sssd: TOCTOU race conditions by copying and removing directory trees

System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files...

PT-2013-4933 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions Folsom through Havana Description: The issue is related to the "create an instance" API, which does not properly enforce the os-flavor-access:is public property. This allows remote authenticated users to boot...

gdm security update

gdm 2.16.0-59.0.1.el59.1 - Fix gdmconfig memory leaks orabug 12734629 2.16.0-59.1 - Don't try to pre-create directories that are internal implementation details of X. Resolves: 997619 CVE-2013-4169 initscripts 8.45.42-2.0.1.el59.1 - Do not rename eth devices. Orabug 14266688. Apply upstream...

Cross site scripting

Cross-site scripting XSS vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-4138

Cross-site scripting XSS vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

[Nishang v0.3.0] The PowerShell for Penetration Testing released (introducing Powerpreter)

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. Powerpreter is a powershell module...

Design/Logic Flaw

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

CVE-2013-2113

The create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag or 2 assigning an arbitrary role...

PT-2013-3544 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.2.0-RC2 Description: The issue allows remote authenticated users with permissions to create or edit other users to gain privileges. This can be achieved by either changing the admin flag or assigning an arbitrary...

PT-2013-3548 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.2.0-RC2 Description: The issue allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute in the create method in the Bookmarks controller...

Sysax Multi-Server Create Folder Buffer Overflow (CVE-2012-6530)

A buffer overflow vulnerability had been reported in Sysax Multi Server 5.64 Create Folder. The vulnerability is due to insufficient boundary check when creating a new folder. A remote attacker can exploit this weakness by entering a very long folder name. Successful exploitation could result in...

Foreman (Red Hat OpenStack/Satellite) Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...

phpMyAdmin 4.0.x < 4.0.3 'view_create.php' XSS

Binary data 6919.prm...

Zoom X4 / X5 SQL Injection / Authentication Bypass Vulnerabilities

Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities. Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3...

Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution

Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...

CVE-2013-3742

Cross-site scripting XSS vulnerability in viewcreate.php aka the Create View page in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message...