2285 matches found
Command injection
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11747
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
DEBIAN-CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11747
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...
CVE-2017-11746
CVE-2017-11746 affects Tenshi 0.15. The issue: tenshi.pid is created after dropping privileges to a non-root account, permitting a local attacker to kill arbitrary processes by modifying tenshi.pid before a root script issues a kill command. Impact: local privilege/escalation and process terminat...
Schneider Electric PowerSCADA Anywhere/Citect Anywhere Command Separator Improperity Vulnerability
PowerSCADA Anywhere is SCADA and power monitoring software.Citect is industrial automation operation and monitoring software. An improper command separator vulnerability exists in the implementation of PowerSCADA Anywhere 1.0 and Citect Anywhere version 1.0. An attacker in close network proximity...
Citrix SCOM MP for StoreFront causes high memory utilization on Windows Server 2008 R2
Citrix SCOM MP for StoreFront causes high memory usage as well as can spawn many cscript.exe and conhost.exe processes...
pyrasite - Inject code into running Python processes
Tools for injecting arbitrary code into running Python processes. Requirements gdb version 7.3+ or RHEL5+ On OS X you will need to have a codesigned gdb - see https://sourceware.org/gdb/wiki/BuildingOnDarwin if you get errors while running with --verbose which mention codesigning. Compatiblity...
Microsoft Edge browser vulnerability, which allows a hacker to gain access to processes in privileged context
The vulnerability of Microsoft Edge relates to improper access to objects in memory. Exploiting this vulnerability can allow a local attacker to gain control over processes from a privileged context...
Microsoft Edge browser vulnerability, which allows a hacker to gain access to processes in privileged context
The vulnerability of Microsoft Edge relates to improper access to objects in memory. Exploiting this vulnerability can allow a local attacker to gain control over processes from a privileged context...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of NVIDIA’s I2C HID driver for the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...
MGASA-2017-0189 Updated docker packages fix security vulnerability
The runc component used by docker exec feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can,...
Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible...
The vulnerability of the Qualcomm GPU operating system driver for Android allows a hacker to execute arbitrary code.
The vulnerability of the Qualcomm GPU operating system for Android is related to deficiencies in access control. It is necessary to gain access to privileged processes and modify the current platform configuration. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the...
pymultitor - Python Multi Threaded Tor Proxy
Did you ever want to be at two different places at the same time? While performing penetration tests there are often problems caused by security devices that block the "attacking" IP. With a large number of IP addresses performing the attacks, better results are guaranteed - especially when...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of MediaTek’s Android operating system driver-related code is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the kernel context. This issue is considered “high” because it requires compromising...