Lucene search
+L

7333 matches found

Prion
Prion
added 2013/06/18 10:55 p.m.17 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer...

6.9CVSS5.8AI score0.005EPSS
Exploits0References7Affected Software2
Kitploit
Kitploit
added 2013/05/30 1:43 a.m.20 views

[aidSQL] A tool that will aid you when trying to find vulnerable spots in your site

Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. 2013-05-27 NEW aidSQL Release which supports MS SQL SERVER 2000 Database injection and reverse...

8.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/05/20 2:27 p.m.76 views

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.1.0 update

JBoss Enterprise Application Platform 6.1.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

6.8CVSS6.7AI score0.35584EPSS
Exploits3References10
RedHat Linux
RedHat Linux
added 2013/05/20 2:27 p.m.9 views

Installer: Generated auto-install xml is world readable

The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...

2.1CVSS5.8AI score0.00366EPSS
Exploits0References4
Kitploit
Kitploit
added 2013/04/29 11:22 p.m.31 views

[MSF-Installer] Script to Automate Metasploit Framework Installation

Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of...

7.2AI score
Exploits0References1
Prion
Prion
added 2013/04/18 2:25 a.m.19 views

Code injection

The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse...

6.6CVSS7AI score0.00336EPSS
Exploits0References2
CVE
CVE
added 2013/04/18 1:0 a.m.55 views

CVE-2013-0687

The issue CVE-2013-0687 affects Schneider Electric MiCOM S1 Studio Software. The root cause is world-writable permissions set on executable files within the MiCOM S1 Studio installation, enabling a local attacker with access to replace executables in the program files directory. Consequences incl...

6.6CVSS6.6AI score0.00336EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/04/18 1:0 a.m.36 views

CVE-2013-0687

The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse...

6.4AI score0.00336EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2013/03/21 8:4 a.m.31 views

pidgin: 2.10.7 update to fix security issues and bugs (important)

Pidgin was updated to 2.10.7 to fix various security issues and the bug that IRC did not work at all in 12.3. Changes: - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the IRC module to be loaded bnc806975. - Update to version 2.10.7 bnc804742: + Alien hatchery: - No changes + General...

6.8CVSS0.3AI score0.03121EPSS
Exploits2References2
Kitploit
Kitploit
added 2013/03/16 12:18 a.m.23 views

[Password Sniffer Console] Password Sniffing Tool to capture Email, Web and FTP login passwords

Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of...

7.2AI score
Exploits0
NVD
NVD
added 2013/03/08 9:55 p.m.21 views

CVE-2013-0261

A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption...

8.8CVSS6.4AI score0.00346EPSS
Exploits0References3
Prion
Prion
added 2013/03/08 9:55 p.m.23 views

Code injection

1 installer/basedefs.py and 2 modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

4.4CVSS6.8AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2013/03/08 9:0 p.m.77 views

CVE-2013-0261

CVE-2013-0261 concerns PackStack/openstack-packstack. A local attacker can exploit a symlink attack during manifest creation to overwrite arbitrary files in /tmp, potentially affecting files the invoking user can access and, per Red Hat advisory, could lead to denial of service and manipulation o...

8.8CVSS5.4AI score0.00346EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2013/03/08 12:0 a.m.9 views

PT-2013-2196

Name of the Vulnerable Software and Affected Versions PackStack affected versions not specified Description The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. This is due to vulnerabilities in two components: 1...

8.8CVSS5.9AI score0.00346EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2013/02/27 12:0 a.m.43 views

ipa security, bug fix and enhancement update

3.0.0-25.el6 - Filter generated winbind dependencies so the right version of samba can be installed. 905594 3.0.0-24.el6 - Add certmonger condrestart to server post scriptlet 903758 - Make certmonger a pre Requires 903758 - Add selinux-policy to Requirespre to avoid post scriptlet AVCs 903758 - S...

7.9CVSS9.1AI score0.01838EPSS
Exploits0
Metasploit
Metasploit
added 2013/02/07 11:11 p.m.29 views

Windows Persistent Registry Startup Payload Installer

This module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in "CurrentVersion\Run" depending on privilege and selected method. This module requires Metasploit: https://metasploit.com/download Current source:...

10AI score
Exploits0
Prion
Prion
added 2013/02/05 11:55 p.m.22 views

Design/Logic Flaw

The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...

2.1CVSS6.9AI score0.00366EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2013/02/05 11:55 p.m.28 views

CVE-2013-0218

The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...

2.1CVSS5.8AI score0.00366EPSS
Exploits0References6
Cvelist
Cvelist
added 2013/02/05 11:11 p.m.35 views

CVE-2013-0218

The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...

6.3AI score0.00366EPSS
Exploits0References8
CVE
CVE
added 2013/02/05 11:11 p.m.65 views

CVE-2013-0218

CVE-2013-0218 affects JBoss EAP/EWP 5.2.0 (and possibly 5.1.2); the GUI installer creates a world-readable auto-install XML file that stores the administrator and sucker passwords in plain text. A local user who can access the installer directory could read this file and gain administrative acces...

2.1CVSS5.6AI score0.00366EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder