Nomachine NX Server privilege escalation

shell code execution via environment variables manipulation for suid application...

PHP-Barcode 0.3pl1 Remote Code Execution

Exploit for php platform in category web applications PHP-Barcode 0.3pl1 Remote Code Execution The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...

OS X Gather Mac OS X System Information Enumeration

This module gathers basic system information from Mac OS X Tiger 10.4, through Mojave 10.14. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OS X Gather Mac OS X System Information Enumeration'...

[SECURITY] Fedora 14 Update: pam_ssh-1.97-7.fc14

This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...

[SECURITY] Fedora 13 Update: pam_ssh-1.97-7.fc13

This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...

[SECURITY] Fedora 15 Update: pam_ssh-1.97-7.fc15

This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

RedHat Update for glibc RHSA-2011:0412-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

DEBIAN-CVE-2009-5057

The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...

Medium severity flaw in QNX Neutrino RTOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110310 Date: 10th March 2011 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...

Multi Gather Generic Operating System Environment Settings

This module prints out the operating system environment variables. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Generic Operating System Environment Settings', 'Description' = %...

[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw

------------------------------------------------------------------------ Debian Security Advisory DSA-2141-2 [email protected] http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq -...

IBM OmniFind - Local Privilege Escalation

IBM OmniFind - Local Privilege Escalation Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the applications »esRunCommand« and »estaskwrapper«. ------------------------------------------------------------------------- -rwsr-xr-x 1 root users...

RedHat Update for sudo RHSA-2010:0475-01

Check for the Version of sudo OpenVAS Vulnerability Test RedHat Update for sudo RHSA-2010:0475-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

CentOS 5 : sudo (CESA-2010:0475)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

sudo: insufficient environment sanitization issue

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

Moderate: Red Hat Security Advisory: sudo security update

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 5 : sudo (RHSA-2010:0475)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2010:0475 advisory. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sud...

Path traversal

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

CVE-2010-1646

CVE-2010-1646 affects the sudo secure_path behavior when an environment contains multiple PATH variables, allowing local privilege escalation. Impact, as described in connected advisories, covers multiple sudo versions: 1.3.1–1.6.9p22 and 1.7.0–1.7.2p6. The root cause is insufficient sanitization...