exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

0401.txt
Posted May 7, 2004
Authored by Joel Eriksson | Site 0xbadc0ded.org

DeleGate versions 8.9.2 and below have a remotely exploitable buffer overflow vulnerability that exists in the SSLway filter.

tags | advisory, overflow
SHA-256 | af459a2b5ac1aeeb978fc864bdf2c67dc74606237fb7e1a493d1e9c3ea733a63

Related Files

Sitecore Experience Platform (XP) Remote Code Execution
Posted Nov 16, 2021
Authored by gwillcox-r7, AssetNote | Site metasploit.com

This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in Sitecore.Xdb.Client.dll under the Sitecore.sitecore.shell.ClientBin.Reporting.Report definition, having a ProcessRequest() handler that calls ProcessReport() with the context of the attacker's request without properly checking if the attacker is authenticated or not. This request then causes ReportDataSerializer.DeserializeQuery() to be called, which will end up calling the DeserializeParameters() function of Sitecore.Analytics.Reporting.ReportDataSerializer, if a "parameters" XML tag is found in the attacker's request. Then for each subelement named "parameter", the code will check that it has a name and if it does, it will call NetDataContractSerializer().ReadObject on it. NetDataContractSerializer is vulnerable to deserialization attacks and can be trivially exploited by using the TypeConfuseDelegate gadget chain. By exploiting this vulnerability, an attacker can gain arbitrary code execution as the user that IIS is running as, aka NT AUTHORITY\NETWORK SERVICE. Users can then use technique 4 of the "getsystem" command to use RPCSS impersonation and get SYSTEM level code execution.

tags | exploit, arbitrary, shell, code execution
advisories | CVE-2021-42237
SHA-256 | 37520d596ad5e8973bf7abf8600f04a5fcf14f78a72969dd7133167779137a26
Red Hat Security Advisory 2018-0315-01
Posted Feb 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0315-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. openstack-aodh has been rebased to the upstream 4.0.2-3 version. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12440
SHA-256 | 7039101b6915bf3c41b7aeb8cf08eac9bad2aef2238c96db165daf070b84f2fc
Red Hat Security Advisory 2017-3227-01
Posted Nov 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3227-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12440
SHA-256 | f243e1e08e1d116befbb2a5b0d7877606b49e91c887f446d992a6573a7c0afc9
Red Hat Security Advisory 2016-0726-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0726-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.

tags | advisory, remote, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718
SHA-256 | d8a4d48a224920151135854a97230c9e638aa805c9f55366f91c9cbf59079185
ImageMagick Delegate Arbitrary Command Execution
Posted May 6, 2016
Authored by wvu, Nikolay Ermishkin, hdm, stewie | Site metasploit.com

This Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.

tags | exploit, shell
systems | linux, unix, bsd, apple, osx
SHA-256 | b4c6b0e7acc235fa1688e82fff7eedb021357977c009bfb8d3faf0171a733bf1
DeleGate 9.9.13 Local Root
Posted Dec 30, 2015
Authored by Larry W. Cashdollar

Installation of DeleGate version 9.9.13 sets some binaries setuid root and at least one of these binaries can be used to escalate the privileges of a local user. The binary dgcpnod creates a node allowing a local unprivileged user to create files anywhere on disk. By creating a file in /etc/cron.hourly a local user can execute commands as root.

tags | exploit, local, root
advisories | CVE-2015-7556
SHA-256 | 7f7b948cf0c658577a60b54e041918a12f7d33a376ff4d93c8a8740f4fddad56
Ubuntu Security Notice USN-2458-2
Posted Jan 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2458-2 - USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, vulnerability, csrf
systems | linux, ubuntu
advisories | CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642
SHA-256 | 0e4576dca2a7548be8635513343f1ea1f367d17a4d8b974932e22faa60527fd1
ICIA2014 Call For Papers
Posted Sep 1, 2014
Site sdiwc.net

ICIA2014 will be held in Malaysia on October 8-10, 2014. The main objective of this conference is to provide a medium for professionals, engineers, academicians, scientists, and researchers from over the world to present the result of their research activities in the field of Computer Science, Engineering and Information Technology. ICIA2014 provides opportunities for the delegates to share the knowledge, ideas, innovations and problem solving techniques. Submitted papers will be reviewed by the technical program committee of the conference.

tags | paper, conference
SHA-256 | 6ac89c400e8c3a9e671ab7d3c13272f0dcbd66ccba1b48822a10ca88620043e8
Mandriva Linux Security Advisory 2013-075
Posted Apr 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-075 - Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-4545
SHA-256 | 251604e47df85aba6acfbb679183dc7020c10e60894c9a7c2be99263bbba5f1d
Remote System Over IRC (And For Fun And Profit)
Posted Jan 2, 2013
Authored by Khun | Site hexcodes.org

RSOI, or Remote System over IRC, is a whitepaper about a feature adopted by the MpTcp software. This tool executes this action in order to delegate partial use (or total) of resources of a system to a remote entity. In this document, the action of using RSOI is dependently associated with the use of MpTcp. Therefore, manipulating RSOI here means to use MpTcp directly to implement this action, and nothing more.

tags | paper, remote
SHA-256 | 1c7de768e087c16a1feb539e02b5a6f65eac779f4ea5ce1d061f33e2934fa78e
Debian Security Advisory 2592-1
Posted Dec 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2592-1 - Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.

