CentOS 5 : acpid (CESA-2009:1642)

An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI Advanced Configuration and Power Interface events to...

acpid weak file permission

Log file is created world readable...

DSA-1960-1 acpid - weak file permissions

Bulletin has no description...

CVE-2009-3554

Twiddle in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file...

Red Hat acpid '/var/log/acpid'日志文件权限本地特权提升漏洞

Bugraq ID: 37249 CVE ID：CVE-2009-4033 Red Hat是一款流行的linux发行版本。 Red Hat Enterprise Linux 5包含的acpid以不安全权限建立日志文件/var/log/acpid。问题是由于使用OCREAT标记调用时open没有使用第三个参数，结果导致日志文件以全局可写建立，并设置setuid / setgid位，允许特权提升。 RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux 5 server 用户可参考如下安全公告获得补丁信息：...

RedHat Security Advisory RHSA-2009:1642

The remote host is missing updates announced in advisory RHSA-2009:1642. acpid is a daemon that dispatches ACPI Advanced Configuration and Power Interface events to user-space programs. It was discovered that acpid could create its log file /var/log/acpid with random permissions on some systems. ...

JBoss EAP Twiddle logs the JMX password

Twiddle in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file...

CVE-2009-4235

acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033...

To modify log file properties protect yourself will not be the administrator found-vulnerability warning-the black bar safety net

The log file location is actually stored in the registry,as long as we modify its attributes to mask their intrusion traces, Here only modify the default location,the log size of the property,such as log size 0 0 0 0 0 0 0 1,so that it can not be normal recording, So if you can perfect guarantee...

To modify log file properties protect yourself will not be the administrator found that(idea)-bug warning-the black bar safety net

by ha0k The log file location is actually stored in the registry, as long as we modify its attributes to mask their intrusion traces, here just modify the default location, the log size of the property, such as log size 0 0 0 0 0 0 0 1,so that it can not be normal recording, so it can be perfect ...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...

CVE-2009-2743

IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...

Rookie Club of the simple broiler production big run-vulnerability warning-the black bar safety net

A. Preface.. Back door making for success after the invasion to maintain Rights has a very important significance,this article describes a simple and practical the back door of the production technology,as well as how to make a broiler. Ha ha hado not turn into bad kids! II. Ready.. First, we nee...

CodeIgniter Global XSS Filtering Bypass Vulnerability

======================================== CodeIgniter Global XSS Filtering Bypass Vulnerability ======================================== Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ believe in full disclosure Product : CodeIgniter http://www.codeigniter.com Product...

CVE-2009-1786

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable...

ECShop shop system<=V2. 6. 2 the background to get webshell-vulnerability warning-the black bar safety net

ECSHOP is an open source free online store system. By the professional development team upgrade and maintenance, to provide you with timely and efficient technical support, you can also according to their own business characteristics of ECSHOP be customized to increase their own store features...

PowerCHM 5.7 (hhp File) Stack Overflow poC

Exploit for unknown platform in category dos / poc ========================================== PowerCHM 5.7 hhp File Stack Overflow poC ========================================== exploit.py PowerCHM 5.7 hhp file Stack overflow PoC By:Encrypt3d.M!nd Orginally Discovered by: Biks Security...

PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution

!/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually believed this populated those...