Lucene search
K

816 matches found

securityvulns
securityvulns
added 2013/03/11 12:0 a.m.34 views

rpi-update tmpfile vulnerability

Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.34 views

Re: rpi-update tmpfile vulnerability

Hello everyone, I took a closer look at this vulnerability here is my exploit to share: 45 cat /tmp/updateScript.sh EOF -- if we own it first, wait for IMODIFY and inject our malicious code 46 !/bin/bash 47 if mv "$tempFileName" "$0"; then 48 rm -- "$0" 49 exec env UPDATESELF=0 /bin/bash "$0"...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2013/03/04 12:0 a.m.41 views

Raspberry Pi Firmware Updater File Clobber

Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/02/28 12:0 a.m.30 views

rpi-update - Insecure Temporary File Handling / Security Bypass

// source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability An attacker can exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2013/02/28 12:0 a.m.16 views

rpi-update - Insecure Temporary File Handling Security Bypass

rpi-update - Insecure Temporary File Handling Security Bypass // source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability An attacker can exploit this issue to perform symbolic-link attacks,...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/01/28 12:0 a.m.116 views

Default Password (openelec) for 'root' Account

The account 'root' on the remote host has the password 'openelec'. An attacker can exploit this issue to gain full access to the affected system. Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Netwo...

7.5CVSS8.3AI score0.53618EPSS
Exploits41References3
Tenable Nessus
Tenable Nessus
added 2013/01/28 12:0 a.m.50 views

Default Password (raspberry) for 'pi' Account

The account 'pi' on the remote host has the password 'raspberry'. An attacker may leverage this issue to gain full access to the affected system. Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Netwo...

7.5CVSS8.3AI score0.53618EPSS
Exploits41References2
Tenable Nessus
Tenable Nessus
added 2013/01/28 12:0 a.m.30 views

Default Password (raspi) for 'root' Account

The account 'root' on the remote host has the password 'raspi'. An attacker may leverage this issue to gain full access to the affected system. Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Network...

7.5CVSS8.3AI score0.53618EPSS
Exploits41References2
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.19 views

SuSE 11.2 Security Update : pcp (SAT Patch Number 7221)

pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. - Update to pcp-3.6.10. - Transition daemons to run under an unprivileged account. - Fixes for security advisory CVE-2012-5530: tmpfile flaws;. bnc782967 - Fix pcp1 command short-form pmlogger...

5CVSS6.1AI score0.05753EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.25 views

SuSE 10 Security Update : pcp (ZYPP Patch Number 8421)

pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. - Update to pcp-3.6.10. o Transition daemons to run under an unprivileged account. o Fixes for security advisory CVE-2012-5530: tmpfile flaws; bnc782967. o Fix pcp1 command short-form pmlogger...

5CVSS6AI score0.05753EPSS
Exploits0References10
Kitploit
Kitploit
added 2012/11/10 9:33 p.m.52 views

[PwnPi v2.0] A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager Log...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2012/09/11 12:0 a.m.29 views

Raspberry Pi Linux/ARM - chmod"/etc/shadow", 0777 41 bytes

Raspberry Pi Linux/ARM - chmod"/etc/shadow", 0777 41 bytes. Shellcode exploit for arm platform / Title: Linux/ARM - chmod"/etc/shadow", 0777 - 41 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0,...

Exploits0
Exploit DB
Exploit DB
added 2012/09/11 12:0 a.m.21 views

Raspberry Pi Linux/ARM - execve"/bin/sh", 0, 0 vars 30 bytes

Raspberry Pi Linux/ARM - execve"/bin/sh", 0, 0 vars 30 bytes. Shellcode exploit for arm platform / Title: Linux/ARM - execve"/bin/sh", 0, 0 vars - 30 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2012/09/11 12:0 a.m.21 views

Raspberry Pi Linux/ARM - reverse_shelltcp,10.1.1.2,0x1337

Raspberry Pi Linux/ARM - reverseshelltcp,10.1.1.2,0x1337. Shellcode exploit for arm platform / Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l - Raspberry Pi Author: midnitesnake 00008054 : 8054: e28f1001 add r1...

0.2AI score
Exploits0
0day.today
0day.today
added 2012/09/11 12:0 a.m.21 views

linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337) execve("/bin/sh", [0], [0 vars]) - 72 bytes

/ Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l - Raspberry Pi Author: midnitesnake 00008054 : 8054: e28f1001 add r1, pc, 1 8058: e12fff11 bx r1 805c: 2002 movs r0, 2 805e: 2101 movs r1, 1 8060: 1a92 subs r2,...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2012/03/20 2:31 a.m.9 views

The Pirate Bay plans Low Orbit Server Drones to beat #Censorship

The Pirate Bay plans Low Orbit Server Drones to beat Censorship One of the world's largest BitTorrent sites "The Pirate Bay" is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. In a Sunday blog post, The Pirate Bay announc...

6.7AI score
Exploits0
Rows per page
Query Builder