exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2013-11-14

VMware Security Advisory 2013-0013
Posted Nov 14, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0013 - VMware has updated VMware Workstation and VMware Player to address a vulnerability that could result in an escalation of privilege on Linux-based host machines.

tags | advisory
systems | linux
advisories | CVE-2013-5972
SHA-256 | 3bc47daa98136732b874042b14387b0cf0891a83da155e6373c023b5444f3117
Windows SYSTEM Escalation Via KiTrap0D
Posted Nov 14, 2013
Authored by H D Moore, Pusscat, Tavis Ormandy, OJ Reeves | Site metasploit.com

This Metasploit module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll and is not supported on x64 editions of Windows.

tags | exploit, x86
systems | windows
advisories | CVE-2010-0232, OSVDB-61854
SHA-256 | b61f14f2873aa1c647ab01600db74d813ae4c68913ed531266fd588ac8aff25a
Red Hat Security Advisory 2013-1523-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1523-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2013-4287
SHA-256 | 87f29239c7e2f52b6486a676d86548aacadbd440f6c8196abcfa2d987d9e6ad9
Dahua DVR Authentication Bypass
Posted Nov 14, 2013
Authored by Jake Reynolds

Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Included in this archive is the advisory and a metasploit module proof of concept exploit.

tags | exploit, web, proof of concept, bypass
systems | linux
advisories | CVE-2013-6117
SHA-256 | 96d9b275b8fb781ce81072271e7c916990a3b1533948680e2de9477c048e9956
Red Hat Security Advisory 2013-1522-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1522-01 - The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ It was found that Foreman did not correctly sanitize values of the "fqdn" and "hostgroup" parameters, allowing an attacker to provide a specially crafted value for these parameters and perform an SQL injection attack.

tags | advisory, web, sql injection
systems | linux, redhat
advisories | CVE-2013-4386
SHA-256 | 882fbca6772b0916e0958e824ed243b5219a9837225a71e9a0e65782c286fb07
Android 4.3 Superuser Root Privilege Escalation
Posted Nov 14, 2013
Authored by Kevin Cernekee

The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root.

tags | exploit, root
advisories | CVE-2013-6770
SHA-256 | 720557d982f3ef8aaa06d07b9d53d8da0492b2a5ee7ee8cdb30161f8cc7b9f96
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
Posted Nov 14, 2013
Authored by Pedro Andujar

Checkpoint Endpoint Security Media Encryption Explorer version 4.97.2 (Endpoint Security R73) contains two issues which can help to bypass the failed password attempts limit established in the password policy.

tags | advisory, bypass
advisories | CVE-2013-5635, CVE-2013-5636
SHA-256 | d45ede8228777b255c99202f1374063461f34fa72e724348fe261b37ed4a87e9
Red Hat Security Advisory 2013-1521-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1521-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was discovered that the django.utils.http.is_safe_url() function considered any URL that used a scheme other than HTTP or HTTPS as safe. An attacker could potentially use this flaw to perform cross-site scripting attacks. A directory traversal flaw was found in Django's "ssi" template tag, which takes a file path as input and outputs that file's contents. An attacker able to alter templates that made use of the "ssi" tag on a site could use this flaw to access any local files accessible to Django.

tags | advisory, web, local, xss, python
systems | linux, redhat
advisories | CVE-2013-4315, CVE-2013-6044
SHA-256 | 7944b271df0a414473dfe8d8e114b4c4bbe4b1fc6747d98e0d3bd3fc081b215b
Red Hat Security Advisory 2013-1520-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1520-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces; this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-4162, CVE-2013-4299
SHA-256 | 7008a13256f2ff111c9742864c6951d05dc88eb72924ebacdbb0c1381a4ed58a
Watermark Master 2.2.23 Buffer Overflow
Posted Nov 14, 2013
Authored by Mike Czumak

Watermark Master version 2.2.23 .wstyle buffer overflow exploit that uses SEH.

tags | exploit, overflow
SHA-256 | 3f8b35ba44bb69476776635c9e60bb68ff49e8d457b8e2b19675529dc10243b4
Android 4.2.x Superuser Shell Character Escape
Posted Nov 14, 2013
Authored by Kevin Cernekee

Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root. These issues are due to a shell character escape vulnerability.

tags | exploit, arbitrary, shell, root
advisories | CVE-2013-6769
SHA-256 | f6134df3ff0263a6cd72271f82d052f4901243c942b8062a434fa2292a742fab
Android 4.2.x Superuser Unsanitized Environment
Posted Nov 14, 2013
Authored by Kevin Cernekee

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. This advisoriy documents PATH and BOOTCLASSPATH vulnerabilities.

tags | exploit, arbitrary, root
advisories | CVE-2013-6768, CVE-2013-6774
SHA-256 | 12b763de306db7a0f6da5ae622fa69aa12764251a01b3dfaf8577292ab988109
Debian Security Advisory 2797-1
Posted Nov 14, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2797-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, and other implementation errors may lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
SHA-256 | 029e07b0bb2ef86a6578517759da390da13badd9b547fa9b121c3f711992923c
Debian Security Advisory 2796-1
Posted Nov 14, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2796-1 - Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4495
SHA-256 | 8c1ab3f9d4ec34b474a39b54a38613b2324aa25e984e9b49b4c99b5a3a39637f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close