Metasploit pcap_log Privlege Escalation

================ 0A29-12-2 : Metasploit 'pcaplog' plugin privilege escalation vulnerability Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Metasploit plugin 'pcaplog' is vulnerable to an arbitrary file...

Metasploit pcap_log Privlege Escalation

Exploit for windows platform in category local exploits ================ 0A29-12-2 : Metasploit 'pcaplog' plugin privilege escalation vulnerability Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Metasploi...

CVE-2012-2451

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...

CVE-2012-1989

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...

Code injection

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...

mini_httpd: Arbitrary code execution

Background minihttpd is a small webserver with optional SSL and IPv6 support. Description minihttpd does not properly check for shell escapes when parsing HTTP requests. Impact A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the...

GLSA-201206-03 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-03 Opera: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially...

GLSA-201203-18 : Minitube: Insecure temporary file usage

The remote host is affected by the vulnerability described in GLSA-201203-18 Minitube: Insecure temporary file usage Tom Pruina reported that Minitube does not handle temporary files securely. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges...

Arbitary file overwrite symlink in libodm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Thu Jun 20 13:00:02 CDT 2012 Updated: Mon Oct 29 11:43:29 CDT 2012 Update: IFIX and CSUM for 6100-07-04 Update: New ifixes for the latest SP's Updated: Thu May 23 11:04:10 CDT 2014 Update: New APAR/Interim Fixes...

CVE-2012-3345

ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file...

Code injection

ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file...

CVE-2012-3345

ioquake3 before r2253 is vulnerable to a local symlink attack on /tmp/ioq3.pid that allows a local user to overwrite arbitrary files. The root cause is a symlink/temporary file handling flaw that can be exploited by an unprivileged user with local access. Public advisories reference CVE-2012-3345...

CVE-2012-3345

ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file...

Design/Logic Flaw

An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors...

CVE-2012-1818

The CVE-2012-1818 issue affects Emerson DeltaV and DeltaV Workstations (versions 9.3.1, 10.3.1, 11.3, 11.3.1) and DeltaV ProEssentials Scientific Graph 5.0.0.6. An unspecified ActiveX control may allow remote attackers to overwrite arbitrary files via unknown vectors. Public sources describe this...

Ecava IntegraXor igcom.dll Traversal Arbitrary File Overwrite

Binary data scadaintegraxor3714200.nbin...

CVE-2012-1906

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

AzDGDatingMedium 1.9.3 XSS / CSRF / SQL Injection / Directory Traversal

Exploit for php platform in category web applications ================================================= Vulnerable Software: AzDGDatingMedium Version 1.9.3 Official Site: http://www.azdg.com/ ================================================= ================================================= Teste...

CVE-2011-2722

The senddatatostdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing HPLIP 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file...