Lucene search
K

4323 matches found

RedHat Linux
RedHat Linux
added 2014/01/15 5:45 p.m.3 views

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

4.4CVSS5.8AI score0.00594EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2014/01/14 12:0 a.m.28 views

Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure

Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/12/04 5:16 p.m.5 views

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

4.4CVSS5.8AI score0.00594EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/11/07 12:0 a.m.20 views

Ubuntu 12.04 LTS / 12.10 / 13.04 : maas vulnerabilities (USN-2013-1)

It was discovered that maas-import-pxe-files incorrectly loaded configuration information from the current working directory. A local attacker could execute code as an administrator if maas-import-pxe-files were run from an attacker-controlled directory. CVE-2013-1057 It was discovered that...

5.8CVSS5.7AI score0.01936EPSS
Exploits1References3
NVD
NVD
added 2013/08/28 11:55 p.m.44 views

CVE-2013-2035

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

4.4CVSS6.9AI score0.00594EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2013/07/09 5:51 p.m.2 views

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

4.4CVSS5.8AI score0.00594EPSS
Exploits1References4
CVE
CVE
added 2013/03/19 2:0 p.m.47 views

CVE-2013-0224

The CVE-2013-0224 vulnerability affects the Drupal Video module (7.x-2.x) prior to 7.x-2.9 when using the FFmpeg transcoder. A local attacker can cause arbitrary PHP code execution by modifying a temporary PHP file used to store FFmpeg-related data; exploitation relies on write access to that tem...

4.4CVSS7.4AI score0.00303EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2012/10/22 11:55 p.m.2 views

UBUNTU-CVE-2012-4436

Buffer overflow in the runlastargs function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service client crash and possibly execute arbitrary code via many .fwknop.run arguments...

4.4CVSS6.2AI score0.00656EPSS
Exploits0References3
NVD
NVD
added 2012/09/06 5:55 p.m.9 views

CVE-2012-4866

Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as the current working directory. NOTE: some of these details are obtained from third party...

6.9CVSS7.2AI score0.00622EPSS
Exploits1References3
NVD
NVD
added 2012/08/25 9:55 p.m.22 views

CVE-2010-5161

Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory chang...

6.2CVSS6.7AI score0.00303EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2012/08/25 12:0 a.m.6 views

PT-2012-1366 · Bitdefender · Bitdefender Total Security

Name of the Vulnerable Software and Affected Versions: BitDefender Total Security 2010 version 13.0.20.347 Description: A race condition allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-base...

6.2CVSS6.9AI score0.00303EPSS
Exploits0References11
Prion
Prion
added 2012/08/07 9:55 p.m.15 views

Race condition

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

4.4CVSS7.5AI score0.00474EPSS
Exploits1References10Affected Software1
UbuntuCve
UbuntuCve
added 2012/06/27 12:0 a.m.21 views

CVE-2012-3355

1 AlbumTab.py, 2 ArtistTab.py, 3 LinksTab.py, and 4 LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory...

3.6CVSS6.1AI score0.00559EPSS
Exploits0References2
OSV
OSV
added 2012/06/21 3:55 p.m.1 views

DEBIAN-CVE-2012-0219

Heap-based buffer overflow in the xioscanreadline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address...

6.2CVSS8AI score0.00455EPSS
Exploits0References1
msvr
msvr
added 2012/06/19 12:0 a.m.596 views

Vulnerability in Google Chrome Could Allow Local Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome version 17.0.963.79 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Googl...

7.2CVSS2.7AI score0.00274EPSS
Exploits0Affected Software1
Exploit DB
Exploit DB
added 2012/05/23 12:0 a.m.62 views

Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC)

Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC Date: 22/05/2012 Author: 41.w4r10r Software Link: Symantec.com Version: 11.x Tested on: Windows XP SP2 English Windows XP SP3 English Windows Vista 32Bit Windows 7 32Bit CVE : CVE-2012-0289 Time Lin...

7.2CVSS6.4AI score0.0146EPSS
Exploits7
0day.today
0day.today
added 2012/05/23 12:0 a.m.50 views

Symantec End Point Protection 11.x & Symantec Network Access Control 11.x LCE

Exploit for windows platform in category dos / poc Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC Date: 22/05/2012 Author: 41.w4r10r Software Link: Symantec.com Version: 11.x Tested on: Windows XP SP2 English Windows XP SP3 English Windows Vista...

7AI score0.0146EPSS
Exploits7
exploitpack
exploitpack
added 2012/05/23 12:0 a.m.34 views

Symantec End Point Protection 11.x Symantec Network Access Control 11.x - Local Code Execution (PoC)

Symantec End Point Protection 11.x Symantec Network Access Control 11.x - Local Code Execution PoC Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC Date: 22/05/2012 Author: 41.w4r10r Software Link: Symantec.com Version: 11.x Tested on: Windows XP...

7.2CVSS0.3AI score0.0146EPSS
Exploits7
Packet Storm
Packet Storm
added 2012/03/23 12:0 a.m.21 views

Apache Struts2 Local Code Execution

the file: http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java String pathFromRequest = ServletActionContext.getRequest.getParameter"xslt.location"; path = pathFromRequest; URL resource =...

Exploits0
Positive Technologies
Positive Technologies
added 2012/03/22 12:0 a.m.6 views

PT-2012-1251 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.5.22 Description: The issue is related to a local code execution problem in Apache Struts2 when processing malformed XSLT files. This could allow a malicious user to upload and execute arbitrary files by...

9CVSS8.8AI score0.2855EPSS
Exploits0References23
Rows per page
Query Builder