Design/Logic Flaw

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by...

CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

CVE-2010-2198

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by...

CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

CVE-2010-2199

CVE-2010-2199 concerns lib/fsm.c in RPM 4.8.0 and earlier, which does not properly reset executable file metadata during upgrade or removal. This can allow local users to bypass access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL (related to CVE-2010-2059). The p...

CVE-2010-2059

CVE-2010-2059 affects RPM package manager: lib/fsm.c in RPM 4.8.0 and, per the description, unspecified 4.7.x and 4.6.x, and RPM before 4.4.3, may fail to reset executable file metadata during upgrade, potentially allowing local users to gain privileges by creating a hard link to a vulnerable (se...

CVE-2010-2199

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to...

CVE-2005-4889

The CVE-2005-4889 issue affects RPM before 4.4.3, where lib/fsm.c fails to reset executable file metadata during removal, potentially allowing local users to gain privileges by creating a hard link to a vulnerable (setuid/setgid) file. This is related to CVE-2010-2059. Impact is local privilege e...

CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable 1 setuid or 2 setgid file, a related issue to CVE-2010-2059...

CVE-2010-2153

Unrestricted file upload vulnerability in admin/code/tcefunctionstcecodeeditor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/...

List executable and writable-executable Files, list path variable

List executable and writable-executable files, list path variable over an SSH Connection. Check for executable Files outside /usr/local/bin:/usr/bin:/bin:/usr/bin/X11: /usr/games:/sbin:/usr/sbin:/usr/local/sbin:, check for user write permission on valid executables. SPDX-FileCopyrightText: 2010...

List executable and writable-executable Files, list path variable

List executable and writable-executable Files, list path variable over an SSH Connection. Check for executable Files outside /usr/local/bin:/usr/bin:/bin:/usr/bin/X11: /usr/games:/sbin:/usr/sbin:/usr/local/sbin:, check for user write permission on valid executables. OpenVAS Vulnerability Test $Id...

SMB Remote Disk Scanning for Executable Files

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

New, Simple Twitter Botnet Tool Debuts

There is a new point-and-click tool circulating online that enables virtually anyone to create a piece of malware that will connect a PC to a budding Twitter botnet. The tool, known as TwitterNET Builder, is being used by attackers to build quick and easy botnets that are then controlled through...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathom parameter to 1 bible.class.php, 2 dossier.class.php, 3 service.class.php, 4...

CVE-2010-1451

The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain PAGEEXEC4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent...

Foxit Launches 'Safe Mode' to Counter PDF Attacks

Foxit Corp has added new security features to its alternative PDF reader software to help thwart recent malware attacks that exploit the “/launch” feature. With Foxit PDF Reader Version 3.3, the company has added a Safe Mode that blocks external commands from being executed by the software. The...

SuSE9 Security Update : clamav (YOU Patch Number 12610)

Specially crafted CAB archives could crash clamav CVE-2010-1311 or bypass virus detection CVE-2010-0098. clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan...

Unrestricted file upload

Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/...

sudo protection bypass

when a pseudocommand is enabled, it's possible to created an executable file with the same name, it will be executed by relative name with escalated privileges...