Endian Firewall - Password Change Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...

Sudo <= 1.8.14 - Unauthorized Privilege

Exploit Title: sudo -e - a.k.a. sudoedit - unauthorized privilege escalation Date: 07-23-2015 Exploit Author: Daniel Svartman Version: Sudo =1.8.14 Tested on: RHEL 5/6/7 and Ubuntu all versions CVE: CVE-2015-5602. Hello, I found a security bug in sudo checked in the latest versions of sudorunning...

Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20150722)

It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...

Sudo 1.8.14 - Unauthorized Privilege Vulnerability

Exploit for linux platform in category local exploits Exploit Title: sudo -e - a.k.a. sudoedit - unauthorized privilege escalation Date: 07-23-2015 Exploit Author: Daniel Svartman Version: Sudo ALL=root NOPASSWD: sudoedit /home///test.txt Then, logged as that user, create a subdirectory within it...

Oracle Linux 6 : sudo (ELSA-2015-1409)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1409 advisory. - RHEL-6.7 erratum - added patch for CVE-2014-9680 - added BuildRequires for tzdata Resolves: rhbz1200253 Tenable has extracted the preceding description block...

Oracle Linux 6 : ipa (ELSA-2015-1462)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1462 advisory. - Resolves: 1166241 - CVE-2010-5312 CVE-2012-6662 ipa: various flaws Tenable has extracted the preceding description block directly from the Oracle Lin...

CentOS 6 : sudo (CESA-2015:1409)

Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - &#039;Sudoedit&#039; Unauthorized Privilege Escalation

Exploit Title: sudo -e - a.k.a. sudoedit - unauthorized privilege escalation Date: 07-23-2015 Exploit Author: Daniel Svartman Version: Sudo ALL=root NOPASSWD: sudoedit /home///test.txt Then, logged as that user, create a subdirectory within its home folder e.g. /home//newdir and later create a...

CentOS 6 : ipa (CESA-2015:1462)

Updated ipa packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

ipa security update

CentOS Errata and Security Advisory CESA-2015:1462 Updated ipa packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

sudo security update

CentOS Errata and Security Advisory CESA-2015:1409 Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...

RHEL 6 : ipa (RHSA-2015:1462)

Updated ipa packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

RHEL 6 : sudo (RHSA-2015:1409)

Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RedHat Update for sudo RHSA-2015:1409-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for ipa RHSA-2015:1462-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: ipa security and bug fix update

Updated ipa packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update

Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

sudo: unsafe handling of TZ environment variable

It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...

Endian Firewall < 3.0.0 - OS Command Injection (Metasploit Module) Exploit

Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability i...

Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications title: Critical vulnerabilities allow surveillance on conferences product: Polycom RealPresence Resource Manager RPRM vulnerable versions: 8.4 fixed version: 8.4 CVE numbers: CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684...