Sun VirtualBox versions 3.0.6 and below local root exploit that takes advantage of a popen() meta char shell injection vulnerability.
e2ddedb66eb6b5695c18761f7fb3938a54e20b5be176b2e29ef59c221c7f1e0fDLL hijacking exploits for Audio Record Expert, Hanso CD Extractor, Hanso Converter, Hanso Tagger, M-Player, Sun VirtualBox, Sweet Midi Player and Ultimate DVD Player.
8f922db5a321d53fa559920e97ff03cb0542e764e661bbcaa14fd56c97863b7bApple Mac OS X versions 10.6.3 and below suffer from a chpass BSD insecure temp file creation in /etc vulnerability. A user can create a file with rw perms in /etc as owner and populate it with arbitrary data. This could be utilized to fill the disk or write configuration file information that could be combined with another flaw to elevate local privileges.
7612d1322811886943d0e1ba838ed0c5d2209c568bc240a49eeb336f0af2080cMandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
d1f0ae42f56c3585d6cea7fb2cee597d287eb71ad35bb226d41784daea2574b9Secunia Security Advisory - Gentoo has issued an update for VirtualBox. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to gain escalated privileges.
f48c51b0cb5fecabb25b866b0812caefa41dbdc316a246d7d85c3ebf725ff506Gentoo Linux Security Advisory 201001-4 - Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Versions less than 3.0.12 are affected.
3606c9f3bb210a3c7c931fc18ff5f61ea8e172627b138ac29e2bb607f42a5d39Secunia Security Advisory - A vulnerability has been reported in Sun VirtualBox, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
3cc15534d2d63a8e466b0fb804e2a64b8c2f7ed3ecf40cd6db72d76eed4dcc04Mac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.
280d49ab7dc2a6f1d65feb29ee1a9c5ba38aedb401fb0e81e12ef3860ea1d82fSecunia Security Advisory - A vulnerability has been reported in Sun VirtualBox, which can be exploited by malicious, local users to gain escalated privileges.
5cfadbd0474de1318ed798e4251a70bb78a74d70d4d1838f575d392542fba5cdSecunia Security Advisory - A vulnerability has been reported in Sun VirtualBox, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
a51dd1cb211426f5fc9e46bf18232da7b216bdb539397da511f5dad6bc0581fdProof of concept exploit to force a reboot on Sun's VirtualBox. Versions 2.2 through 3.0.2 r49928 for Linux are affected.
56c0a47ebdc729b9bca52b4f33749a055efb9927bc8e9be1f02fe9efaf2447f2Secunia Security Advisory - A vulnerability has been reported in Sun xVM VirtualBox, which can be exploited by malicious, local users to gain escalated privileges.
431905167884fdaa830419acadc88dcba27353a8663b08c6fce8b84650cde03fMandriva Linux Security Advisory 2009-011 - A vulnerability have been discovered and corrected in VirtualBox, affecting versions prior to 2.0.6, which allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-qateam-ipc/lock temporary file. The updated packages have been patched to prevent this.
d2d6936c188c338246b4bea6f20048c6dee6fee5ea3820c5693c61cd3d829268Secunia Security Advisory - A security issue has been reported in VirtualBox, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
f4f389628395208d8e7f5a8a28fcc2fefff0f4f35d3fd55629443a6af6c4d982Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Sun xVM VirtualBox, which can be exploited by malicious, local users to gain escalated privileges.
9f0e13e18ca435d2a8a4441cb37368f68d7530cd89bfea243e7dde6df054f826Core Security Technologies Advisory - The Sun xVM VirtualBox suffers from a privilege escalation vulnerability due to insufficient input validation in VboxDrv.sys. Proof of concept code included.
5b2b609eef7799da6366c7eee24f5704c537ed42e64f375f1f17a0cad4017929Citadel SMTP versions 7.10 and below remote overflow exploit.
17d73e7c5984975be22f519415b7f5914aaaa74629f78f76ee5f4586a019b28dGNU/Linux mbse-bbs versions 0.70.0 and below local root exploit that makes use of a stack overflow.
b9b6c8e90f30995598ab9252882b6e7bfe68361174d80d1b09bb34e24378764cExim versions 4.43-r2 and prior host_aton() local root exploit.
aebac98246454607fa35d16a81b2ca598ce612832413121e7c0d3f85eac98cf7Adabas D 13.01 (GNU/Linux & Win32) Multiple Vulns in WebApps including directory traversal and SQL injection.
693290f05e0b0840b9b91832cbcf89d077f7c7515d33a03cc02acc2ec5bf1135GNU/Linux adabas v1301 universal local root exploit. Standard stack overflow in the command line arguments of SUID root(default) clr_kernel & stop bins. The exploit calculates the value to use for return address.
ed833915fb367c22a24bae21eeb3b2964eb4dfac2a260b2bcaab81b34fb8697bCisco VPN Concentrator 3000 FTP remote exploit. A vulnerability exists in the Cisco VPN Concentrator 3000, an unauthenticated user may access the file system through manipulation of FTP service commands.
4a0105294cbe6f0ee0f0bf817086a0b2f875637c7acc2e15634b0a8695cb01d5AEP/Smartgate arbitrary file download exploit. A vulnerability exists in the smartgate SSL server (listens on port 443 by default) which may allow a malicious user to download arbitrary files with the privileges of the smartgate server.
458fcf07885e8ffe5f837843edcf30c3a17eb5e839951995e800bb8570220cd0HP-UX libc timezone environment overflow exploit. HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient bounds checking in the localtime_r() and related functions. Any suid or sgid program which uses the timezone functions can be used as an attack vector. This exploit uses "su" to obtain root privileges.
34d846e3e0a8d4700592a69b16c25ca882966c58bb1de3a7e74d3cb507960e1aGNU PeerCast versions less than or equal to v0.1216 Remote Exploit.
52782b7c57a34d83e13abde55ce91f90e5499e6f8617ad2fe720595a4239b49eNetBSD versions 2.1 and below ptrace() local root exploit.
e206abdb40eb38c1a16aff4226d7394d290524b17f83c8baa92a4a7a2137452e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed