pam security update

CentOS Errata and Security Advisory CESA-2010:0819 Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base score...

pam: pam_env and pam_mail accessing users' file with root privileges

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

Moderate: Red Hat Security Advisory: pam security update

Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

PT-2010-1042 · Linux +1 · Linux-Pam +1

Name of the Vulnerable Software and Affected Versions: Linux-PAM versions prior to 1.1.2 Red Hat Enterprise Linux pam-devel version 1.1.1 Red Hat Enterprise Linux pam-debuginfo version 1.1.1 Red Hat Enterprise Linux pam version 1.1.1 Description: The issue concerns multiple vulnerabilities in the...

Dolphin 7.0.3 <= (6) Modules LFI Vulnerabilities

Exploit for php platform in category web applications ================================================ Dolphin 7.0.3 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm KnocKout member...

Dolphin 7.0.3 <= (poll) Modules LFI Vulnerability

Exploit for php platform in category web applications ================================================= Dolphin 7.0.3 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm KnocKout membe...

USN-959-2: PAM vulnerability

USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10. Original advisory details: Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploi...

VSR Advisories: Linux RDS Protocol Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Linux RDS Protocol Local Privilege Escalation Release Date: 2010-10-19 Application: Linux Kernel Versions:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the 1 Add Pages, 2 Add Global Content, 3 Edit Global Content, 4 Add Article, 5 Add Category, 6 Add Field Definition, or 7 Add Shortcut...

Novell Messenger Server 2.0 - Accept-Language Overflow (Metasploit)

$Id: novellmessengeracceptlang.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

HP Data Protector Media Operations 6.11 (Multiple Modules) - Null Pointer Dereference Denial of Service

Exploit Title: HP Data Protector Media Operations 6.11 Multiple NULL Pointer Dereference Local DoS 0day Date: 11/09/2010 Author: d0lc3 d0lc3xatgmaildomcom Author Link: http://elotrolad0.blogspot.com/ Software Link: trial https://h10078.www1.hp.com/cda/hpdc/navigation.do?...

visinia 1.3 - Multiple Vulnerabilities

visinia 1.3 - Multiple Vulnerabilities ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 3 0day | | | | || / \ || | | | || ||// \/|/ ''' Abysssec Inc Public Advisory Title : Visinia Multiple Vulnerabilities Affected Version : Visinia 1.3 Discovery :...

Linux Kernel &lt; 2.6.36-rc1 CAN BCM Privilege Escalation Exploit

No description provided by source. / i-CAN-haz-MODHARDEN.c Linux Kernel 2.6.36-rc1 CAN BCM Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in th...

Linux Kernel &lt; 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - &#039;CAN BCM&#039; Local Privilege Escalation

/ i-CAN-haz-MODHARDEN.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in the Controller Area Network CAN subsystem when setting up frame content and filtering certain messages. An attacker...

Linux Kernel 2.6.36-rc1 (Ubuntu 10.04 2.6.32) - CAN BCM Local Privilege Escalation

Linux Kernel 2.6.36-rc1 Ubuntu 10.04 2.6.32 - CAN BCM Local Privilege Escalation / i-CAN-haz-MODHARDEN.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in the Controller Area Network CAN...

SA-CONTRIB-2010-083 - Ubercart sub-modules - Multiple Vulnerabilities

The Ubercart module for Drupal provides e-commerce features. Several modules within Ubercart were vulnerable to various security issues. 1. The 2Checkout gateway module did not properly verify the payment notification information. A malicious user could use a specially crafted HTTP request to...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

Directory traversal

Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...

CVE-2009-4960

Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...

CVE-2010-0832

pammotd aka the MOTD module in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user...