Session fixation

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

Design/Logic Flaw

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different...

CVE-2012-0943

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

CVE-2012-0943

CVE-2012-0943 concerns debian/guest-account in LightDM (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu 11.10. Affected component: guest-account cleanup in LightDM; root cause described as a vulnerability allowing local users to delete arbitrary files via a space in the name...

CVE-2012-6648

Summary: CVE-2012-6648 affects gdm-guest-session up to version 0.24 (used in Ubuntu 10.04 LTS, 10.10, 11.04). A local user can delete arbitrary files in /tmp by crafting a filename containing a space. The issue is tied to gdm/guest-session-cleanup.sh behavior in the guest-session setup, as split ...

CVE-2012-0943

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...

CVE-2011-4613

The X.Org X wrapper xserver-wrapper.c in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY...

DoS vulnerability in Adobe Flash Player (BSOD)

Hello 3APA3A! At beginning of this year I informed you about DoS vulnerability in Adobe Flash. Look at advisory http://seclists.org/fulldisclosure/2013/Apr/9 with exploit and video demonstration http://www.youtube.com/watch?v=xi29KZ3LD80 of previous DoS in Flash. Adobe hiddenly fixed it in the...

vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since...

vBulletin 5 - 'index.php/ajax/api/reputation/vote?nodeid' SQL Injection (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injection...

UBUNTU-CVE-2013-4788

The PTRMANGLE implementation in the GNU C Library aka glibc or libc6 2.4, 2.17, and earlier, and Embedded GLIBC EGLIBC does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow...

UBUNTU-CVE-2013-2899

drivers/hid/hid-picolcdcore.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDPICOLCD is enabled, allows physically proximate attackers to cause a denial of service NULL pointer dereference and OOPS via a crafted device...

CVE-2013-2162

Race condition in the post-installation script mysql-server-5.5.postinst for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive...

CVE-2013-2162

Race condition in the post-installation script mysql-server-5.5.postinst for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive...

Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)

Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...

CVE-2013-2162

Race condition in the post-installation script mysql-server-5.5.postinst for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive...

Ubuntu 12.04 LTS : linux vulnerability (USN-1741-1)

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator. Note that Tenable Network Security has extracted the preceding description...

PHPMyRecipes 1.2.2 - viewrecipe.php?r_id SQL Injection

PHPMyRecipes 1.2.2 - viewrecipe.php?rid SQL Injection phpMyRecipes 1.2.2 SQL Injection Exploit By cr4wl3r http://bastardlabs.info Script: http://sourceforge.net/projects/php-myrecipes/files/ Demo: http://bastardlabs.info/demo/phpMyRecipes.png Tested: Ubuntu Linux Bugs found in viewrecipe.php $rid...

phpMyRecipes 1.2.2 SQL Injection Vulnerability

phpMyRecipes version 1.2.2 remote SQL injection exploit. phpMyRecipes 1.2.2 SQL Injection Exploit By cr4wl3r http://bastardlabs.info Script: http://sourceforge.net/projects/php-myrecipes/files/ Demo: http://bastardlabs.info/demo/phpMyRecipes.png Tested: Ubuntu Linux Bugs found in viewrecipe.php...