4723 matches found
RHEL 5 : rhev-hypervisor5 (RHSA-2012:1185)
An updated rhev-hypervisor5 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Fonality Trixbox CE 2.8.0.4 Command Execution
!/usr/bin/perl Title: Fonality trixbox CE remote root exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered & Coded: 2 June 2014 Published: 17 October 2014 MorXploit Research http://www.MorXploit.com Software: trixbox CE Version: trixbox-2.8.0.4.iso Vendor url:...
Fonality Trixbox CE 2.8.0.4 Command Execution Vulnerability
Fonality Trixbox CE version 2.8.0.4 remote root command execution exploit. !/usr/bin/perl Title: Fonality trixbox CE remote root exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered & Coded: 2 June 2014 Published: 17 October 2014 MorXploit Research http://www.MorXploit.com...
DUO-PSA-2014-007: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2014-007 Publication Date: 2014-10-15 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Security has identified an issue that may allow local users to bypass second factor authentication when using the pamduo component of duounix in...
DUO-PSA-2014-007: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2014-007 Publication Date: 2014-10-15 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Security has identified an issue that may allow local users to bypass second factor authentication when using the pamduo component of duounix in...
Design/Logic Flaw
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration...
CVE-2014-4870
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
CVE-2014-2886
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
CVE-2014-2886
GKSu 2.0.2 vulnerability (CVE-2014-2886): when sudo-mode is not enabled, gksu-run-helper processes an argument containing a double quote, enabling arbitrary command execution in scenarios with an untrusted substring (e.g., untrusted filename during VirtualBox extension pack install). Affected: GK...
ALCASAR 2.8 Remote Root Code Execution Vulnerability
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8...
ALCASAR 2.8 - Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...
ALCASAR 2.8 Remote Root Code Execution Exploit
Alcasar versions 2.8 and below remote root command execution exploit. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'...
ALCASAR-Remote
By sending a specially crafted value in the "host" HTTP header, it is possible to inject the exec function in order to execute commands as Apache user. !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db...
ALCASAR 2.8 - Remote Code Execution
ALCASAR 2.8 - Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d...
Alcasar 2.8 Remote Root Command Execution
!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...
Desktop Linux Password Stealer and Privilege Escalation
This module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using PolicyKit. Then, it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness...
Mac OS X 10.8.4 Sudo Password 登录绕过漏洞
No description provided by source...
ftp admin 0.1.0 (lfi/xss/ab) Multiple Vulnerabilities
No description provided by source. FTP Admin v0.1.0 - MULTIPLE VULNERABILITIES by Omni 1 Infos --------- Date : 2007-11-28 Product : FTP Admin Version : v0.1.0 Vendor : http://sourceforge.net/projects/ftpadmin/ Vendor Status : 2007-11-30 Informed! Description : FTP admin is a web-based user...