123 matches found
Setuid Tunnelblick Privilege Escalation Vulnerability
This Metasploit module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This Metasploit module has been tested successfully on...
Setuid Tunnelblick Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Tunnelblick - Setuid Privilege Escalation (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Setuid Tunnelblick Privilege Escalation
This module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This module has been tested successfully on Tunnelblick 3.2.8 build...
bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb.? temporary file, related to the 1 aliasconv.sh, 2 aliasconv.bash, and 3 cshtobash scripts...
RedHat Security Advisory RHSA-2009:1646
The remote host is missing updates announced in advisory RHSA-2009:1646. GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool SPDX-FileCopyrightText: 2009 E-Sof...
libtool security update
CentOS Errata and Security Advisory CESA-2009:1646 Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Libtool is a set of shell...
[SECURITY] Fedora 9 Update: pdfjam-1.21-1.fc9
PDFjam is a small collection of shell scripts which provide a simple interface to some of the functionality of the excellent pdfpages package by Andreas Matthias for pdfLaTeX. At present the utilities available are: pdfnup, which allows PDF files to be "n-upped" in roughly the way that psnup does...
PDFjam: Multiple vulnerabilities
Background PDFjam is a small collection of shell scripts to edit PDF documents, including pdfnup, pdfjoin and pdf90. Description Martin Vaeth reported multiple untrusted search path vulnerabilities CVE-2008-5843. Marcus Meissner of the SUSE Security Team reported that temporary files are created...
Debian Security Advisory DSA 078-1 (slrn)
The remote host is missing an update to slrn announced via advisory DSA 078-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Samba command injection vulnerability
Overview Samba fails to properly filter input to /bin/sh. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code on a Samba server. Description Samba provides file and print services for Microsoft Windows, Unix, Linux, and OS X clients. Samba can also act as a...
PHP-Nuke Book Catalog Module 1.0 - upload.php Arbitrary File Upload
PHP-Nuke Book Catalog Module 1.0 - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/19890/info The Book Catalog module for PHP-Nuke is prone to a vulnerability that lets attackers upload arbitrary files. Exploiting this issue may allow an attacker to compromise the...
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...
irix6local.txt
SGI IRIX 6.usr/sysadm/bin/runpriv draft resolution to be to complete at antecedence but to stoke seriously came ran ready-to-wear there is no need to explain in the interest of owners yonder protection them from geeks but whom need to make realize excellent. visit http://lezr.com/vb echo SGI IRIX...
Safari archive metadata command execution
Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...
Safari archive metadata command execution
Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...
Safari archive metadata command execution
Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...
Safari archive metadata command execution
Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...
IBM AIX 5.3 - GetShell GetCommand File Disclosure
IBM AIX 5.3 - GetShell GetCommand File Disclosure source: https://www.securityfocus.com/bid/16103/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This vulnerability may let the attacker gain unauthorized read access to shell scripts on the computer. -bash-3.00$ ls -l...
IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Disclosure
source: https://www.securityfocus.com/bid/16103/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This vulnerability may let the attacker gain unauthorized read access to shell scripts on the computer. -bash-3.00$ ls -l /tmp/k.sh -rwx------ 1 root system 79 2005-12-22 23:...