2083 matches found
Reaver Pro - Local Privilege Escalation
source: https://www.securityfocus.com/bid/55725/info Reaver Pro is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with root privileges. Successful exploits may result in the complete compromise of affected computers...
Reaver Pro Livedisc Code Execution
!/usr/bin/env python import os print """ Reaver Pro Local Root Exploits a hilarious named pipe flaw. The named pipe /tmp/exe is open to anyone... Any command echoed into it gets ran as root. This simply launches a bindshell on 4444... Insecurety Research | insecurety.net """ print "" print "This ...
Reaver Pro - Local Privilege Escalation
Reaver Pro - Local Privilege Escalation source: https://www.securityfocus.com/bid/55725/info Reaver Pro is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with root privileges. Successful exploits may result in the complete...
Scientific Linux Security Update : bash on SL5.x i386/x86_64
Bash is the default shell for Scientific Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary fil...
CentOS Update for bash CESA-2011:1073 centos5 x86_64
Check for the Version of bash OpenVAS Vulnerability Test CentOS Update for bash CESA-2011:1073 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount
The cifslookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service OOPS via attempted access to a special file, as demonstrated by a FIFO...
Linux Kernel epoll Subsystem “eventpoll.c”多个本地拒绝服务漏洞
BUGTRAQ ID: 46630 CVE ID: CVE-2011-1082,CVE-2011-1083 Linux Kernel是Linux操作系统的内核。 Linux Kernel 2.6.38之前版本的fs/eventpoll.c在epoll子系统的实现上存在本地拒绝服务安全漏洞,将epoll文件描述符放置在其他epoll数据结构中,没有检查已关闭的循环或深链接,攻击者可利用此漏洞造成拒绝服务 0 Linux kernel 2.6.38 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.or...
CVE-2011-4784
The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application...
CVE-2011-4784
The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application...
Oracle Job Scheduler Named Pipe Command Execution
This module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex" and execute arbitrary commands received over this channel via CreateProcess. In order to connect to the Named...
Port stretcher v0.1
Это тоже, пожалуй, сюда перенесу из приватов античатов. Кроссплатформенный win/lin, x32/x64 датапайп с возможностью бекконнекта. Не помню, писали ли о нём что-нибудь хорошее на ачате, так что пока сюда. Если багов не видно, то можно и в паблик...
CentOS 5 : bash (CESA-2011:1073)
An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...
CentOS Update for kernel CESA-2009:0326 centos5 i386
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2009:0326 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
bash security, bug fix, and enhancement update
3.2-32 - Dont include backup files Resolves: 700157 3.2-31 - Use 'mktemp' for temporary files Resolves: 700157 3.2-30 - Added man page references to systemwide .bashlogout Resolves: 592979 3.2-29 - Readline glitch, when editing line with more spaces and resizing window Resolves: 525474 3.2-28 - F...
Code injection
The pipefcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an FSETPIPESZ fcntl call...
PT-2011-1489 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37 Description: The issue is related to the pipe fcntl function in fs/pipe.c, which does not properly determine whether a file is a named pipe. This allows local users to cause a denial of service via an F...
CVE-2010-4256
The pipefcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an FSETPIPESZ fcntl call...
CVE-2010-4604
Stack-based buffer overflow in the GeneratePassword function in dsmtca aka the Trusted Communications Agent or TCA in the backup-archive client in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows...
Stack overflow
Stack-based buffer overflow in the GeneratePassword function in dsmtca aka the Trusted Communications Agent or TCA in the backup-archive client in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows...
CVE-2010-2793
Race condition in the SPICE aka spice-activex plug-in for Internet Explorer in Red Hat Enterprise Virtualization RHEV Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in...