43 matches found
EUVD-2014-6071
Malware in sbrugna...
EUVD-2006-6457
Malware in sbrugna...
EUVD-2010-3835
Malware in sbrugna...
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
...
dso-maps.de Cross Site Scripting vulnerability OBB-3932457
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Privilege Escalation
glibc is vulnerable to privilege escalation. The vulnerability exists as it was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects DSOs to provide callbacks for its auditing API during the execution of privileged programs. ...
Security Bulletin: Tivoli Storage Manager Linux x86_64 Client Arbitrary DSO Load Elevation of Privileges (CVE-2014-6185)
Summary A vulnerability in the IBM Tivoli Storage Manager TSM Linux x8664 client could allow a local user to gain elevated privileges due to an arbitrary DSO load. Vulnerability Details CVEID: CVE-2014-6185 DESCRIPTION: IBM Tivoli Storage Manager could allow a local attacker to trick one of the...
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation
require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C...
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables...
dso-berlin.de XSS vulnerability
Open Bug Bounty ID: OBB-452802 Description| Value ---|--- Affected Website:| dso-berlin.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...
CVE-2014-6185
dsmtca in the client in IBM Tivoli Storage Manager TSM 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file...
Design/Logic Flaw
dsmtca in the client in IBM Tivoli Storage Manager TSM 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file...
CVE-2014-6185
dsmtca in the client in IBM Tivoli Storage Manager TSM 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file...
GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability
No description provided by source. from: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes...
Scientific Linux Security Update : glibc on SL6.x i386/x86_64
It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LDAUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges...
RedHat Update for glibc RHSA-2012:0393-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2012-0883
envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...
CVE-2012-0883
envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...
Directory traversal
envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...
CVE-2012-0883
envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...