Lucene search
K

44 matches found

Debian CVE
Debian CVE
added 2012/04/18 10:0 a.m.59 views

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

6.9CVSS8.9AI score0.00946EPSS
Exploits4
Cvelist
Cvelist
added 2012/04/18 10:0 a.m.55 views

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

6AI score0.00946EPSS
Exploits4References32
Tenable Nessus
Tenable Nessus
added 2012/03/20 12:0 a.m.30 views

CentOS 6 : glibc (CESA-2012:0393)

Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.8CVSS8.5AI score0.02717EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2012/03/02 12:0 a.m.8 views

PT-2012-2927 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.2 Description: The issue is related to insecure handling of the LD LIBRARY PATH environment variable, which allows a local user to potentially gain privileges by executing a Trojan horse DSO in the...

9.8CVSS9AI score0.99998EPSS
Exploits60References91
0day.today
0day.today
added 2011/11/09 12:0 a.m.35 views

glibc LD_AUDIT arbitrary DSO load Privilege Escalation

Exploit for linux platform in category local exploits !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file...

6.8AI score0.09454EPSS
Exploits24
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.33 views

CentOS Update for glibc CESA-2010:0793 centos5 i386

Check for the Version of glibc OpenVAS Vulnerability Test CentOS Update for glibc CESA-2010:0793 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

7.2CVSS8.6AI score0.09454EPSS
Exploits24References2
OSV
OSV
added 2011/01/07 7:0 p.m.2 views

DEBIAN-CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

6.9CVSS9AI score0.08747EPSS
Exploits20References1
Prion
Prion
added 2011/01/07 7:0 p.m.26 views

Design/Logic Flaw

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

7.2CVSS6.8AI score0.09454EPSS
Exploits24References24Affected Software1
Cvelist
Cvelist
added 2011/01/07 6:0 p.m.26 views

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

8.9AI score0.08747EPSS
Exploits20References21
Debian CVE
Debian CVE
added 2011/01/07 6:0 p.m.37 views

CVE-2010-3847

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

6.9CVSS9.2AI score0.08747EPSS
Exploits20
Cvelist
Cvelist
added 2011/01/07 6:0 p.m.42 views

CVE-2010-3856

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

8.9AI score0.09454EPSS
Exploits24References24
CVE
CVE
added 2011/01/07 6:0 p.m.300 views

CVE-2010-3856

CVE-2010-3856 affects glibc's dynamic linker (ld.so). Local users can escalate privileges by abusing LD_AUDIT to load an unsafe DSO from a trusted library directory. Concrete details: affected components are ld.so in glibc before 2.11.3 and 2.12.x before 2.12.2; the underlying issue is improper L...

7.2CVSS7.4AI score0.09454EPSS
Exploits24References24Affected Software1
Slackware Linux
Slackware Linux
added 2010/10/29 4:49 a.m.45 views

[slackware-security] glibc

New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/glibc-2.11.1-i486-5slack13.1.txz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DS...

7.2CVSS6.5AI score0.09454EPSS
Exploits24
0day.today
0day.today
added 2010/10/23 12:0 a.m.43 views

GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability

Exploit for linux platform in category local exploits ====================================================================== GNU C library dynamic linker LDAUDIT arbitrary DSO load Vulnerability ====================================================================== The GNU C library dynamic linke...

6.8AI score0.09454EPSS
Exploits35
UbuntuCve
UbuntuCve
added 2010/10/22 12:0 a.m.51 views

CVE-2010-3856

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

7.2CVSS7.1AI score0.09454EPSS
Exploits24References2
exploitpack
exploitpack
added 2010/10/22 12:0 a.m.61 views

GNU C Library 2.x (libc6) - Dynamic Linker LD_AUDIT Arbitrary DSO Load Privilege Escalation

GNU C Library 2.x libc6 - Dynamic Linker LDAUDIT Arbitrary DSO Load Privilege Escalation Source: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads...

7.2CVSS1AI score0.09454EPSS
Exploits35
RedHat Linux
RedHat Linux
added 2010/10/20 11:26 p.m.5 views

glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

6.9CVSS7.4AI score0.08747EPSS
Exploits20References4
NVD
NVD
added 2008/12/11 3:30 p.m.24 views

CVE-2008-4844

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving 1 an XML Island, 2 XML DSOs, or 3 Tabular Data Control TDC in a craft...

9.3CVSS7.2AI score0.66513EPSS
Exploits10References21
Cvelist
Cvelist
added 2008/12/11 3:0 p.m.21 views

CVE-2008-4844

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving 1 an XML Island, 2 XML DSOs, or 3 Tabular Data Control TDC in a craft...

7.6AI score0.66513EPSS
Exploits10References21
CVE
CVE
added 2008/12/11 3:0 p.m.287 views

CVE-2008-4844

CVE-2008-4844 is a use-after-free vulnerability in the MSHTML component (CRecordInstance::TransferToDestination) of mshtml.dll that affects Internet Explorer 5.01/6/6 SP1/7. Exploitation enables remote code execution via crafted HTML/XML containing DSO bindings (XML Island, XML DSOs, or Tabular D...

9.3CVSS7.5AI score0.66513EPSS
Exploits10References21Affected Software1
Rows per page
Query Builder