the best security track record of any major CMS and is considered highly secure, misconfigurations and weak passwords might enable system break-ins. Plown has been developed to ease the discovery of usernames and passwords, and act as an assistant to system administrators to strengthen their Plone sites.
49b65aa4f0f52ef71f03cc8968519322ebf0529377bec261d23cc1024bf2747e
By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.
3f6c3c5b9e5e27e968adbe87afc167aa13e200b89a6647cbde10d03c9a021bac
Secunia Security Advisory - HP has acknowledged a vulnerability in HP Onboard Administrator, which can be exploited by malicious people to cause a DoS (Denial of Service).
ce2b8e1b2430e1b4b59d862065181ad43a9d63156427d33ddb29b0773691ba46
HP Security Bulletin HPSBMU02766 SSRT100624 - A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
2e9ccfbbee1de3ca1818aa7517b75f495f859618c8c98560ebcdeea64acb9a42