<< Previous Next >>
privilege escalation
nsXMLDocument::OnChannelRedirect() could by bypassed.
CVE-2008-3836
"moz_bug_r_a4" discovered that several vulnerabilities in
feedWriter could lead to Chrome privilege escalation.
CVE-2008-3837
Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
nsXMLDocument::OnChannelRedirect() could by bypassed.
CVE-2008-3836
"moz_bug_r_a4" discovered that several vulnerabilities in
feedWriter could lead to Chrome privilege escalation.
CVE-2008-3837
Paul Nickerson discovered that an attacker could move windows
during a mouse click, resulting in unwanted action triggered by
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0004
Synopsis: VMware View privilege escalation and cross-site scripting
Issue date: 2012-03-15
Updated on: 2012-03-15 (initial advisory)
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511
-----------------------------------------------------------------------
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0007
Synopsis: VMware hosted products and ESXi/ESX patches address
privilege escalation
Issue date: 2012-04-12
Updated on: 2012-04-12 (initial advisory)
CVE numbers: CVE-2012-1518
-----------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Application Extension Platform Privilege
Escalation Vulnerability
Advisory ID: cisco-sa-20100609-axp
Revision 1.0
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02544568
Version: 1
HPSBGN02589 SSRT100296 rev.1 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-13
Last Updated: 2010-10-13
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02522633
Version: 1
HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory Server and Red Hat Directory Server for HP-UX, Local Disclosure of Information, Privilege Escalation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-09-22
Last Updated: 2010-09-22
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege
Escalation Vulnerability
Advisory ID: cisco-sa-20090325-scp
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
(WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and
Cisco Catalyst 3750 Integrated Wireless LAN Controllers. This security
advisory outlines details of the following vulnerabilities:
* Denial of Service Vulnerabilities (total of three)
* Privilege Escalation Vulnerability
These vulnerabilities are independent of each other.
Cisco has released free software updates that address these
vulnerabilities.
nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)
CVE-2008-4058
"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
CVE-2008-4059
"moz_bug_r_a4" discovered a vulnerability which can result in
Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
CVE-2008-3113 CVE-2008-3114 CVE-2008-3115
- ------------------------------------------------------------------------
1. Summary
VMware addresses a in-guest privilege escalation on 64-bit guest
operating systems in ESX, ESXi, and previously released versions of
our hosted product line. Updated VMware VirtualCenter Update 3
addresses potential information disclosure and updates Java JRE
packages.
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Sun xVM VirtualBox Privilege Escalation Vulnerability
*Advisory Information*
Title: Sun xVM VirtualBox Privilege Escalation Vulnerability
VMware Security Advisory
Advisory ID: VMSA-2008-0014
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Server, VMware ESX address
information disclosure, privilege escalation and
other security issues.
Issue date: 2008-08-29
Updated on: 2008-08-29 (initial release of advisory)
CVE numbers: CVE-2008-2101 CVE-2007-5269 CVE-2008-1447
CVE-2008-3691 CVE-2008-3692 CVE-2008-3693
to at least 2.5.5 and preferably the newest release available before
the end of extended support.
3. Problem description:
a. VMware Tools Local Privilege Escalation on Windows-based guest OS
The VMware Tools Package provides support required for shared folders
(HGFS) and other features.
An input validation error is present in the Windows-based VMware
following problems:
CVE-2007-5760
"regenrecht" discovered that missing input sanitising within
the XFree86-Misc extension may lead to local privilege escalation.
CVE-2007-5958
It was discovered that error messages of security policy file
handling may lead to a minor information leak disclosing the
Contact info: ealvarez at activesec biz
Developer response: None. No response to mail, forum inactive and
bugtracker operating intermitently.
Privilege escalation in bytehoard 2.1
Background
Bytehoard is a web application written in PHP that serves as a file
storage and sharing system.
- Cross-Site-Scripting (XSS)
- Cross-Site-Request-Forgery (XSRF)
- Session fixation
- Session impersonation
- Remote buffer overflow
- Privilege escalation in two applications
- Missing authentication in configuration panel
- Admin password is delivered in plaintext inside the server response
- Cookies are set for root path, not application path
- Crawler endless loop
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0006
Synopsis: VMware vmrun utility local privilege escalation
Issue date: 2011-03-29
Updated on: 2011-03-29 (initial release of advisory)
CVE numbers: CVE-2011-1126
- ------------------------------------------------------------------------
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03281867
Version: 1
HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-16
Last Updated: 2012-04-16
25 March 2011
Gavin Jones of NGS Secure has discovered a High risk vulnerability in the Cisco VPN client (Windows 64 bit).
