PinApp Mail-SeCure 3.70 - Access Control Failure

PinApp Mail-SeCure 3.70 - Access Control Failure Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PinApp Mail-SeCure Access Control Failure 1. Advisory Information Title: PinApp Mail-SeCure Access Control Failure Advisory ID: CORE-2013-0904 Advisory URL:...

PinApp Mail-SeCure Access Control Failure

Core Security Technologies Advisory - A security vulnerability was discovered in PineApp Mail-SeCure Suite, allowing a non-privileged attacker to get a root shell by sending a specially crafted command from the Mail-SeCure console. A valid user account is needed to launch the attack, so this is a...

IBM AIX 6.1/7.1 - Local Privilege Escalation

Exploit-DB Note: Screenshot provided by exploit author !/bin/sh Exploit Title: IBM AIX 6.1 / 7.1 local root privilege escalation Date: 2013-09-24 Exploit Author: Kristian Erik Hermansen Vendor Homepage: http://www.ibm.com Software Link: http://www-03.ibm.com/systems/power/software/aix/about.html...

WinAmp 5.63 (winamp.ini) Local Exploit

No description provided by source. Exploit Title: winampevilskin.py Date: 25 August 2013 Exploit Author: Ayman Sagy [email protected] Vendor Homepage: http://www.winamp.com/ Version: 5.63 Tested on: Windows XP Professional SP3 Version 2002 CVE : 2013-4694 Ayman Sagy [email protected] August...

CVE-2013-3956

CVE-2013-3956 affects the NICM.SYS kernel driver (version 3.1.11.0) used by Novell Client 4.91 SP5 on Windows XP/2003, Novell Client 2 SP2 on Vista/2008, and Novell Client 2 SP3 on Windows Server 2008 R2/Win7/Win8/Server 2012. The vulnerability permits local privilege escalation via a crafted IOC...

KLA10146 OSI vulnerability in EMC NetWorker

An unspecified vulnerability was found in EMC NetWorker. By exploiting this vulnerability malicious users can obtain configuration information. This vulnerability can be exploited locally. Original advisories - Related products EMC-NetWorker CVE list CVE-2013-0943 warning Solution Update to lates...

CVE-2013-0555: IBM Security Access Manager for Enterprise Single Sign-On information disclosure

ISAM ESSO Sync.exe in IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a local code-injection flaw that can be exploited by a local administrator to access confidential data. The issue requires administrative authentication, is exploitable only locally, and does not affe...

MGASA-2013-0215 Updated kernel-rt package fixes security issues.

This kernel-rt update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access t...

Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

Sprite Software Android Race Condition

Subject: Race condition in Sprite Software's backup software, installed by OEM on LG Android devices. CVE ID: CVE-2013-3685 Initial disclosure: https://plus.google.com/110348415484169880343/posts/Me2yea2PgwE Source: https://github.com/CunningLogic/LGPwn Effect: Locally exploited vulnerability wit...

CVE-2013-2147

CVE-2013-2147 affects the Linux kernel drivers for HP Smart Array/Compaq SMART2 (cpqarray/cciss). The root cause is uninitialized data structures in ida_locked_ioctl (via /dev/ida) and cciss_ioctl32_passthru (via /dev/cciss), allowing local attackers to read kernel memory how? through crafted IDA...

CORE-2013-0318 - TP-Link IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...

TP-Link IP Camera Hardcoded Credentials / Command Injection

TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities. TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...

PT-2013-3089 · Microsoft · Windows Xp +8

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2 and R2 SP1 Windows 7 version SP1 Windows 8 Windows Server 2012 Windows RT Description: The issue arises from the improp...

D-Link IP Cameras Injection / Bypass Vulnerabilities

Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities. D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID:...

UBUNTU-CVE-2013-3227

The caifseqpktrecvmsg function in net/caif/caifsocket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

MS-some common local mention of the right to exploit-vulnerability warning-the black bar safety net

Ms08-0 2 3 local vulnerability to mention the right to ! clipimage002 Add a user 4 5 6 View this user ! clipimage004 With this user login ! clipimage006 Provide the right to fail Using vulnerability to mention the right to ! clipimage008 ! Provide the right to succeed MS10-0 4 8 Use the...

KLA10103 LPE vulnerability in Cisco AnyConnect

A buffer overflow was found in Cisco AnyConnect. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally. Original advisories Cisco bulletin Related products Cisco-AnyConnect-VPN-Client CVE list CVE-2013-1173 high Solution Update to latest...

CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...

CVE-2013-2776

CVE-2013-2776 affects sudo versions 1.3.5–1.7.10p5 and 1.8.0–1.8.6p6, where, on systems without /proc or with tty_tickets enabled, sudo fails to properly validate the controlling terminal. This allows a local user with sudo permissions to hijack another user’s authorization by interacting with th...