[Full-disclosure] JBoss jBPM 2.0: Remote code execution and classloader covert channel

Security Advisory: jBPM 2.0 Date: 06/22/05 URL: http://www.illegalaccess.org/java/jbpm.php " JBoss jBPM is a flexible, extensible workflow management system." jbpm.org Problem 1: Remote code execution possible with jBPM . This allows an attacker to trigger an arbitrary executable on the jBPM/ JBo...

DSX Raritan Console Servers weak permissions

Executable files are writable by unprivileged users...

linux/x86 upload & exec 189 bytes

Exploit for linux/x86 platform in category shellcode ================================= linux/x86 upload & exec 189 bytes ================================= UPLOAD & EXEC SHELLCODE 1 converting asm to hex 2 asm code 3 hex output 4 upload function This is an 'upload and exec' shellcode for the x86...

Yaws Webserver source code leak

00 at the end of executable file allows to see it's content...

SilverCity: Insecure file permissions

Background SilverCity provides lexical analysis for over 20 programming and markup languages. Description The SilverCity package installs three executable files with insecure permissions. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the...

USN-136-1: binutils vulnerability

Tavis Ormandy found an integer overflow in the Binary File Descriptor BFD parser in the GNU debugger. The same vulnerable code is also present in binutils. By tricking an user into processing a specially crafted executable with the binutils tools strings, objdump, nm, readelf, etc., an attacker...

TFTP Backdoor Detection

A TFTP server is running on this port. However, while trying to fetch a random file, we got an executable file. Many worms are known to propagate through TFTP. This is probably a backdoor. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid18263; scriptversion "$Revision:...

DEBIAN-CVE-2005-1545

Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow...

CVE-2005-0230

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files...

Altris deployment solution AClient privilege escalation

It's possible to launch executable with LocalSystem privileges...

CVE-2005-1286

CVE-2005-1286 affects BitDefender 8 with an unquoted Windows search path when executing a process. The root cause is lack of quoting of the full pathname, enabling a local user to prevent BitDefender from starting by creating a malicious C:\program.exe. The NVD entry documents this local, high-co...

security flaw

The loadelflibrary in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service kernel crash via a crafted ELF library or executable, which causes a free of an invalid pointer...

security flaw

The loadelflibrary in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service kernel crash via a crafted ELF library or executable, which causes a free of an invalid pointer...

DoKuWiki file-upload vulnerabilities

ADZ Security Team =================== Info Program: DoKuWiki Version: 2005-02-18 Module: media.php Bug type: File Upload bug Vendor site: http://wiki.splitbrain.org/ Vendor Informed: Yes =================== Bug Info Remote user with file-upload privileges can upload anyone file with any...

sash 3.7 - Local Buffer Overflow

/ sash-3.7 buffer overflow in c argyment written by lammat for practice purposes http://grpower.ath.cx [email protected] gdb r -c perl -e 'print "A"x10256' The program being debugged has been started already. Start it from the beginning? y or n y Starting program: /sbin/sash -c perl -e 'print...

PT-2005-2067 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.x Description: The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary...

CVE-2005-0749

The loadelflibrary in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service kernel crash via a crafted ELF library or executable, which causes a free of an invalid pointer...

Apple Mac OSX 10.3.8 - CF_CHARSET_PATH Local Buffer Overflow Local Privilege Escalation

Apple Mac OSX 10.3.8 - CFCHARSETPATH Local Buffer Overflow Local Privilege Escalation / MacOS XCFCHARSETPATH: local root exploit. by: [email protected] fakehalo/realhalo found by: iDefense anon finder saw the advisory on bugtraq and figured i'd slap this together, so simple i had to. exploits via th...

PaX non-executable memory protection privilege escalation

Bug in vma mirroring feature allows to execute code with privilege of the different application...

Download dialog spoofing using Content-Disposition header — Mozilla

Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...