7333 matches found
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer...
[aidSQL] A tool that will aid you when trying to find vulnerable spots in your site
Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. 2013-05-27 NEW aidSQL Release which supports MS SQL SERVER 2000 Database injection and reverse...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.1.0 update
JBoss Enterprise Application Platform 6.1.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...
Installer: Generated auto-install xml is world readable
The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...
[MSF-Installer] Script to Automate Metasploit Framework Installation
Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of...
Code injection
The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse...
CVE-2013-0687
The issue CVE-2013-0687 affects Schneider Electric MiCOM S1 Studio Software. The root cause is world-writable permissions set on executable files within the MiCOM S1 Studio installation, enabling a local attacker with access to replace executables in the program files directory. Consequences incl...
CVE-2013-0687
The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse...
pidgin: 2.10.7 update to fix security issues and bugs (important)
Pidgin was updated to 2.10.7 to fix various security issues and the bug that IRC did not work at all in 12.3. Changes: - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the IRC module to be loaded bnc806975. - Update to version 2.10.7 bnc804742: + Alien hatchery: - No changes + General...
[Password Sniffer Console] Password Sniffing Tool to capture Email, Web and FTP login passwords
Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of...
CVE-2013-0261
A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption...
Code injection
1 installer/basedefs.py and 2 modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
CVE-2013-0261
CVE-2013-0261 concerns PackStack/openstack-packstack. A local attacker can exploit a symlink attack during manifest creation to overwrite arbitrary files in /tmp, potentially affecting files the invoking user can access and, per Red Hat advisory, could lead to denial of service and manipulation o...
PT-2013-2196
Name of the Vulnerable Software and Affected Versions PackStack affected versions not specified Description The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. This is due to vulnerabilities in two components: 1...
ipa security, bug fix and enhancement update
3.0.0-25.el6 - Filter generated winbind dependencies so the right version of samba can be installed. 905594 3.0.0-24.el6 - Add certmonger condrestart to server post scriptlet 903758 - Make certmonger a pre Requires 903758 - Add selinux-policy to Requirespre to avoid post scriptlet AVCs 903758 - S...
Windows Persistent Registry Startup Payload Installer
This module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in "CurrentVersion\Run" depending on privilege and selected method. This module requires Metasploit: https://metasploit.com/download Current source:...
Design/Logic Flaw
The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...
CVE-2013-0218
The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...
CVE-2013-0218
The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...
CVE-2013-0218
CVE-2013-0218 affects JBoss EAP/EWP 5.2.0 (and possibly 5.1.2); the GUI installer creates a world-readable auto-install XML file that stores the administrator and sucker passwords in plain text. A local user who can access the installer directory could read this file and gain administrative acces...