MGASA-2014-0439 Updated [package] package fix CVE-2014-3710

Updated file packages fix security vulnerability: An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash CVE-2014-3710...

Updated [package] package fix CVE-2014-3710

Updated file packages fix security vulnerability: An out-of-bounds read flaw was found in file's donote function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash CVE-2014-3710...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

CVE-2014-3684

The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...

CVE-2014-3684

The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...

Design/Logic Flaw

The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...

CVE-2014-3684

The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

Exploit for linux platform in category dos / poc Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool...

OpenBSD <= 5.5 Local Kernel Panic

OpenBSD = 5.5 All architectures is prone to a local DoS condition by triggering a kernel panic through a malformed ELF executable. A patch has been released to address this issue. See "013 Reliability Fix" at: http://www.openbsd.org/errata55.html013kernexec More details and PoC code:...

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable...

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

Binary File Descriptor Library libbfd - Out-of-Bounds Crash Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is tha...

Directory traversal

Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. dot dot sequences in its name, then accessing t...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

Input validation

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

Huawei Mobile Partner DLL Hijacking

Title: Huawei Mobile Partner Multiple Vulnerabilities Version: 23.009.05.03.1014 Tested on: Windows XP SP2 en Vendor: http://www.huawei.com/ Software-Link: http://download-c.huawei.com/download/downloadCenter?downloadId=18474&version=16815&siteCode=worldwide E-Mail: osandaatunseen.is Author: Osan...

Unrestricted file upload

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it...

HP Data Protector EXEC_INTEGUTIL Remote Code Execution

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXECINTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible...

Unrestricted file upload

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...