CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

7T Interactive Graphical SCADA System File Operations Buffer Overflows (CVE-2011-1567; CVE-2011-4050)

7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. Multiple buffer overflow vulnerabilities have been reported in 7T Interactive Graphical SCADA System IGSS. The vulnerability is due to boundary errors in the...

[SECURITY] Fedora 14 Update: polkit-0.98-5.fc14

PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

CVE-2011-1439

CVE-2011-1439 affects Google Chrome on Linux prior to 11.0.696.57. The vulnerability arises from improper isolation of renderer processes, with unspecified impact and remote attack vectors described in the entry. The issue was fixed in Chrome 11.0.696.57 (stable update), per Google's Chrome relea...

backorifice-info NSE Script

Connects to a BackOrifice service and gathers information about the host and the BackOrifice service itself. The extracted host information includes basic system setup, list of running processes, network resources and shares. Information about the service includes enabled port redirections,...

Windows Manage Inject in Memory Multiple Payloads

This module will inject in to several processes a given payload and connecting to a given list of IP Addresses. The module works with a given lists of IP Addresses and process PIDs if no PID is given it will start a the given process in the advanced options and inject the selected payload in to t...

The Challenge of Starting an Application Security Program

Since organizations started opening their internal applications to the Web, a little more than a decade ago, it became clear that the security of those connected applications would be more complex – and critical to get right – than before. Unfortunately, through complacency, perhaps a feeling tha...

Microsoft Windows CSRSS LPC_PORT_CLOSED Information Disclosure (MS11-010; CVE-2011-0030)

The Client/Server Run-time Subsystem CSRSS is the user-mode portion of the Win32 subsystem. CSRSS is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, and creating and/or deleting threads. An elevation of privilege vulnerability has been reported ...

RedHat Linux - Stickiness of tmp

RedHat Linux - Stickiness of tmp from: http://marc.info/?l=full-disclosure&m=129842239022495&w=2 Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provi...

RedHat Linux - Stickiness of /tmp

from: http://marc.info/?l=full-disclosure&m=129842239022495&w=2 Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provide seunshare, a setuid root utili...

SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3068 / 3069 / 3070)

This SUSE Linux Enterprise 11 Service Pack 1 kernel contains various security fixes and lots of other bugfixes. Notable larger bugfixes and changes : - 603464: Fix system freezewhen doing a network crashdump with a netxennic driver - 610828: Avoid kernel failure on connects/disconnects to a novel...

HP-UX PHKL_39133 : HP-UX Running Threaded Processes, Remote Denial of Service (DoS) (HPSBUX02611 SSRT090201 rev.1)

s700800 11.11 SPP fragmentation;AIO;EVP;ufalloc;dup2 race : A potential security vulnerability has been identified with HP-UX running threaded processes. The vulnerability could be exploited remotely to create a Denial of Service DoS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

HP-UX PHKL_40944 : HP-UX Running Threaded Processes, Remote Denial of Service (DoS) (HPSBUX02611 SSRT090201 rev.1)

s700800 11.31 fsfiledscrp cumulative patch : A potential security vulnerability has been identified with HP-UX running threaded processes. The vulnerability could be exploited remotely to create a Denial of Service DoS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

HP-UX Update for Threaded Processes HPSBUX02611

The remote host is missing an update for the Threaded Processes packages announced via the referenced advisory. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

HP-UX Update for Threaded Processes HPSBUX02611

Check for the Version of Threaded Processes OpenVAS Vulnerability Test HP-UX Update for Threaded Processes HPSBUX02611 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

CVE-2010-3775

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...

data: URL meta refresh (MFSA 2010-79)

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...

Java security bypass from LiveConnect loaded via data: URL meta refresh — Mozilla

Security researcher Gregory Fleischer reported that when a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read loca...

CVE-2010-4108

HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors...

Code injection

HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors...