USN-1204-1: Linux kernel (i.MX51) vulnerabilities

Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. CVE-2010-3859 Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local...

kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the 1 arguments and 2 environment, which allows local users to cause a denial of service memory consumption via a crafted exec system call, aka an "OOM dodging issue," a...

NetCat CMS - Multiple Vulnerabilities

Exploit Title: NetCat CMS Code exec, SQL-injection Google Dork: none Date: 28.11.2010 Author: brainpillow Software Link: http://netcat.ru/ Version: UNKNOWN On different versions of this software next vulnerabilities are availible: =======================================================...

Slaed CMS Code Exec Vulnerability

Exploit for php platform in category web applications Exploit Title: Slaed CMS Code exec Google Dork: "Powered by SLAED CMS" Date: 03.05.2011 Author: brainpillow Software Link: http://slaed.net/ Version: OpenSlaed 1.2 free, Slaed CMS = 4. On different versions of this software next vulnerabilitie...

Symantec Veritas Backup Exec code execution

It's possible to execute privileged command remotely...

World Of Warcraft - chat-cache.txt Local Stack Overflow Denial of Service

World Of Warcraft - chat-cache.txt Local Stack Overflow Denial of Service !/usr/bin/perl Exploit Title: World Of Warcraft Local Stack Overflow Dos Exploit chat-cache.txt Date: 04/09/2011 Author: BSOD Digital Fabien DROMAS Other details:"Code Exec" Exploit in analysis. Tests: OS: Windows 7 Version...

EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service ftAgent.exe. The Agent Service listens on TCP port 8045 for communications...

Ubuntu Update for linux-lts-backport-maverick USN-1187-1

Ubuntu Update for Linux kernel vulnerabilities USN-1187-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11871.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux-lts-backport-maverick USN-1187-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

USN-1187-1: Linux kernel (Maverick backport) vulnerabilities

It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2010-3698 Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could...

Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1187-1)

It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2010-3698 Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could...

ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability

ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-246 July 29, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase Adaptive Server --...

SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)

This update of libwebkit fixes : - XSLT file creation allowed webpages evaluating XSLT code to create files. CVE-2011-1774 - ZDI-11-139 Webkit Anonymous Frame remote code exec %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

[Заметка] SSI Web shell

1. Введение В данной заметке я рассмотрю примеры использования SSI, для обхода ограничений php в частности. 2. Теория SSI Server Side Includes — включения на стороне сервера — несложный язык для динамической «сборки» веб-страниц на сервере из отдельных составных частей и выдачи клиенту...

Symantec Backup Exec 12.5 MiTM Attack

No description provided by source. Exploit Title: Symantec Backup Exec MiTM Attack Date: 27/05/2011 Author: Nibin Software Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec Version: - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5 - Symantec...

Symantec Backup Exec 12.5 - Man In The Middle

Exploit Title: Symantec Backup Exec MiTM Attack Date: 27/05/2011 Author: Nibin Software Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec Version: - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5 - Symantec Backup Exec 2010 versions 13.0 and 13...

Symantec Backup Exec 12.5 - Man In The Middle

Symantec Backup Exec 12.5 - Man In The Middle Exploit Title: Symantec Backup Exec MiTM Attack Date: 27/05/2011 Author: Nibin Software Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec Version: - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5 -...

USN-1164-1 : linux-fsl-imx51 vulnerabilities

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. CVE-2010-3865 Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly...

USN-1164-1: Linux kernel vulnerabilities (i.MX51)

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. CVE-2010-3865 Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly...

USN-1162-1: Linux kernel vulnerabilities (Marvell Dove)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. CVE-2010-4243 Alexander Duyck discovered that the Intel Gigabit Ethernet driver...

kernel: thp: prevent hugepages during args/env copying into the user stack

mm/hugememory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page THP during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service memory consumption or possibly have unspecified other impact via ...