Proof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.
44e38035938b0841fe6c4b79375b95d9bdcc4665c0a63ed1dcb0ca5df0c03212Tekno.Portal version 0.1b suffers from a remote blind SQL injection vulnerability in link.php. This version was already known to have issues with SQL injection since 2010.
c71eed1836a67943fa03e0218fb566e5956562284ee6c837a7ec26e30d887446afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
933d4fffd3ddffb6eeb8972b47caf3bce6a24d709209a488ab2ddec8e716842cSince the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.
0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bdThe Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4
9bd69f05ada8cee6b76af8cc4636ab3a3a49a49bfad809f7b97fefaea4e48bb0afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
a3e1d27385876c05c08eb1166b11ec93813315173953b748a1e2149f47a31761Red Hat Security Advisory 2012-1041-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".
02001d1e71ee84e1ac827dd563294cf7f71f0d1e542e4d2379a601515d3d2c88Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
9897b37f6a6a7380f2b1a3104f85aedcea9b84b5400594a0944e88925eada2e7Red Hat Security Advisory 2012-0997-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".
d8fcd715d68abc63df0d8bfd8b39169de1feaa4b944697d2033befadfa07578fF5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.
6ac4496033f2428dbb162f6a1981e581a57e0ffa587cd8f0dc742fc39045f66eTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
2f1ba76561161a4b1b0a817d76cb62c817dd94f5aeb98806a1a2cb79ca795bb4This Metasploit module exploits a use-after-free vulnerability in Firefox 8/8.0.1 and 9/9.0.1. Removal of child nodes from the nsDOMAttribute can allow for a child to still be accessible after removal due to a premature notification of AttributeChildRemoved. Since mFirstChild is not set to NULL until after this call is made, this means the removed child will be accessible after it has been removed. By carefully manipulating the memory layout, this can lead to arbitrary code execution.
0750feb0c6b04b3e549b1720e08f8946c5ad47833c85f2914592e886fe867eb0Asterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.
135fdb3c4091f47c3bd1cc61841154a28cbda243b8fb16a579ebff1ce30c23efThis Metasploit module exploits a vulnerability found in TFTP Server 1.4 ST. The flaw is due to the way TFTP handles the filename parameter extracted from a WRQ request. The server will append the user-supplied filename to TFTP server binary's path without any bounds checking, and then attempt to open this with a fopen(). Since this isn't a valid file path, fopen() returns null, which allows the corrupted data to be used in a strcmp() function, causing an access violation. Since the offset is sensitive to how the TFTP server is launched, you must know in advance if your victim machine launched the TFTP as a 'Service' or 'Standalone' , and then manually select your target accordingly. A successful attempt will lead to remote code execution under the context of SYSTEM if run as a service, or the user if run as a standalone. A failed attempt will result a denial-of-service.
97a2a64a4d7b26a5088cf3d73076bee782c41a2cccb84de4ec3d8a09cc34adadafick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
067e9fd3a6de7bcf39a64c3ea4e28159c8a11605e0f19179116cbaf0b785167eThe cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.
cb8784c8a30a60fd5be4ccee3a92361bbb9b0c25e831d60269f418117ec0e6b6IPv6 Extension Headers with Neighbor Discovery messages can be leveraged to circumvent simple local network protections, such as "Router Advertisement Guard". Since there is no legitimate use for IPv6 Extension Headers in Neighbor Discovery messages, and such use greatly complicates network monitoring and simple security mitigations such as RA-Guard, this document proposes that hosts silently ignore Neighbor Discovery messages that use IPv6 Extension Headers. Revision 2 of this document. This revision includes, among other things, a discussion of possible issues with SEND as a result of IPv6 fragmentation.
a8b7a492cc8ab102f8884547a7f042ea0e94a1cdbbad648050eb655bf675f524FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.
685c68cd0d879191a8f6e9dd16fb3ba8d2d61b100f23301bbe8d7f9cde467b5eTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
36a982d6aa03aaa511252b1130ed6b0d14a80d24eb675d1ca2e4a1ef05fd6b8eTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
ac457a33c004f3bd3a25772290cda9731e40b46e0e85df2b2dfc7e8e8804b497Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.
9f962a1146b166cb12019ea5b182eacc2cc8694e655e19753e3b166705565b31afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
f7f6f52200bb66d9f8c5ad93800fbab84853a74f88790323a5688516a06a2a26This Metasploit module combines two separate issues within Support Incident Tracker versions 3.65 and below to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities.
dbc7a2ae369700f4243579f8576c1fb42786b65ea5a9ec60c838072b7d4ea678Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
568e19f2bee2f40b7aebc94201e6e7c0530c0bd21dc063fc84fb7086b0936c20Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
9f48d660d26082a6c4a6578c1d352d077f8b51add9b99f5492d02edb6099243eTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.
673b5bc02fbe9d2b593026ad503b8f7a1cbd34953021173247f95ffb1bceb976
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed