CVE-2013-6171

CVE-2013-6171 affects Dovecot up to version 2.2.6 (before 2.2.7). The vulnerability arises in the checkpassword-reply path, which performs setuid operations to a user who is authenticating. This can allow a local attacker to bypass authentication and access virtual email accounts by attaching to ...

PT-2022-2030

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was found in the Linux kernel in the netfilter subsystem, specifically in the linux/net/netfilter/nf tables api.c file. This issue allows a local user to cause an out-of-bounds...

XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow

+--------------------------------------------------------------------+ | XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow | +--------------------------------------------------------------------+ Vulnerable versions: - linux kernel 2.6.18 = Testbed: ubuntu Type: Local Impact: Mediu...

CVE-2013-4370

The ocaml binding for the xcvcpugetaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service heap corruption and crash and possibly execute arbitrary code via unspecified vectors that trigger a 1...

DEBIAN-CVE-2013-4256

Multiple stack-based and heap-based buffer overflows in Network Audio System NAS 1.9.3 allow local users to cause a denial of service crash or possibly execute arbitrary code via the 1 display command argument to the ProcessCommandLine function in server/os/utils.c; 2 ResetHosts function in...

PinApp Mail-SeCure 3.70 - Access Control Failure

PinApp Mail-SeCure 3.70 - Access Control Failure Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PinApp Mail-SeCure Access Control Failure 1. Advisory Information Title: PinApp Mail-SeCure Access Control Failure Advisory ID: CORE-2013-0904 Advisory URL:...

PinApp Mail-SeCure Access Control Failure

Core Security Technologies Advisory - A security vulnerability was discovered in PineApp Mail-SeCure Suite, allowing a non-privileged attacker to get a root shell by sending a specially crafted command from the Mail-SeCure console. A valid user account is needed to launch the attack, so this is a...

IBM AIX 6.1/7.1 - Local Privilege Escalation

Exploit-DB Note: Screenshot provided by exploit author !/bin/sh Exploit Title: IBM AIX 6.1 / 7.1 local root privilege escalation Date: 2013-09-24 Exploit Author: Kristian Erik Hermansen Vendor Homepage: http://www.ibm.com Software Link: http://www-03.ibm.com/systems/power/software/aix/about.html...

WinAmp 5.63 (winamp.ini) Local Exploit

No description provided by source. Exploit Title: winampevilskin.py Date: 25 August 2013 Exploit Author: Ayman Sagy [email protected] Vendor Homepage: http://www.winamp.com/ Version: 5.63 Tested on: Windows XP Professional SP3 Version 2002 CVE : 2013-4694 Ayman Sagy [email protected] August...

CVE-2013-3956

CVE-2013-3956 affects the NICM.SYS kernel driver (version 3.1.11.0) used by Novell Client 4.91 SP5 on Windows XP/2003, Novell Client 2 SP2 on Vista/2008, and Novell Client 2 SP3 on Windows Server 2008 R2/Win7/Win8/Server 2012. The vulnerability permits local privilege escalation via a crafted IOC...

KLA10146 OSI vulnerability in EMC NetWorker

An unspecified vulnerability was found in EMC NetWorker. By exploiting this vulnerability malicious users can obtain configuration information. This vulnerability can be exploited locally. Original advisories - Related products EMC-NetWorker CVE list CVE-2013-0943 warning Solution Update to lates...

CVE-2013-0555: IBM Security Access Manager for Enterprise Single Sign-On information disclosure

ISAM ESSO Sync.exe in IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a local code-injection flaw that can be exploited by a local administrator to access confidential data. The issue requires administrative authentication, is exploitable only locally, and does not affe...

MGASA-2013-0215 Updated kernel-rt package fixes security issues.

This kernel-rt update provides the extended stable 3.8.13.4 kernel and fixes the follwing security issues: The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access t...

Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

Sprite Software Android Race Condition

Subject: Race condition in Sprite Software's backup software, installed by OEM on LG Android devices. CVE ID: CVE-2013-3685 Initial disclosure: https://plus.google.com/110348415484169880343/posts/Me2yea2PgwE Source: https://github.com/CunningLogic/LGPwn Effect: Locally exploited vulnerability wit...

CVE-2013-2147

CVE-2013-2147 affects the Linux kernel drivers for HP Smart Array/Compaq SMART2 (cpqarray/cciss). The root cause is uninitialized data structures in ida_locked_ioctl (via /dev/ida) and cciss_ioctl32_passthru (via /dev/cciss), allowing local attackers to read kernel memory how? through crafted IDA...

CORE-2013-0318 - TP-Link IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...

TP-Link IP Camera Hardcoded Credentials / Command Injection

TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities. TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...

PT-2013-3089 · Microsoft · Windows Xp +8

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2 and R2 SP1 Windows 7 version SP1 Windows 8 Windows Server 2012 Windows RT Description: The issue arises from the improp...

D-Link IP Cameras Injection / Bypass Vulnerabilities

Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities. D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID:...