lib32-gnutls: arbitrary file overwrite

Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...

FreeBSD : gnutls -- file overwrite by setuid programs (9c196cfd-2ccc-11e6-94b0-0011d823eebd)

gnutls.org reports : Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXM...

File overwrite and privilege escalation through Mozilla Windows updater — Mozilla

Security researcher Frédéric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running....

gnutls -- file overwrite by setuid programs

gnutls.org reports: Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem...

FreeBSD-SA-16:22.libarchive

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:22.libarchive Security Advisory The FreeBSD Project Topic: Directory traversal in cpio1 Category: contrib Module: libarchive Announced: 2016-05-31 Credits:...

CIScan 1.00 - Hostname/IP Field Overwrite (SEH) (PoC)

!/usr/bin/python Exploit Title : CIScanv1.00 Hostname/IP Field SEH Overwrite POC Discovery by : Nipun Jaswal Email : [email protected] Discovery Date : 11/05/2016 Software Link : http://www.mcafee.com/us/downloads/free-tools/ciscan.aspx Tested Version : 1.00 Vulnerability Type: SEH Overwrite...

ntp: config command can be used to set the pidfile and drift file paths

It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process immediately or the current estimated drift of the...

Ubuntu: Security Advisory (USN-2934-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Firefox regressions (USN-2917-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2917-3 advisory. USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the...

Ubuntu: Security Advisory (USN-2917-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AirOS 6.x - Arbitrary File Upload

Exploit for cgi platform in category web applications EDB-Note Source: https://hackerone.com/reports/73480 Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's...

AirOS 6.x - Arbitrary File Upload

AirOS 6.x - Arbitrary File Upload EDB-Note Source: https://hackerone.com/reports/73480 Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's possible to a...

Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. The vulnerability is due to improper setting of permissions on the filesystem f...

UCS Director Arbitrary File Overwrite Vulnerability

Cisco UCS Director is prone to a vulnerability that may allow attackers to over write arbitrary files. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

openssh -- command injection when X11Forwarding is enabled

The OpenSSH project reports: Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth1. Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth comman...

Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

VMware ESX sudo Package Multiple Vulnerabilities (VMSA-2013-0007) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of sudo : - An unspecified flaw exists in the sudo package related to the Network Matching Mechanism that is triggered when parsing IPv4 netmask...

NTP - Local Privilege Escalation

NTP - Local Privilege Escalation Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics...

NTP - Local Privilege Escalation

Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...

binutils: directory traversal vulnerability

A directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities...