Design/Logic Flaw

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

CVE-2017-9525

CVE-2017-9525 affects the cron package (Debian: 3.0pl1-128; Ubuntu: 3.0pl1-128ubuntu2) where the postinst maintainer script allows group-crontab-to-root privilege escalation through unsafe usage of chown/chmod and symlink attacks. Multiple connected advisories reference Cron regressions and incom...

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)

A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...

Updated mariadb packages fix security vulnerability

Root Privilege Escalation CVE-2016-6664. Unspecified vulnerability affecting the Optimizer component CVE-2017-3238. Unspecified vulnerability affecting the Charsets component CVE-2017-3243. Unspecified vulnerability affecing the DML component CVE-2017-3244. Unspecified vulnerability affecting...

SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:0411-1)

This mariadb version update to 10.0.29 fixes the following issues : - CVE-2017-3318: unspecified vulnerability affecting Error Handling bsc1020896 - CVE-2017-3317: unspecified vulnerability affecting Logging bsc1020894 - CVE-2017-3312: insecure error log file handling in mysqldsafe, incomplete...

SUSE-SU-2017:0411-1 Security update for mariadb

This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling bsc1020896 - CVE-2017-3317: unspecified vulnerability affecting Logging bsc1020894 - CVE-2017-3312: insecure error log file handling in mysqldsafe, incomplete...

CVE-2017-5551

A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAPFSETID, the setgid bit is cleared in inodechangeok. Setting a POSIX ACL via 'setxattr' sets the file permissions as well as...

PCMan FTP Server 'SITE CHMOD' Command Buffer Overflow Vulnerability

PCMan FTP Server is a full-featured FTP server software. A buffer overflow vulnerability exists in PCMan FTP Server version 2.0.7. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of an affected application with the help of a long string in the SITE CHMOD...

PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/env python -- coding: utf-8 -- Exploit Title: PCMan FTP Server 2.0 BoF SITE CHMOD Command Date: 04/11/2016 Exploit Author: Luis Noriega Tested on: Windows XP Profesional V. 5.1 Service Pack 3 CVE : n/a import socket shellcode with...

PCMan FTP Server 2.0.7 - SITE CHMOD Remote Buffer Overflow

PCMan FTP Server 2.0.7 - SITE CHMOD Remote Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title: PCMan FTP Server 2.0 BoF SITE CHMOD Command Date: 04/11/2016 Exploit Author: Luis Noriega Tested on: Windows XP Profesional V. 5.1 Service Pack 3 CVE : n/a import socket shellcode wi...

PCMan FTP Server 2.0.7 - 'SITE CHMOD' Remote Buffer Overflow

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: PCMan FTP Server 2.0 BoF SITE CHMOD Command Date: 04/11/2016 Exploit Author: Luis Noriega Tested on: Windows XP Profesional V. 5.1 Service Pack 3 CVE : n/a import socket shellcode with metasploit: msfvenom -p windows/exec CMD=calc.exe...

PCMan FTP Server 2.0.7 SITE CHMOD Buffer Overflow

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: PCMan FTP Server 2.0 BoF SITE CHMOD Command Date: 04/11/2016 Exploit Author: Luis Noriega Tested on: Windows XP Profesional V. 5.1 Service Pack 3 CVE : n/a import socket shellcode with metasploit: msfvenom -p windows/exec CMD=calc.exe...

FreePBX 13/14 - Remote Command Execution / Privilege Escalation

!/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 STA...

Fedora 23 : php-doctrine-common (2016-8dc0af2c29)

v2.5.3 Bug-fixes - \367: Fix how namespace matching happens in SymfonyFileLocator v2.5.2 Bug-fixes - DCOM-299 383 Silence chmod warnings - DCOM-301 384 Fixed bug with getAllClassNames in subdirectories - DCOM-303 387 Fixed fatal error in AbstractManagerRegistry Improvement - DCOM-289 373 composer...

Wildpwn - Unix Wildcard Attack Tool

Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often. First things first! Read: https://www.exploit-db.com/papers/33930/ Basic usage It goes something like...

CVE-2016-4982

authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it...

linux/x86 - chmod() 777 /etc/shadow & exit() - 33 bytes

Linux/x86 - chmod 777 /etc/shadow & exit - 33 bytes Greetz : BombermanLeader Author : B3mB4m Concat : email protected Disassembly of section .text: 08048060 : 8048060: 31 c0 xor %eax,%eax 8048062: 50 push %eax 8048063: 68 61 64 6f 77 push $0x776f6461 8048068: 68 63 2f 73 68 push $0x68732f63...

linux/x86 chmod('/etc/shadow','0777') - shellcode 42 bytes

/ Title: Linux/x86 chmod'/etc/shadow','0777' - shellcode 42 bytes Platform: linux/x8664 Date: 2015-06-15 Author: Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website : www.reza.es Twitter : https://twitter.com/rezesp...