181 matches found
HawtJNI: predictable temporary file name leading to local arbitrary code execution
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...
Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...
Microsoft Outlook 2003 Predictable File Location Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Internet Explorer...
[oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure
Good morning, http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary file issues. The first is in PHP's configure script: char filename = "/tmp/phpglibccheck"; Red Hat bug: https://bugzilla.redhat.com/showbug.cgi?id=1104978 The second issue is Lynis writing a predictable file to...
openSUSE Security Update : gnash (openSUSE-SU-2012:0369-1)
gnash used predictable and world readable temporary file names to store HTTP cookies %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-164. The text description of this plugin is C...
HawtJNI: predictable temporary file name leading to local arbitrary code execution
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...
HawtJNI: predictable temporary file name leading to local arbitrary code execution
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...
Kemana Directory 1.5.6 Database Backup Disclosure Vulnerability
Kemana Directory version 1.5.6 suffers from a database backup disclosure vulnerability. ?php / Kemana Directory 1.5.6 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with...
Kemana Directory 1.5.6 Database Backup Disclosure
$total return; ifempty$starttime $starttime=time; $n...
Kemana Directory 1.5.6 - Database Backup Disclosure
$total return; ifempty$starttime $starttime=time; $now...
Kemana Directory 1.5.6 Database Backup Disclosure Exploit
Summary Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features including: CMS engine based on our qEngine, multiple directories support, user friendly administration control panel, easy to use custom fields,...
CVE-2014-1604
The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...
PYSEC-2014-17
The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...
UBUNTU-CVE-2014-1604
The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...
HawtJNI: predictable temporary file name leading to local arbitrary code execution
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.0 update
Updated Red Hat JBoss Enterprise Application Platform 6.2.0 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.0 update
An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...
Amazon Linux AMI : puppet (ALAS-2011-11)
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users ...
GlusterFS: insecure temporary file creation
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...
Metasploit 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)
Metasploit 4.4 - pcaplog Plugin Privilege Escalation Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require...