[ASA-201810-15] xorg-server: privilege escalation

Arch Linux Security Advisory ASA-201810-15 ========================================== Severity: High Date : 2018-10-29 CVE-ID : CVE-2018-14665 Package : xorg-server Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-788 Summary ======= The package xorg-server befor...

New Privilege Escalation Flaw Affects Most Linux Distributions

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system display server that offers ...

DEBIAN-CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

ALPINE-CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

UBUNTU-CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root...

Autocrack - Hashcat Wrapper To Help Automate The Cracking Process

This python script is a Hashcat https://hashcat.net wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks. Autocrack uses...

pharoscontrols Information Disclosure

pharoscontrols Unauthorized Information Disclosure zoomeye dork : https://www.zoomeye.org/searchResult?q=%22Location%3A%20%2Fdefault%2Findex.lsp%22 Remote administration interface http://xx.xx.xx.xx/default/index.lsp Unauthorized Logfile Disclosure http://xx.xx.xx.xx/default/log.lsp...

openSUSE Security Update : postgresql96 (openSUSE-2018-638)

PostgreSQL was updated to 9.6.9 fixing bugs and security issues : Release notes : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-6-9.html A dump/restore is not required for those running 9.6.X. However, if you use the adminpack extension,...

Windows Defender Firewall: Logfile path

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winadvsecprofilelogfilepath.nasl 10010 2018-05-29 14:43:35Z emoss $ Check value for Windows Defender Firewall: Path to logfile Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.ne...

Windows Defender Firewall: Logfile size limit

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winadvsecprofilelogfilesize.nasl 10010 2018-05-29 14:43:35Z emoss $ Check value for Windows Defender Firewall: logfile size limit Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

PostgreSQL adminpack Extension Security Bypass Vulnerability

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group . The system supports most of the SQL standard and provides many other features such as foreign keys, triggers, views, etc. adminpack is one of the contrib modules. A security...

CVE-2017-9271

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...

Design/Logic Flaw

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...

CVE-2017-9271

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...

CVE-2017-9271

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...

Arq 5.10 - Local Privilege Escalation Exploit (2)

Exploit for macOS platform in category local exploits !/bin/bash Arq payload.sh EOF !/bin/bash rm -rf $HOME/.arq510privescexp while : do pid=\ps auxwww |grep '$app/Contents/MacOS/Arq' |grep -v grep |xar...

Code injection

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-11817)

This tracker entry is a fork of issue 1325, which this bug was reported as a part of. However, as some essential information and context was provided in issue 1325, the "Reported" date was adjusted there to account for it. The new information did not concern the vulnerability discussed here, so w...