QNX 6.5.0 x86 phfont - Local Privilege Escalation

QNX 6.5.0 x86 phfont - Local Privilege Escalation / QNX 6.5.0 x86 phfont local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/phfont on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTONHOME environment...

QNX 6.5.0 x86 io-graphics - Local Privilege Escalation

/ QNX 6.5.0 x86 io-graphics local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/io-graphics on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTON2HOME environment variable. - vulnerable platforms: QNX...

QNX 6.5.0 x86 phfont - Local Privilege Escalation

/ QNX 6.5.0 x86 phfont local root exploit by cenobyte 2013 - vulnerability description: Setuid root /usr/photon/bin/phfont on QNX is prone to a buffer overflow. The vulnerability is due to insufficent bounds checking of the PHOTONHOME environment variable. - vulnerable platforms: QNX 6.5.0SP1 QNX...

Format string

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...

Format string

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...

Supermicro Onboard IPMI - 'close_window.cgi' Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Supermicro Onboard IPMI closewindow.cgi Buffer Overflow', 'Description' = %q This module exploits a buffer overflow on the Supermicro...

Supermicro Onboard IPMI close_window.cgi Buffer Overflow Vulnerability

This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an...

Juniper Networks Junos OS GNU libc GLOB_LIMIT DoS Vulnerability

Remote authenticated users can cause a partial denial of service via crafted glob expressions. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Design/Logic Flaw

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...

CVE-2013-5180

The CVE-2013-5180 entry concerns the srandomdev function in Libc on Apple Mac OS X prior to 10.9. When the kernel random-number generator is unavailable, srandomdev produces predictable values instead of true randomness, which can help context-dependent attackers defeat cryptographic protections....

CVE-2013-5180

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...

Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)

The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld -...

Juniper Junos GNU libc glob Remote DoS (JSA10598)

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to a flaw in the glob implementation in libc. An authenticated, remote attacker can exploit this, via a crafted glob expression that does not match any pathnames, to...

CVE-2013-3745

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc...

Design/Logic Flaw

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc...

CVE-2013-3745

The CVE-2013-3745 entry corresponds to a vulnerability in the Solaris Libraries/Libc component affecting Oracle Solaris 8, 9, 10 and 11. The connected Nessus plugin details specify that this is a local, easily exploited issue that can cause a hang or a frequent crash (complete DOS) on affected So...

CVE-2013-3951

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

Path traversal

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

CVE-2013-3951

CVE-2013-3951 affects Apple iOS 6.1.3 and Mac OS X 10.8.x. Kernel/XNU stack cookies could be bypassed due to improper generation/parsing of user-space stack cookies, allowing local attackers to bypass cookie randomization via a stack-guard= path. Exploitation is described in the kernel context as...

CVE-2012-0570

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc...