CVE-2012-3410

CVE-2012-3410 describes a stack-based buffer overflow in GNU Bash (lib/sh/eaccess.c) that occurs when expanding the /dev/fd prefix. Before Bash 4.2 patch 33, a long filename in /dev/fd could allow local users to bypass intended restricted shell access. The vulnerability’s impact is described as a...

Mandriva Update for bash MDVSA-2012:128 (bash)

Check for the Version of bash OpenVAS Vulnerability Test Mandriva Update for bash MDVSA-2012:128 bash Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for bash MDVSA-2012:128 (bash)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE 10 Security Update : bash (ZYPP Patch Number 8217)

Parsing the /dev/fd prefix could have lead to a stack-based buffer overflow which could have been exploited by attackers to bypass security restrictions. CVE-2012-3410 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

Tunnel Blick Local Root Exploit Version 2

!/bin/sh Pwnnel Blicker for kids zx2c4 This is another exploit for Tunnel Blick. Other exploits for Tunnel Blick are available here: http://git.zx2c4.com/Pwnnel-Blicker/tree/ echo "+ Making vulnerable directory." mkdir -pv /tmp/pwn/openvpn/openvpn-0 echo "+ Preparing payload." cat...

Tunnelblick - Local Privilege Escalation (1)

/ ==== Pwnnel Blicker ==== = = = zx2c4 = = = ======================== Tunnel Blick, a widely used OpenVPN manager for OSX comes with a nice SUID executable that has more holes than you care to count. It's a treasure chest of local roots. I picked one that looked interesting, and here we have Pwnn...

Scientific Linux Security Update : bash on SL4.x i386/x86_64

It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts...

Scientific Linux Security Update : bash on SL5.x i386/x86_64

Bash is the default shell for Scientific Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary fil...

CentOS Update for bash CESA-2011:1073 centos5 x86_64

Check for the Version of bash OpenVAS Vulnerability Test CentOS Update for bash CESA-2011:1073 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for bash CESA-2011:1073 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Symantec Web Gateway 5.0.3.18 LFI Remote ROOT RCE Exploit

Exploit for linux platform in category remote exploits !/usr/bin/python ''' The original patch for the Symantec Web Gateway 5.0.2 LFI vulnerability removed the /tmp/networkScript file but left the entry in /etc/sudoers, allowing us to simply recreate the file and obtain a root shell using a...

WHMCS Simple Scanner (submitticket.php) Based [CVE-2012-0693]

Exploit for php platform in category web applications !/bin/bash BETA 0.01 clear cont=0 total=$1 total2=expr $total \ 10 PAGES=echo $total2| sed 's/.$//' dork=$2 seconds=$3 $ -eq 0 && echo "Usage: $0 $1 example: 10 submitticket.php 0 "; exit 1; function scan echo "" grep -o 'http://^".php'...

Linux Gather System and User Information

This module gathers system information. We collect installed packages, installed services, mount information, user list, user bash history and cron jobs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

WhatsApp - Remote Change Status

WhatsApp - Remote Change Status !/bin/bash WhatsApp Status changer v0.2 stable A slim exploit able to change the WhatsApp user status in a remote way. This program is released under the terms of the GNU General Public License GPL, which is distributed with this software in the file "COPYING". The...

WhatsApp Status Changer 0.2 Stable

!/bin/bash WhatsApp Status changer v0.2 stable A slim exploit able to change the WhatsApp user status in a remote way. This program is released under the terms of the GNU General Public License GPL, which is distributed with this software in the file "COPYING". The GPL specifies the terms under...

bzexe /tmp Race Condition

Hi Packetstorm, This PoC exploit was developed after a discussion on Full-disclosure mailing list, where http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862 was proved to be exploitable. A user can wait until a binary that was compressed with bzexe is run by root and execute /tmp/exec. This...

Trend Micro IWSS 3.1 - Local Privilege Escalation

source: https://www.securityfocus.com/bid/50380/info Trendmicro IWSS is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer. Trendmicro IWSS 3.1 is vulnerable;...

CentOS 5 : bash (CESA-2011:1073)

An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

CentOS Update for bash CESA-2011:1073 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

bash security update

CentOS Errata and Security Advisory CESA-2011:1073 An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common...