Impact: Privilege Escalation
Cisco has released a patch that addresses the issue. The announcement of this patch can be found here:
http://www.cisco.com/en/US/products/products_security_advisory09186a00808a0554.shtml
Application: Rising Firewall 2009
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
Author: Francis Provencher (Protek Research Lab's)
24 January 2012
Stuart Passe of NGS Secure has discovered a Critical vulnerability in DataArmor and DriveArmor.
Impact: Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
Versions affected:
DataArmor 3.0.10 or greater
DriveArmor 3.0.0 or greater
Privilege Escalation attack
POC:
::Save the following as a batch file and execute it.
:here
taskkill /im smcgui.exe /f
goto :here
Now since the smcgui.exe is running in the user account, It will not be
Check Point Zone Labs VSDATANT Multiple IOCTL Privilege Escalation
Vulnerabilities
iDefense Security Advisory 08.20.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 20, 2007
I. BACKGROUND
Zone Alarm products provide security solutions such as anti-virus,
wicd Privilege Escalation 0Day
Tested against Backtrack 5, 5 R2, Arch distributions
Spawns a root shell. Has not been tested for potential remote exploitation
vectors.
Discovered by a student that wishes to remain anonymous in the course CTF.
This 0day exploit for Backtrack 5 R2 was discovered by a student in the
InfoSec Institute Ethical Hacking class, during an evening CTF exercise. The
student wishes to remain anonymous, he has contributed a python version of
National Australia Bank's Security Assurance Team.
The vendor was advised of this vulnerability prior to its public release. National Australia Bank adheres to the “Guidelines for Security Vulnerability Reporting and Response V2.0” document when issuing security advisories.
Class:
Information Disclosure
Privilege Escalation
Remote:
Yes
Local:
And now for some truth / enlightenment:
http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/
http://www.backtrack-linux.org/forums/showthread.php?t=49411
http://www.secmaniac.com/blog/
On Wed, 11 Apr 2012 09:49:48 -0500, "Adam Behnke"
<adam@infosecinstitute.com> wrote:
> wicd Privilege Escalation 0Day
> Tested against Backtrack 5, 5 R2, Arch distributions
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: sudo: Privilege Escalation
Date: September 07, 2010
Bugs: #322517, #335381
ID: 201009-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
======================================================================
2) Severity
Rating: Less critical
Impact: Denial of Service
Privilege Escalation
Where: Local system
======================================================================
3) Vendor's Description of Software
Paper: Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions
Abstract:
Enterprise Anti-Spam and Anti-Virus solutions are widely used to protect corporate e-mail servers against various external threats including spamming, viruses, spyware, and phishing attacks. Usually claiming a high rate of malicious message filtering (between 95-99%), it is hard to argue that its main purpose is realized. However, no comprehensive benchmarking on how such security solutions stand against internal attacks is currently available. Relying on various commercial and open-source technologies (Microsoft .NET, MySQL, PHP, Linux, Apache HTTP server, etc.), the majority of Anti-Spam and Anti-Virus enterprise solutions employ Web-based applications to allow remote configuration, administration and management of spam-quarantined e-mails. While Web-based applications are often found to be vulnerable to a wide variety of security vulnerabilities (including SQL Injection, Cross-Site Scripting, Denial of Service, Privilege Escalation, etc.), such enterprise security solution
s make unfortunately no exception.
This paper highlights the need of vendor-certified security testing for Anti-Spam and Anti-
Virus enterprise solutions, in order to protect it against internal attacks. In a structured effort to benchmark and potentially improve various enterprise security products, the author’s recent research done in collaboration with Data Communication Security Laboratory from University of Limerick, (Ireland) is presented. Various security vulnerabilities identified in high-profile enterprise Anti-Spam and Anti-Virus products commercialized by vendors such as Marshal8e6 [1], Barracuda Networks [2], and Symantec [3] are discussed, while the implications of vulnerabilities exploitation and the risks for the enterprise are analyzed.
<<Previous Next>>
|
