UNIX Gather AWS Keys

This module will attempt to read AWS configuration files .aws/config, .aws//credentials and .s3cfg for users discovered on the session'd system and extract AWS keys from within. This module requires Metasploit: https://metasploit.com/download Current source:...

mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)

It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...

EKG Gadu 1.9~pre+r2855-3+b1 - Local Buffer Overflow

Exploit for linux platform in category local exploits Exploit developed using Exploit Pack v6.01 Exploit Author: Juan Sacco Program affected: EKG Gadu Affected value: USERNAME Version: 1:1.9pre+r2855-3+b1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description:...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

CVE-2016-4794

Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service BUG or possibly have unspecified other impact via crafted use of the mmap and bpf system calls...

[SECURITY] [DSA 3562-1] tardiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3562-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2016 https://www.debian.org/security/faq -...

mysql: unspecified vulnerability related to Server:SP (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP...

bind: malformed packet sent to rndc can trigger assertion failure

A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash...

php: Files from archive can be extracted outside of destination directory using phar

A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...

mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client an...

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability

Document Title: =============== ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1555 Release Date: ============= 2015-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 1555...

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability

Document Title: =============== ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1555 Release Date: ============= 2015-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 1555...

Q-shell - Quick Shell for Unix Administrator

q-shell is quick shell for remote login into Unix system, it use blowfish crypt algorithm to protect transport data from client to server, you can get two program: 'qsh' for client, and 'qshd' for server, those program can rename by any name with you prefer. Compile Just enter 'make' and it will...

IT-Grundschutz M4.022: Verhinderung des Vertraulichkeitsverlusts schutzbedürftiger Daten im Unix-System

IT-Grundschutz M4.022: Verhinderung des Vertraulichkeitsverlusts schutzbedürftiger Daten im Unix-System. Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4022.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.022 Authors: Thomas Rotter Copyright:...

IT-Grundschutz M4.019: Restriktive Attributvergabe bei Unix-Systemdateien und -verzeichnissen

IT-Grundschutz M4.019: Restriktive Attributvergabe bei Unix-Systemdateien und -verzeichnissen. Stand: 14. Ergaenzungslieferung 14. EL. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2013-6500

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

tnftp: arbitrary command execution

A malicious webserver can trick tnftp below 20141031 via HTTP redirects into executing arbitrary commands...

php: gd extension NUL byte injection in file names

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...

Bajie 0.78 Arbitrary Shell Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2389/info Requesting a specailly crafted URL containg arbitrary code, can be exected on a Unix system running Bajie Webserver. Any arbitrary commands appended to a malicious URL after the ';' will be executed as an...