exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Apple packet-mangler Remote Code Execution
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof-of-concept exploit for a remote code execution vulnerability in the packet-mangler component of macOS. The vulnerability was fixed in macOS High Sierra 10.13.5, which was released on June 1, 2018.

tags | exploit, remote, code execution
advisories | CVE-2017-13904, CVE-2018-4249
SHA-256 | 6bb19f476695922a3e4295da78b226643f1cf515a1ee4fc61b849f6bce9c9eb7

Related Files

Sydbox Sandbox 0.7.6
Posted Aug 14, 2012
Authored by Ali Polatel | Site projects.0x90.dk

Sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.

Changes: This is a maintenance release addressing a few issues. Note that no few features are going to be added to sydbox-0.
tags | tool
systems | unix
SHA-256 | 3c758c94c86c4ac72895c9fdaefa767f6b9256d8e658c5b70a850133a119c72b
Mandriva Linux Security Advisory 2012-129-1
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
SHA-256 | c7875eb533c9d6beb3425c1a97fe6ed841b9a1c6086b68f13fd555c85ebb7760
Mandriva Linux Security Advisory 2012-128
Posted Aug 9, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-128 - A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names and evaluating /dev/fd file names in conditional command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash. Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability.

tags | advisory, remote, overflow, shell, bash
systems | linux, mandriva
advisories | CVE-2012-3410
SHA-256 | ded651ae3fb8a40f05143e18cd58c2e666fadd104e5caa2a2f8e3f23bba5151f
Debian Security Advisory 2519-1
Posted Aug 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2519-1 - Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-4539, CVE-2012-3571, CVE-2012-3954
SHA-256 | e479c19eca6b0a977ba08f2378c2c6d472b961bb6278e8c807d1506c363ab2e5
Mandriva Linux Security Advisory 2012-118
Posted Jul 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-118 - A vulnerability has been discovered and corrected in ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. The updated packages have been patched to correct this issue.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2009-5031, CVE-2012-2751
SHA-256 | 5d1ed50858951c79497ef1650fc6a7b1c640f77f054e6d9d388ab3d95f9188eb
Linux x86 execve("/bin/sh") Shellcode
Posted Jul 25, 2012
Authored by Jean Pascal Pereira

28 bytes small Linux x86 execve("/bin/sh") shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | e76c6cfce6e63e2e04ebe2418e31f5cc54c5925f41db12525c88204ca0278b05
XMLCoreServices Vulnerability Analysis
Posted Jul 24, 2012
Authored by Minsu Kim

This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.

tags | paper
advisories | CVE-2012-1889
SHA-256 | 828b379ab4424701b75ce391f88d286539d3a8d455c851c98b434fdae395ec19
Red Hat Security Advisory 2012-1061-01
Posted Jul 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1061-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The fix for CVE-2011-1083 introduced a flaw in the way the Linux kernel's Event Poll subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-3375
SHA-256 | bd4450f5aaf091e6c0f8efa019a9db94ebd1426bb8355f7c4d43b175d6c66f51
Microsoft XML Core Services Uninitialized Memory
Posted Jul 5, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.

tags | paper, proof of concept
advisories | CVE-2012-1889
SHA-256 | 71478922d4d7dd398af9e4e90d1f859e3494d8ddf266086e502d50612e95667a
Debian Security Advisory 2499-1
Posted Jun 24, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2499-1 - Several vulnerabilities have been discovered in icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and a use-after-free issues (CVE-2012-1940).

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1937, CVE-2012-1939, CVE-2012-1940
SHA-256 | 3ef5c267fafc1828b6ed570af3e07c3e42a3518ffbf521822678933115a7ad97
Debian Security Advisory 2494-1
Posted Jun 14, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2494-1 - It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3951, CVE-2011-3952, CVE-2012-0851, CVE-2012-0852
SHA-256 | 4501feb8273e9684718b44e670322a6446313c332368d2d5a2059638c53e4d2a
Red Hat Security Advisory 2012-0715-01
Posted Jun 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0715-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | 9bf9246976f592bed20f872ed2417a507c1f7741236848f6ea9072b866a2f002
Red Hat Security Advisory 2012-0710-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0710-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | 35dacc3bc54c005099a85c967e17783210b5e078aaaf9b3bef596c8289747d29
Ubuntu Security Notice USN-1443-2
Posted Jun 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1443-2 - USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0949, CVE-2012-0950
SHA-256 | ca40d4ffaa1111eb7d818c773ab0a8c8febe32747e3c27eb46c7448579d6d480
Mandriva Linux Security Advisory 2012-085
Posted May 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-085 - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-0022
SHA-256 | 0a5b185b8377e3d89ecf4eb5c1da3f094b87f8234235cc6ae5d3e4464a8ded72
Mandriva Linux Security Advisory 2012-084
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-084 - ncpfs 2.2.6 and earlier attempts to use ncpmount to append to the /etc/mtab file and ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2011-1679, CVE-2011-1680
SHA-256 | fbbe98313708f44403759851b9e9a64ecf87770fa03e46e7a245e2ac52cf9e1e
Mandriva Linux Security Advisory 2012-083
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-083 - Multiple vulnerabilities have been discovered and corrected in util-linux. mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1675, CVE-2011-1677
SHA-256 | 9f2d5ece52fc0a4e6ef741dd56347d53587505feec92ac9c027216e42692a92e
Mandriva Linux Security Advisory 2012-076
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-076 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947, CVE-2011-3973, CVE-2011-3974, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579, CVE-2012-0853, CVE-2012-0858
SHA-256 | cbe20e763ddb60533e4aa2c0372e6d26d0fcf0e0faa767ddc8c8e5d69b7d5216
Mandriva Linux Security Advisory 2012-075
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-075 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
SHA-256 | a0a8eba7465a48df476d1df9722497c093dac6a589b1c042b115c0aad4fae55b
Mandriva Linux Security Advisory 2012-074
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-074 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
SHA-256 | 84d6c91018ca31f8f470c32ca860e11e8ebe2e0ced01c5cd91935701ad5dcc51
Linux/x86 execve(/bin/dash) Shellcode
Posted May 14, 2012
Authored by X-h4ck

42 bytes small Linux/x86 execve(/bin/dash) shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 1f064f3f4e529376eb4edee2ea45ed1176d1934a1c38873cb290b1e9fb04ef2a
Debian Security Advisory 2670-1
Posted May 11, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2670-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from release announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127, CVE-2011-3128, CVE-2011-3129, CVE-2011-3130, CVE-2011-4956, CVE-2011-4957, CVE-2012-2399, CVE-2012-2400, CVE-2012-2401, CVE-2012-2402, CVE-2012-2403, CVE-2012-2404
SHA-256 | 0653a473faa390234b73508340d08c8214f4c4547676ce3bc7b489056f6b8a4d
Mandriva Linux Security Advisory 2012-068-1
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php
systems | linux, mandriva
advisories | CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
SHA-256 | 5f07bbe61bf5a454e33f2bc2bed0f93359504f04f545248be27c70f9cec98327
Debian Security Advisory 2454-2
Posted Apr 25, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2454-2 - Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.

tags | advisory
systems | linux, redhat, debian
advisories | CVE-2012-2131
SHA-256 | 7e348a26b106449f52510f57388768abb0d395544cec547906f51111b437e856
Ubuntu Security Notice USN-1428-1
Posted Apr 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2131, CVE-2012-2131
SHA-256 | 2289dbca4426d93d31dbb6364a90c4dd7c450eed99d5564b22b994ee965977e4
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close