Valve Steam Privilege Acquisition Vulnerability

Valve Steam is a Linux-based operating system for living room gaming from the American company Valve. A security vulnerability exists in Valve Steam version 2.10.91.91, which originates when the program assigns weak permissions user: read/write to the Install folder. This vulnerability can be...

Chkrootkit Local Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'Chkrootkit Local Privilege Escalation', 'Description' = %q Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a...

file: multiple denial of service issues (resource consumption)

Multiple flaws were found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of system resources...

binutils: out-of-bounds write when parsing specially crafted PE executable

A stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of...

Chkrootkit Local Privilege Escalation

Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privilege escalation. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2010-1451

The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain PAGEEXEC4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent...

IBM Cognos Disclosure Management Input Validation Vulnerability

IBM Cognos Disclosure Management CDM is a suite of financial reporting and process automation solutions from IBM USA. A security vulnerability exists in IBM CDM version 10.2.4 and earlier. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack and gain access by forging ...

CVE-2015-5014

IBM Cognos Disclosure Management CDM 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation...

The vulnerability of the Kaspersky Anti-Virus antivirus protection allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of Kaspersky Anti-Virus lies in the insufficient processing of a specific format string, which leads to buffer overflows. Exploiting this vulnerability can allow an attacker to cause service interruptions or execute arbitrary code using DEX files during the antivirus software’s...

Lenovo System Update Elevation of Privilege Vulnerability

Lenovo System Update aka ThinkVantage System Update is a system update software from Lenovo. The service component of Lenovo System Update, SUService.exe, creates a named pipe to provide system update services to a low-privileged process.A security vulnerability in Lenovo System Update software...

CVE-2015-5888

The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file...

Code injection

The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file...

h5ai arbitrary file upload vulnerability

h5ai is a software developer Lars Jung developed a set of HTTP Web server for creating file indexing software. An arbitrary file upload vulnerability exists in versions of h5ai prior to 0.25.0. A remote attacker can exploit this vulnerability by uploading an executable file and sending a direct...

NTP ntpd Input Validation Vulnerability

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability exists in the ntpcrypto.c file in ntpd in NTP 4.2.8 and earlier versions. A remote attacker could exploit th...

GLPI Arbitrary Code Execution Vulnerability

GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. An arbitrary file upload vulnerability exists in versions of GLPI prior ...

UBUNTU-CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability

A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with...

CVE-2015-5839

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file...

Unrestricted file upload

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/myimage/image.php...

Microsoft Outlook RTF Embedded Object Security Bypass (CVE-2004-0503)

A security bypass vulnerability exists in Microsoft Outlook. The vulnerability is due to a lack of validation for certain OLE objects attached to RTF messages. A successful exploitation may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-locati...