Black Wolf Technologies

The SAP Web Application Server suffers from denial of service, remote file disclosure, and local privilege escalation vulnerabilities. Authored By Nicob

7 vulnerabilities have been found in Neon WebMail for Java. When exploited, these vulnerabilities allow executing of arbitrary JSP code, escalation of user’s privileges, manipulating of user’s emails and user account information, disclosure of files on the server, and potentially cause a DoS via large CPU resource utilization by the MySQL server.  Homepage: http://vuln.sg/neonmail506-en.html.

Multiple vulnerabilities exist in SAP Web AS version 6.40 below patch 136 and 7.00 below patch 66. These flaws allow for remote file disclosure, remote denial of service attacks, and local privilege escalation. Related exploit here. Authored By Nicob

Month of Apple Bugs - Proof of concept exploit for a local privilege escalation vulnerability on Mac OS X. Multiple binaries inside the /Applications directory tree are setuid root, but remain writable by users in the admin group (ex. first user by default in a non-server Mac OS X installation), allowing privilege escalation.  Homepage: http://projects.info-pull.com/moab/. Authored By LMH

Ahnlab V3 Antivirus suffers from multiple vulnerabilities including privilege escalation and security bypass.  Homepage: http://secunia.com/secunia_security_advisories/. Authored By Secunia Research

Local privilege escalation exploit for Kerio WebSTAR versions 5.4.2 and below which suffer from a local privilege escalation vulnerability due to an improper loading of a library. Related advisory here.  Homepage: http://www.digitalmunition.com/. Authored By Kevin Finisterre

Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability - The Cisco VPN Client for Windows is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges. A user needs to authenticate and start an interactive Windows session to be able to exploit this vulnerability.  Homepage: http://www.cisco.com.

The PHP application WebCalendar is susceptible to cross site scripting, http response splitting, code execution, path disclosure, and privilege escalation vulnerabilities. Authored By Joxean Koret

Bytehoard version 2.1 suffers from multiple privilege escalation vulnerabilities. Authored By Ernesto Alvarez

The Computer Associates “Host Intrusion Prevention System” engine drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges. Related exploit here.  Homepage: http://www.reversemode.com/. Authored By Rub

This entry was posted on Friday, January 18th, 2008 at 8:00 am and is filed under Arbitrary Code Execution, C, Cross Site Scripting (XSS), Denial of Service, Host Intrusion Detection Systems, Host Intrusion Prevention Systems, Malware, Network Intrusion Detection Systems, Network Intrusion Prevention Systems, PHP, Vulnerabilities, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.