Ubuntu Security Notice 2071-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed.
950fdbf93ba8d5dce731ad4c9360b63e9799c57bc03fbb36980e0d38e0dd642fThis is a brief whitepaper that discusses shell access on both Windows and Unix systems and how to obtain better control versus arbitrary command execution.
cb59a18f0938580f2565d5dbb95ef2e78886586329dfef334a80e2e3a2b58d8eTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
a479bebabcb81c4a08a25f41c88688055bbb800ecfa93e25dd809ad1ff58debdComplete comprehensive archive of all 1,926 exploits added to Packet Storm in 2013.
46861406c453071d085d144e6c1bfd6c680e804b02e4da7f3f60921d8c973653This archive contains all of the 168 exploits added to Packet Storm in December, 2013.
d4b9459dd028290897fa390b58a99fcf657ef3793cf5219a9528b697985dbd84This Metasploit module exploits a stack-based buffer overflow vulnerability in version 2.1 of IcoFX. The vulnerability exists while parsing .ICO files, where an specially crafted ICONDIR header, providing an arbitrary long number of images into the file, can be used to trigger the overflow when reading the ICONDIRENTRY structures.
8cd7f9efd93b9d23aadcbf265eaa6316d2fbab2ce2af6ffed7b083782a1ac162This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1.
8c139782a403921bdba77c8856a91b24673a1e9c2f049de54c66647ee1019e52Ubuntu Security Notice 2076-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed.
369bc7b03370175686092bea9ca0944a541a683c642bcbd0256037a01cc4adc9Ubuntu Security Notice 2072-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed.
e0e631b5cb68d5150fb0ee9e34d5bcfe2ad457487aef49713af73f9701a73dd0Ubuntu Security Notice 2074-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed.
d76486ba03df467cd3168f55ae5a17113f646535fa022b96f7a762b753cd857cACE Stream Media version 2.1 acestream:// format string exploit proof of concept exploit.
cf629280b334eb372c8fc1c941bad2d4c6b6fc05578d1ad8d98a35b5690bbc87eduTrac version 1.1.1-Stable suffers from a path traversal vulnerability.
bbcbaefdf98a4264b09bcb1efd2aa0a1ddc9ac5a1377f6110a0313dee9cdb58cCubic CMS suffers from local file inclusion, path disclosure, and remote SQL injection vulnerabilities.
fad0b2849fc2664a2d60a42389ae4cd27f62f22d247cfafdc36cbf89fa7d4bb3haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
73c3d9543cf9274e777064bd179f1ff563987ca103f8ab6d7035c94c8a0db192HP Security Bulletin HPSBMU02895 SSRT101253 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 1 of this advisory.
e315c302e7f2d97dc3f700e7494b20a8fc24b2495f959b4ddd2cba9eead7a28bDebian Linux Security Advisory 2833-1 - was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.
56f45ba1a08e9fe54a9e11c085f0d99ae3cf6d0d984ba08ef5105d675e05005aDebian Linux Security Advisory 2832-1 - Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system.
98a5876a2d1f333b54eaa35f7926c9fa30ea9a6e1633066ea113d3cb3e31e58cDebian Linux Security Advisory 2831-1 - An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.
cc605532f830c812a5aff1d6beae3ba37898c615328416961595daa0b9e22ddcUbuntu Security Notice 2075-1 - Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Various other issues were also addressed.
36e9f98726ff3916e206a9b84d5b8c8816cb7f08e016c1754ed8f67fe870c45dUbuntu Security Notice 2073-1 - Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.
16859392296a8e49c730dd0be2040d64bc697c90cd6f5ed3e029c79b42dca9afUbuntu Security Notice 2070-1 - Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Various other issues were also addressed.
1f5a40a0caee47f048366ec9a46fede7e05d0e0f8905e9ccb5b8744e93164d0eUbuntu Security Notice 2069-1 - Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.
ff28440a1056bceaebba0542f35684ebacb0eb83dda2f047d34bdc6807345b25Ubuntu Security Notice 2064-1 - Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. A flaw was discovered in the Linux kernel's IP Virtual Server (IP_VS) support. A local user with the CAP_NET_ADMIN capability could exploit this flaw to gain additional administrative privileges. Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.
9c3e9f2c814827e600fc7be7c08689fe9beec31c0d63eab9f40e273c13117877Ubuntu Security Notice 2067-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.
f026924acc26aeec8f7f134fa6517d8629dc2787dfd6d43f822b523543fcffd0Ubuntu Security Notice 2068-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed.
9ba88c4d05009af5298da1c5101367fe60b0c5b5f04995fcb17c489b9983a02e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed