CVE-2015-8777

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

CVE-2015-8777

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

UBUNTU-CVE-2015-8777

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)

The remote VMware ESX host is affected by multiple vulnerabilities in the Bash shell : - A command injection vulnerability exists in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This...

SUSE-SU-2015:2337-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...

openssh security, bug fix, and enhancement update

6.6.1p1-22 - Use the correct constant for glob limits 1160377 6.6.1p1-21 - Extend memory limit for remote glob in sftp acc. to stat limit 1160377 6.6.1p1-20 - Fix vulnerabilities published with openssh-7.0 1265807 - Privilege separation weakness related to PAM support - Use-after-free bug related...

openSUSE Security Update : sudo (openSUSE-2015-687)

sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

muymacho is an exploit tool. Exists in Mac OS X 10.10.5 in dyld bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aims to introduce the use o...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

from: muymachois a vulnerability in the use of tools. Exists in Mac OS X 10.10.5dyldthe bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aim...

openSUSE Security Update : sudo (openSUSE-2015-703)

sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

[SECURITY] [DSA 3355-2] libvdpau regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3355-2 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 02, 2015 https://www.debian.org/security/faq -...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

Mageia: Security Advisory (MGASA-2015-0364)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework...

Oracle: Security Advisory (ELSA-2013-0587)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple OS X Address Book Handling Vulnerability

Apple OS X is an operating system developed by Apple Inc. A security vulnerability in the Apple OS X address book handling environment variable allows local users to exploit the vulnerability to inject arbitrary code into the jinx to load the address book architecture...

Gentoo Security Advisory GLSA 201504-02

Gentoo Linux Local Security Checks GLSA 201504-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Gentoo Security Advisory GLSA 201406-29

Gentoo Linux Local Security Checks GLSA 201406-29 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

The vulnerability of the libvdpau library, which allows a hacker to elevate their privileges

The vulnerability of the libvdpau library exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a local attacker to increase their privileges by manipulating the VDPAUDRIVER variable...

Android Shellcode Telnetd with Parameters

/ Title: Android/ARM - telnetd with three parameters and an environment variable Date: 2015-07-31 Tested on: Android Emulator and Samsung Note 10.1 Android version 4.1.2 Author: Steven Padilla - email: email protected Organization: Tresys LLC Vendor HomePage: www.tresys.com Version: 1.0 Android A...