Base64 Decoder version 1.1.2 local buffer overflow exploit with SEH egghunter.
a69e29293ab28fa6557a6b8fbfc700e3WordPress Loco Translate plugin version 2.2.1 suffers from a local file inclusion vulnerability.
c78144a2b2993de8c8224ea551584eb6Microsoft Windows Win32k local privilege escalation proof of concept exploit.
54d60becfca69a9adfa1742ac481ac3eDebian Linux Security Advisory 4415-1 - An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.
5c9b4be934301f5e14af50369cc690e6X-NetStat Pro version 5.63 local buffer overflow exploit with egghunter.
1493390b4ce2c690ad54bb6153da9561Debian Linux Security Advisory 4413-1 - A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation.
87d1656a3dc5ceefc787a3b290b7ab3cUbuntu Security Notice 3914-1 - A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.
0d6118cd73ef057e584a045b065f72bcNetShareWatcher version 1.5.8.0 local SEH buffer overflow exploit.
acb6361619fcc1bf9696eea686578de6exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
98a9960106f1cef1cf55ce4666251455WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.
6aa97f12923552790249925f4a0695afWinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.
72f20c22098c1a53d29670207f4b4ca1Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.
4c9e16088685e925a3c78db741714aeeUbuntu Security Notice 3908-2 - USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. Various other issues were also addressed.
dbb305ea7db319ebed15a4e2411d5c52WordPress GraceMedia Media Player plugin version 1.0 suffers from a local file inclusion vulnerability.
2765ef9c53c4e2064b0c85f7709098c9Ubuntu Security Notice 3908-1 - Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.
03182f2331e6a955ceec56252c40c57cUbuntu Security Notice 3907-1 - It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file.
d596f7c7e083bed1bc94c58895bd3bf3NetSetMan version 4.7.1 SEH unicode local buffer overflow exploit.
e2fc48d68d8ed57b1e27b5f2bf27fbd3McAfee ePO version 5.9.1 suffers from a local access bypass vulnerability.
06679991243944a8d0fd21b96bafdee4Ubuntu Security Notice 3904-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU.
fd0ff441d79231dc2569fe809743e7e0Ubuntu Security Notice 3903-1 - Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.
1bae64cc96939b5670016270682ddee8Ubuntu Security Notice 3901-2 - USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.
b16c27e4df4131e0ce265e946b97e632Ubuntu Security Notice 3901-1 - Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
6ab9958194be37f509bff70f83a95612A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
61e40633787cc4e53f3c37f19e049211Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.
302db448f5da580da34910a16f859d5bUbuntu Security Notice 3894-1 - It was discovered that GNOME Keyring incorrectly cleared out credentials supplied to the PAM module. A local attacker could possibly use this issue to discover login credentials.
7c4f101099858977401af137cb677b7e
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed