Nagios XI < 2011R1.9 Multiple Vulnerabilities

Binary data 8363.prm...

Vixie Cron crontab 3.0 Privilege Lowering Failure Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. When a parsing error occurs after a modification operation, crontab will fail to drop...

OpenBSD 2.9/3.0 Default Crontab root Compromise Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4495/info OpenBSD ships with a number of cron jobs configured by default. The tasks are for the purpose of summarizing system information. The mail1 utility is used to send the summaries to the root user. This utility...

MacOSXLabs RsyncX 2.1 Insecure Temporary File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker may exploit...

HP-UX 10.20/11.0 crontab /tmp File Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1845/info crontab is a binary in the cron package of the HP-UX cron implementation which allows a user to create a file of scheduled commands. A vulnerabiltiy in crontab exists that allows a user to read any file on an...

Adobe Version Cue 1.0/1.0.1 - Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl Adobe Version Cue VCNativeOSX: local root exploit. by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program writes data to a log file in the current working directory while running as setuid root. the logfile is formated...

Thibault Godouet FCron 1 Symbolic Link Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2835/info FCron is an implementation of the popular UNIX 'cron' utility that runs user-specified programs at periodic scheduled times. fcron is vulnerable to symbolic link attacks. It is possible for an attacker to...

HP-UX 11.00/10.20 crontab Overwrite Files Exploit

No description provided by source. !/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh distfile if -z $1 then echo Usage : $0 distfile exit fi cat EOF /tmp/crontabexp !/bin/sh ln -sf $1 $1 EOF chmod 755 /tmp/crontabexp EDITOR=/tmp/crontabexp export EDITOR...

Xcode OpenBase <= 9.1.5 (root file create) Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will Create a new file anywhere on the filesystem with...

Vixie Cron crontab 3.0 Privilege Lowering Failure Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. When a parsing error occurs after a modification operation, crontab will fail to drop...

Ruby on Rails exploit could hijack unpatched servers for botnet

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc, Hackers are exploiting a known and patched vulnerability ...

Ruby on Rails exploit could hijack unpatched servers for botnet

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc, Hackers are exploiting a known and patched vulnerability ...

CVE-2012-6097

File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab...

vixie-cron security, bug fix, and enhancement update

4:4.1-81 - 455664 adoptions of crontab orphans, forgot add buffer for list of orphans - Related: rhbz455664 4:4.1-80 - 654961 crond process ignores the changes of user's home directory needs bigger changes of code. The fix wasn't applied, detail in comment11. - Related: rhbz249512 4:4.1-79 -...

cronie: Race condition by setting timestamp of user's crontab file, when editing the file

The editcmd function in crontab.c in 1 cronie before 1.4.4 and 2 Vixie cron vixie-cron allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory...

0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer &lt; 2011R1.9

================ Privilege escalation vulnerabilities in Nagios XI installer 2011R1.9 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple privilege escalations exist within Nagios XI installer. Tested...

Nagios XI Privilege Escalation

================ Privilege escalation vulnerabilities in Nagios XI installer /dev/null; then cd /tmp rpm -Uvh epel-release.rpm ----- Vulnerability 2: Arbitrary crontab intallation ----- Files: install-crontab-root install-crontab-nagios uninstall-crontab-nagios A malicious user can exploit a race...

CVE-2011-1073

crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to 1 determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and 2 perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on...

CVE-2011-1074

crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname...

Directory traversal

crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname...