840 matches found
Chkrootkit Local Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'Chkrootkit Local Privilege Escalation', 'Description' = %q Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a...
Chkrootkit Local Privilege Escalation
Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privilege escalation. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2015-5014
IBM Cognos Disclosure Management CDM 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation...
CVE-2015-5888
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file...
Code injection
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file...
h5ai arbitrary file upload vulnerability
h5ai is a software developer Lars Jung developed a set of HTTP Web server for creating file indexing software. An arbitrary file upload vulnerability exists in versions of h5ai prior to 0.25.0. A remote attacker can exploit this vulnerability by uploading an executable file and sending a direct...
CVE-2015-5839
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...
Design/Logic Flaw
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file...
Design/Logic Flaw
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file...
CVE-2015-3803
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file...
SecuritySoftView - Displays the AntiVirus / AntiSpyware / Firewall registered with the security center of Windows
SecuritySoftView is a simple tool that displays the AntiVirus, AntiSpyware, and Firewall programs that are currently installed on your system and registered with the security center of Windows operating system. System Requirements This utility works on any version of Windows, starting from Window...
Adobe Acrobat and Reader Buffer Overflow (APSB15-10: CVE-2015-3048)
A buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while creating a new broker process for the IE EPM sandbox. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
[SECURITY] [DSA 3238-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...
Google Chrome FileSystem API Security Bypass Vulnerability
Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the FileSystem API of Google Chrome versions prior to 40.0.2214.91. A remote attack exploiting this vulnerability could bypass the SafeBrowsing for Executable Files protection mechanism by creating an .ex...
chromium-browser: SafeBrowsing bypass
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...
Unrestricted file upload
Unrestricted file upload vulnerability in EMC M&R aka Watch4Net before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file...
Directory traversal
Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...
CVE-2015-0016
Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...
CVE-2015-0016
Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...
Code injection
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive...