Salt win_useradd, salt-cloud and Linode driver information disclosure vulnerabilities

Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. winuseradd one of the user creation component; salt-cloud is a virtual machine configuration component; Linode driver is a server driver. A security vulnerability exists in winuseradd, salt-cloud, an...

Cisco Firepower Management Console 6.0 - Post Authentication UserAdd (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability", 'Description' = %q This module exploits a...

Cisco Firepower Management Console 6.0 Post Authentication UserAdd

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability", 'Description' = %q This module exploits a...

Cisco Firepower Management Console 6.0 Post Authentication UserAdd Exploit

This Metasploit module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this...

Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability

This module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability...

HP Client 9.19.08.17.9 - Command Injection

HP Client 9.19.08.17.9 - Command Injection Exploit Title: HP Client - Automation Command Injection Date: 10/10/2016 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: Tested on version 7.9 but should work on 8.1, 9.0, 9.1...

Linux Kernel 2.6.x Audit Subsystems Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22737/info The Linux Kernel is prone to a denial-of-service vulnerability. A local attacker can exploit this issue to crash the kernel. Linux kernel versions 2.6.x are vulnerable to this issue. 1. auditctl -w /etc/shadow ...

[SECURITY] Fedora 20 Update: accountsservice-0.6.35-1.fc20

The accountsservice project provides a set of D-Bus interfaces for querying and manipulating user account information and an implementation of these interfaces, based on the useradd, usermod and userdel commands...

Oracle Linux 3 : shadow-utils (ELSA-2007-0431)

From Red Hat Security Advisory 2007:0431 : An updated shadow-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for...

CentOS 4 : shadow-utils (CESA-2007:0276)

Updated shadow-utils packages that fix a security issue and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow...

Code injection

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts...

CVE-2012-6562

engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts...

Mandrake Linux Security Advisory : shadow-utils (MDKSA-2001:007)

WireX discovered a potential temporary file race condition in the useradd program contained in the shadow-utils package. The useradd program creates it's temporary files in the protected directory /etc/default, but if this directory is changed to world-writable, a problem could occur. This update...

Scientific Linux Security Update : shadow-utils on SL3.x i386/x86_64

A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. CVE-2006-1174 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C...

Scientific Linux Security Update : shadow-utils on SL4.x i386/x86_64

A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. CVE-2006-1174 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C...

HP-UX Update for useradd(1M) HPSBUX02366

Check for the Version of useradd1M OpenVAS Vulnerability Test HP-UX Update for useradd1M HPSBUX02366 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

HP-UX Update for useradd(1M) HPSBUX02366

Check for the Version of useradd1M OpenVAS Vulnerability Test HP-UX Update for useradd1M HPSBUX02366 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

HP-UX PHCO_38491 : HPUX Running useradd(1M), Local Unauthorized Access (HPSBUX02366 SSRT080120 rev.2)

s700800 11.23 ugm cumulative patch : A potential security vulnerability has been identified in HP-UX running the useradd1M command. The vulnerability could be exploited locally to allow unauthorized access to directories or files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

HP-UX PHCO_38547 : HPUX Running useradd(1M), Local Unauthorized Access (HPSBUX02366 SSRT080120 rev.2)

s700800 11.31 ugm cumulative patch : A potential security vulnerability has been identified in HP-UX running the useradd1M command. The vulnerability could be exploited locally to allow unauthorized access to directories or files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

HP-UX PHCO_38492 : HPUX Running useradd(1M), Local Unauthorized Access (HPSBUX02366 SSRT080120 rev.2)

s700800 11.11 ugm cumulative patch : A potential security vulnerability has been identified in HP-UX running the useradd1M command. The vulnerability could be exploited locally to allow unauthorized access to directories or files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...