Race condition

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

CVE-2012-3355

1 AlbumTab.py, 2 ArtistTab.py, 3 LinksTab.py, and 4 LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory...

DEBIAN-CVE-2012-0219

Heap-based buffer overflow in the xioscanreadline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address...

Vulnerability in Google Chrome Could Allow Local Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome version 17.0.963.79 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Googl...

Symantec End Point Protection 11.x Symantec Network Access Control 11.x - Local Code Execution (PoC)

Symantec End Point Protection 11.x Symantec Network Access Control 11.x - Local Code Execution PoC Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC Date: 22/05/2012 Author: 41.w4r10r Software Link: Symantec.com Version: 11.x Tested on: Windows XP...

Symantec End Point Protection 11.x & Symantec Network Access Control 11.x LCE

Exploit for windows platform in category dos / poc Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC Date: 22/05/2012 Author: 41.w4r10r Software Link: Symantec.com Version: 11.x Tested on: Windows XP SP2 English Windows XP SP3 English Windows Vista...

Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC)

Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC Date: 22/05/2012 Author: 41.w4r10r Software Link: Symantec.com Version: 11.x Tested on: Windows XP SP2 English Windows XP SP3 English Windows Vista 32Bit Windows 7 32Bit CVE : CVE-2012-0289 Time Lin...

Apache Struts2 Local Code Execution

the file: http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java String pathFromRequest = ServletActionContext.getRequest.getParameter"xslt.location"; path = pathFromRequest; URL resource =...

PT-2012-1251 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.5.22 Description: The issue is related to a local code execution problem in Apache Struts2 when processing malformed XSLT files. This could allow a malicious user to upload and execute arbitrary files by...

DEBIAN-CVE-2012-0809

Format string vulnerability in the sudodebug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo...

CVE-2012-0809

CVE-2012-0809 is a format-string vulnerability in the sudo_debug() function present in sudo versions 1.8.0 through 1.8.3p1, enabling local privilege escalation by supplying a crafted program name. The vulnerability is evidenced in multiple connected sources (Gentoo GLSA-201203-06, openSUSE patch ...

MySQL < 3.23.50 / 4.0.2 Local Code Execution

The version of MySQL installed on the remote host is earlier than 3.23.50 or 4.0.2. On Win32, these versions allow a local attacker to execute arbitrary code via a long 'datadir' parameter in the 'my.ini' file. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17819;...

DEBIAN-CVE-2011-2776

Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information...

Cisco Nexus switches protection bypass

It's possible to bypass ACL limitation. Local code execution...

VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net

by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...

PT-2011-3509 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: T...

CVE-2011-2957

Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 CPR9 SR3 allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer .ftd configuration file, which triggers memory corruption...

PT-2011-2545 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 and SP2 Microsoft Windows Server 2008 versions Gold, SP2, R2, and R2 SP1 Microsoft Windows 7 versions Gold and SP1...

WordPress plugin BackWPup remote and local code execution vulnerability and fix-vulnerability warning-the black bar safety net

Brief Description: a vulnerability was discovered in the WordPress plugin BackWPup 1.6.1 can be used on web pages to perform local or remote code Server. Input passed to the Assembly“wpxmlexport.php”by “wpabs”variable to allow the inclusion and execution of local or remote PHP file, as long as...

Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability

No description provided by source. Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2010 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 verified, possibly others Severity Rating. High...