kernel: s390: ptrace: insufficient sanitization when setting psw mask

It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word PSW was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read...

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)

MozillaFirefox was updated to version 31 to fix various security issues and bugs : - MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards - MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback - MFSA 2014-58/CVE-2014-1550 bmo1020411...

SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based...

OSX/Intel - setuid shell x86_64 - 51 bytes

No description provided by source. / Title: OSX/Intel - setuid shell x8664 - 51 bytes Date: 2010-11-25 Tested on: Mac OS X 10.6.5 - Darwin Kernel Version 10.5.0 Author: Dustin Schultz - twitter: @thexploit http://thexploit.com BITS 64 section .text global start start: a: mov r8b, 0x02 ; Unix clas...

VLC 2.1.3 - (.avs file) Crash PoC

No description provided by source. Exploit Title: VLC 2.1.3 WriteAV Vulnerability, Decoders Date: 2014/02/20 Exploit Author: kw4 Software Link: http://www.videolan.org/vlc/index.html Version: 2.1.3 Impact Med/High Tested on: Windows 7 64 bits Memory corruption when VLC tries to load crafted .avs...

FL Studio 10 Producer Edition - SEH Based Buffer Overflow PoC

No description provided by source. Title : FL Studio 10 Producer Edition - SEH Based Buffer Overflow PoC Author : Dark-Puzzle Souhail Hammou Type : PoC Risk : High Vendor : Image Line: http://www.image-line.com/downloads/flstudiodownload.html Versions : 10 Producer Edition Other Versions May be...

DEBIAN-CVE-2013-7040

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service CPU consumptio...

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)

At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser CA/B Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations ma...

CVE-2014-2097

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

Out-of-bounds

The takdecodeframe function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted TAK aka Tom's lossless...

VideoLAN VLC Media Player 2.1.3 - '.avs' Crash (PoC)

Exploit Title: VLC 2.1.3 WriteAV Vulnerability, Decoders Date: 2014/02/20 Exploit Author: kw4 Software Link: http://www.videolan.org/vlc/index.html Version: 2.1.3 Impact Med/High Tested on: Windows 7 64 bits Memory corruption when VLC tries to load crafted .avs files. 2b10.2750: Access violation ...

postgresql, postgresql84 security update

CentOS Errata and Security Advisory CESA-2013:1475 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability...

DEBIAN-CVE-2013-4351

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...

CVE-2011-2901

Off-by-one error in the addrok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service host crash via unspecified hypercalls that ignore virtual-address bits...

Agnitum Outpost Internet Security Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Oracle Endeca Server Remote Command Execution Vulnerability

This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On...

Oracle Endeca Server Remote Command Execution

This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. In addition, t...

VulnCheck KEV: CVE-2013-2094

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...

MS KB2820197: Update Rollup for ActiveX Kill Bits

The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities. If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues. Note that the affect...

SAP SOAP RFC - SXPG_CALL_SYSTEM Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...