tags | advisory
systems | linux, debian
advisories | CVE-2012-4545
SHA-256 | 149c360062a76e5cec29b9d5823b3e815bd95780d8d20666f866ebe907200af3
Secunia Security Advisory 44275
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two security issues and two vulnerabilities have been reported in WooThemes Bueno, City Guide, Coffee Break, Daily Edition, Delegate, Fresh News, Headlines, Inspire, Optimize, Over Easy, and The Station ExpressionEngine themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, xss
SHA-256 | 56adfd5fea63167983051b1869f7693780828dcbb7e2a6893b95bf628381f594
Drupal Themes XSS / Denial Of Service
Posted Apr 18, 2011
Authored by MustLive

Multiple Drupal themes suffer from cross site scripting and denial of service vulnerabilities. Affected themes include Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily Edition, Coffee Break, The Gazette Edition.

tags | advisory, denial of service, vulnerability, xss
SHA-256 | 165887f15d9354eaf9b8d1bb945cb0dc9da0684b19cf44be05684f5b05d60ae6
Debian Security Advisory 2208-2
Posted Mar 31, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2208-2 - The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains.

tags | advisory, root
systems | linux, debian
SHA-256 | f731e91d3be36cf5817c4082103d78fb8988f511662f8a796e0adbc0d8384d82
Secunia Security Advisory 34760
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sun Java System Delegated Administrator, which can be exploited by malicious people to conduct HTTP response splitting attacks.

tags | advisory, java, web
SHA-256 | 8d5e4d44cc989c01ce616f9aff073b053c6b6779fde75709ca10dd7ad192c747
Core Security Technologies Advisory 2009.0114
Posted Apr 22, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - An HTTP Response Splitting vulnerability has been discovered in Sun Java System Delegated Administrator.

tags | exploit, java, web
advisories | CVE-2009-1357
SHA-256 | a6aab540984940f53af0baf697d952a5e2bf448aeb5bfaca3f39f4ffbd1160dc
Secunia Security Advisory 27357
Posted Oct 23, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in DeleGate, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | fb3ded865277591bc1f1e05c30a919f00c5b2d23237ae815111090870d765ace
Secunia Security Advisory 19750
Posted Apr 27, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in DeleGate, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 3c6242e58ee2084c77656cdb38987940ad995770333e6a9f415874ab35f52194
Debian Linux Security Advisory 957-2
Posted Feb 2, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 957-2 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. This update filters out the '$' character as well, which was forgotton in the former update.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2005-4601
SHA-256 | 6d693b7e624f9f9aa08698c4f2a9e87113822bba8d9d984d08dccb8e8d268461
Mandriva Linux Security Advisory 2006.024
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
SHA-256 | 910d914cd815f14e7de2f37a55752c9068d22431d6de852fd6ef74967dfd98c5
Debian Linux Security Advisory 957-1
Posted Jan 27, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 957-1 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.

tags | advisory, shell
systems | linux, debian
SHA-256 | 2a5172ff5fdbf831edd4e378fc7dbeaf856412e4ea840c9dee36d8163f9273f6
Mandriva Linux Security Advisory 2005.172
Posted Oct 7, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. GSSAPI is only enabled in versions of openssh shipped in LE2005 and greater.

tags | advisory
systems | linux, mandriva
advisories | CVE-2005-2798
SHA-256 | 36ff3b7eb497ae29ca47eb6ebb8a464874b5bda235ffd3c5c284b54f5f5fd1f4
Secunia Security Advisory 14649
Posted Mar 22, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in DeleGate, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 933055bb5616be680a3ab083877b181ea703766cc158568eb22952fb77faa7ad
octopus.c
Posted Aug 26, 2002
Authored by Maniac

This little program opens as many sockets with a remote host as can be supported by both. It catches ^C and kill commands to shut down cleanly by closing all open connections before exiting. Often, a remote workstation can be brought to its knees by saturating its process table via multiple invocations of sendmail. That's why port 25 (the sendmail port) is the default. If the target's process table (set when the target kernel was created) is filled, users will be unable to execute any shell commands. Many MUDs also crash when the number of sockets they have open exceeds a certain number. This program will put stress on MUDs by testing their limits. If a limit is reached, the MUD will either crash or will refuse to let new users log in. * The program is incomplete, in that it doesn't check for socket timeouts and subsequently reuse timed out sockets. That means the program can only keep a remote host / mud locked up until it exhausts its own available new sockets, or until it has reached MAX_DESCRIPTORS remote connections as set by the #define statement. * If the local machine starts issuing error messages, then the program has failed to saturate the remote host and has instead reached the limits of the local machine. Use ^C or the kill command to terminate it. If you are knowledgable about rebuilding kernels and have access to the root account, you can build a special kernel that will allow you to reach a much larger number of open sockets.

tags | remote, denial of service, shell, kernel, local, root
SHA-256 | b17774a047da8f2dda8f5acbd018f5ca39bc608c82b3694b31d3ff473671c675
pspa-2.2.21-14.tar.gz
Posted Jun 4, 2002
Site original.killa.net

The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.

Changes: Updated for kernel v2.2.21.
tags | denial of service, kernel, root, patch
systems | linux, unix
SHA-256 | d61bf6e3dbf719b509f1f7f95548c9046c1ea67c123e9d83a01d182c414a25d0
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close