qemu guest agent (qga) insecure file permissions

ISSUE DESCRIPTION The qemu guest agent creates files with insecure permissions when started in daemon mode. IMPACT The qemu guest agent is not used by default in Xen systems. If it is used in a particular guest, unprivileged guest processes might be able to escalate their privilege to that of the...

K-Shell by kikicoco VHS version 1.2 edition (.aspx)

Данная утилита предназначенна для системных администраторов для удаленного управления своим сервером. Любое незаконное использование скрипта преследуется по закону. last update: 06.05.2013 21:20 Что может: Wso-style Server IP Client IP HostName Username OS Version IIS Version System Dir...

[SECURITY] Fedora 17 Update: qemu-1.0.1-6.fc17

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 18 Update: qemu-1.2.2-11.fc18

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

7T Interactive Graphical SCADA RMS Reports Buffer Overflow

7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. Multiple buffer overflow vulnerabilities have been reported in 7T Interactive Graphical SCADA System IGSS. The vulnerability is due to boundary errors in the...

Attacks on SCADA, ICS Honeypots Modified Critical Operations

With antiquated gear running the country’s industrial control systems that oversee critical infrastructure, it’s no shock attackers targeting SCADA networks do their fair share of reconnaissance looking for weak spots in that equipment. A researcher decided to put that theory to a practical test...

[SET v4.7] The Social-Engineer Toolkit

The Social-Engineer Toolkit SET version 4.7 codename “ Headshot ” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the...

Third-Party Applications to Blame for 87 Percent of Vulnerabilities Last Year

Third-party applications accounted for a whopping percentage of vulnerabilities last year, many more than security flaws found in Microsoft programs according to a report released this week by Danish vulnerability research firm Secunia. Eighty-seven percent of the vulnerabilities found in the top...

Design/Logic Flaw

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors...

CVE-2013-0910

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-i...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...

[RemoteDLLInjector] Command-line Tool to Inject DLL into Remote Process

Remote DLL Injector is the free command-line tool to Inject DLL into remote process. Currently it supports DLL injection using the CreateRemoteThread technique. If you are looking for advanced and more user friendly GUI version then check out our popular RemoteDll tool. Being a command-line tool...

Nmap NSE 6.01: smb-enum-processes

Pulls a list of processes from the remote server over SMB. This will determine all running processes, their process IDs, and their parent processes. It is done by querying the remote registry service, which is disabled by default on Vista; on all other Windows versions, it requires Administrator...

Nmap NSE 6.01: smb-enum-processes

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tuned: insecure permissions of tuned.pid

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

DARPA, FIDO Alliance Join Race to Replace Passwords

Nearly everyone agrees that passwords are the bane of Internet security. For years, industry thinkers have somewhat vaguely referenced the need for Internet fingerprints capable of reliably verifing identities online. Yet here we are, it’s 2013 and passwords remain the primary means of...

Schneider Electric Interactive Graphical SCADA System Data Collector Overflow

Added: 02/11/2013 CVE: CVE-2013-0657 BID: 57449 OSVDB: 89324 Background Schneider Electric Interactive Graphical SCADA System IGSS is a supervisory control and data acquisition SCADA system designed to monitor and control industrial processes. The Data Collector DC.exe component listens on port...

[SECURITY] Fedora 18 Update: qemu-1.2.2-2.fc18

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 17 Update: qemu-1.0.1-3.fc17

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...