find_backdoors

This plugin searches for web shells in the directories that are sent as input. For example, if the input is: http://host.tld/w3af/f00b4r.php The plugin will perform these requests: http://host.tld/w3af/c99.php http://host.tld/w3af/cmd.php http://host.tld/w3af/webshell.php … Plugin type Crawl...

HP Data Protector Create New Folder Buffer Overflow (CVE-2012-0124)

A stack buffer overflow vulnerability has been reported in HP Data Protector 5. The vulnerability is due to insecure handling of file names when creating new folders. An unauthenticated remote attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. A...

Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution

Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...

Mandriva Linux Security Advisory : bash (MDVSA-2013:032)

A vulnerability was found and corrected in bash : A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names 'test' command and evaluating /dev/fd file names in conditinal command expressions. A remote...

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

SuSE 11.2 Security Update : inst-source-utils (SAT Patch Number 6817)

Multiple code execution flaws have been fixed that could have been exploited via specially crafted file names / directory path names. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The tex...

CentOS Update for ruby CESA-2013:0129 centos5

Check for the Version of ruby OpenVAS Vulnerability Test CentOS Update for ruby CESA-2013:0129 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2012-5148

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors...

CVE-2012-5148

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors...

CVE-2012-5148

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors...

ruby security update

CentOS Errata and Security Advisory CESA-2013:0129 Updated ruby packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

SuSE 10 Security Update : inst-source-utils (ZYPP Patch Number 8376)

Multiple code execution flaws have been fixed that could be exploited via specially crafted file names / directory path names. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

GlusterFS: insecure temporary file creation

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

Metasploit < 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Metasploit 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)

Metasploit 4.4 - pcaplog Plugin Privilege Escalation Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require...

Metasploit pcap_log Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Mandriva Linux Security Advisory : bash (MDVSA-2012:128)

A vulnerability was found and corrected in bash : A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names 'test' command and evaluating /dev/fd file names in conditinal command expressions. A remote...

Design/Logic Flaw

The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 file names to apps/userldap/settings.php; 2 url or 3 title parameter to apps/bookmarks/ajax/editBookmark.php; 4 tag or 5 page parameter to...