71 matches found
CVE-2023-47233
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to...
CVE-2022-41958 Deserialization Vulnerability by yaml config input in super-xray
super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be...
PT-2022-26183 · Unknown · Super-Xray
Name of the Vulnerable Software and Affected Versions: super-xray versions prior to 0.7 Description: The issue concerns a web vulnerability scanning tool that assumed trusted input for the program config stored in a yaml file. An attacker with local access to the file could exploit this and...
CVE-2021-3721
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error...
Debian DSA-172-1 : tkmail - insecure temporary files
It has been discovered that tkmail creates temporary files insecurely. Exploiting this an attacker with local access can easily create and overwrite files as another user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...
[SECURITY] [DSA 398-1] New conquest packages fix local conquest exploit
-------------------------------------------------------------------------- Debian Security Advisory DSA 398-1 [email protected] http://www.debian.org/security/ Martin Schulze November 10th, 2003 http://www.debian.org/security/faq -...
PEEL 1.0b - Remote File Inclusion
PEEL 1.0b - Remote File Inclusion source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...
DSA-202 im - insecure temporary files
Bulletin has no description...
Cobalt RaQ 2.0/3.0/4.0 XTR - 'MultiFileUpload.php' Authentication Bypass (1)
source: https://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently protected from outside access. While other sensitive administrative scripts...
Fatal flaw in BestCrypt <= v0.7 (Linux)
Hello fellow Bugtraq'ers. As you can see in the message below I have discovered a flaw in the SUID-root "bctool" program that comes with BestCrypt from Jetico. A session transcript where the flaw is exploited is also included and so is a patch for the problem. For those of you that did not know,...
NCSA HTTPd 1.x - Remote Buffer Overflow (1)
NCSA HTTPd 1.x - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote use...