CVE-2012-3494

The setdebugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service host crash by writing to the reserved bits of the DR7 debug control register...

Fedora 17 : openstack-glance-2012.1.2-2.fc17 (2012-18085)

Fix Glance Authentication bypass for image deletion - Update to stable/essex 2012.1.2 including... - Support zero-size image creation via the v1 API - Allow admins to share images regardless of owner - Log sensitive store info, rather than exposing over API - Fix the qpidheartbeat option to avoid...

HCView - WriteAV Crash (PoC)

HCView - WriteAV Crash PoC !/usr/bin/perl Hardcoreview WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira Vendor URI: http://sourceforge.net/projects/hardcoreview/ Vendor Description: Image browser. Designed and created for profesional and amature watching image files. All kind of image...

HCView WriteAV Crash Proof Of Concept

!/usr/bin/perl Hardcoreview WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira Vendor URI: http://sourceforge.net/projects/hardcoreview/ Vendor Description: Image browser. Designed and created for profesional and amature watching image files. All kind of image files ; . Support .jpg,...

HCView - WriteAV Crash (PoC)

!/usr/bin/perl Hardcoreview WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira Vendor URI: http://sourceforge.net/projects/hardcoreview/ Vendor Description: Image browser. Designed and created for profesional and amature watching image files. All kind of image files ; . Support .jpg,...

Debian DSA-2544-1 : xen - denial of service

Multiple denial of service vulnerabilities have been discovered in Xen, an hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-3494 : It was discovered that setdebugreg allows writes to reserved bits of the DR7 debug control register on amd6...

CVE-2012-2704

The CVE-2012-2704 issue concerns the Drupal Advertisement module (6.x-2.x) prior to 6.x-2.3 where debug information was not properly restricted, enabling remote attackers to obtain sensitive site configuration data defined by $conf in settings.php. This information disclosure is the primary impac...

Scientific Linux Security Update : kvm on SL5.4 x86_64

CVE-2009-3722 KVM: Check cpl before emulating debug register access CVE-2010-0419 kvm: emulator privilege escalation segment selector check A flaw was found in the way the x86 emulator loaded segment selectors used for memory segmentation and protection into segment registers. In some guest syste...

Pligg CMS 0.9 / 1.x Command Execution

!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...

rdp-enum-encryption NSE Script

Determines which Security layer and Encryption level is supported by the RDP service. It does so by cycling through all existing protocols and ciphers. When run in debug mode, the script also returns the protocols and ciphers that fail and any errors that were reported. The script was inspired by...

ptunnel 0.72 - Remote Denial of Service

ptunnel 0.72 - Remote Denial of Service !/usr/bin/env python =============================================================================== Exploit Title: ptunnel ' % sys.argv0 target remotehost = sys.argv1 ptunnel.h typedef struct uint32t magic, // magic number, used to identify ptunnel packets...

ptunnel 0.72 - Remote Denial of Service

!/usr/bin/env python =============================================================================== Exploit Title: ptunnel ' % sys.argv0 target remotehost = sys.argv1 ptunnel.h typedef struct uint32t magic, // magic number, used to identify ptunnel packets. dstip, // destination IP and port used...

RedHat Update for libvirt RHSA-2011:1197-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

openssh-server Forced Command Handling Information Disclosure Vulnerability

The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...

CVE-2012-2703

CVE-2012-2703 describes an XSS vulnerability in the Drupal Advertisement module (versions 6.x-2.x prior to 6.x-2.3). When debug mode is enabled, an attacker could inject arbitrary script/HTML via the $conf variable in settings.php. Affected product: Drupal contributed Advertisement module for 6.x...

PT-2012-1502 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.0 Description: The issue allows local users with root privileges to modify arbitrary kernel memory locations by writing to the /sys/kernel/debug/acpi/custom method file. This is due to an incomplete fix for a...

Fedora 16 : python3-3.2.3-2.fc16 (2012-9135) (BEAST)

Fixes debug build systemtap support. Rebase of python3 from 3.2.1 to 3.2.3 bringing in security fixes, along with many other bug fixes. The compiled .pyc and .pyo files are now properly compiled so python3 doesn't try to recompile them over and over on runtime anymore. Note that Tenable Network...

[SECURITY] Fedora 17 Update: android-tools-20120510gitd98c87c-1.fc17

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

FlexNet License Server Manager lmgrd Buffer Overflow

This module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of...

CVE-2012-2904

player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting XSS attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter...