Oracle Linux 6 : kernel (ELSA-2011-0283)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0283 advisory. - net tcp: Increase TCPMAXSEG socket option minimum to TCPMINMSS Frantisek Hrbata 652510 652511 CVE-2010-4165 - perf perfevents: Fix perfcountermmap ho...

HP System Management Homepage JustGetSNMPQueue Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "HP System...

HP System Management Homepage JustGetSNMPQueue Command Injection

This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue found in ginkgosnmp.inc, which will be used in a exec function. This results in...

HP System Management Homepage contains a command injection vulnerability

Overview HP System Management Homepage contains a command injection vulnerability CWE-77 that may result in arbitrary command execution and privilege escalation. Description Markus Wulftange from Daimler TSS reports: The vulnerability is located in the ginkgosnmp.inc PHP file in the...

Kernel: sa_restorer information leak

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

Veritas Backup Exec Remote Agent Detection (NDMP)

Network Data Management Protocol NDMP based detection of the Veritas Backup Exec Agent. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Kernel: drm/i915: heap writing overflow

Integer overflow in drivers/gpu/drm/i915/i915gemexecbuffer.c in the i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service heap-based buffer...

Linux/x86 CMD[wget,mv,gcc,chmod] Download and exec() - sc_224 bytes

Linux/x86 , Run Multiple Commands wget,mv,gcc,chmod for Download a .c file and exec it !. ref : http://packetstorm.foofus.com/shellcode/dxk.c / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /...

DEBIAN-CVE-2013-0914

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

UBUNTU-CVE-2013-0914

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execu...

Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execu...

Windows7 Sub_Xor MessageBox Exec Shellcode - 265 Bytes

Windows7 SubXor MessageBox Exec Shellcode 265 Bytes + Msg.&.Title / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS,...

CosCms 1.721 - OS Command Injection Vulnerability

Exploit for php platform in category web applications Product: CosCms Vendor: http://www.coscms.org Vulnerable Versions: 1.721 and probably prior Tested Version: 1.721 Vendor Notification: February 13, 2013 Vendor Patch: February 13, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: OS...

Unbreakable Enterprise kernel security and bug fix update

2.6.39-400.17.1 - This is a fix on dlmcleanmasterlist Xiaowei.Hu - RDS: fix rds-ping spinlock recursion jeff.liu Orabug: 16223050 - vhost: fix length for cross region descriptor Michael S. Tsirkin Orabug: 16387183 CVE-2013-0311 - kabifix: block/scsi: Allow request and error handling timeouts to b...

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

kernel security and bug fix update

2.6.32-279.22.1 - virt kvm: invalid opcode oops on SETSREGS with OSXSAVE bit set Petr Matousek 862903 862904 CVE-2012-4461 - fs fuse: optimize fusedirectio Brian Foster 865305 858850 - fs fuse: optimize fusegetuserpages Brian Foster 865305 858850 - fs fuse: use getuserpagesfast Brian Foster 86530...

Nagios 3 history.cgi Command Injection

Added: 01/28/2013 CVE: CVE-2012-6096 BID: 56879 OSVDB: 88322 Background Nagios is a network host and service monitoring and management system. Problem The Nagios history.cgi script is vulnerable to a stack overflow when parsing the host parameter. This may allow an attacker to execute arbitrary...

RHEL 5 : flash-plugin (RHSA-2012:1203)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2012:1203 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several...