EUVD-2022-1248

Malicious code in bioql PyPI...

SUSE CVE-2014-0177

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

Hub Package Arbitrary File Overwrite

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

GHSA-X5M6-JH4R-34MV Hub Package Arbitrary File Overwrite

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

Hub Package Arbitrary File Overwrite

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

Temporary Patch Released For Adobe Reader Zero-Day

A temporary patch has been released to address a zero-day vulnerability in Adobe Reader that could enable bad actors to steal victims’ hashed password values, known as “NTLM hashes.” 0patch on Monday released a micropatch for the flaw, found in Adobe Reader DC. The vulnerability, which has no...

ICBC Internet banking assistant and other security controls was traced to the presence of the“disaster-level”vulnerability-vulnerability warning-the black bar safety net

Recently, ICBC Internet banking assistant and other security controls was traced to the presence of the“disaster-level”vulnerability, the vulnerability can cause remote arbitrary code execution on the user computer, security caused great harm. Baidu security prompts the user as soon as possible o...

CVE-2014-0177

The CVE-2014-0177 issue affects hub (Ruby gem) prior to 1.12.1, where the am function in lib/hub/commands.rb is vulnerable to a symlink attack on a temporary patch file, allowing local users to overwrite arbitrary files (integrity impact). The documented root cause is a vulnerable file-overwrite ...

CVE-2014-0177

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

Design/Logic Flaw

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

PT-2014-3519 · Github · Hub

Name of the Vulnerable Software and Affected Versions: hub versions prior to 1.12.1 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. This is due to a problem in the am function in lib/hub/commands.rb. Recommendations: For...

dede getshell exp + temporary patch-vulnerability warning-the black bar safety net

dede good fire old cassock also to scrape together a lively. In fact getshell many methods do not always tangled how to insert mytag table such as near myad table is a good place to update a word did not say more not much to say directly to the getshell exp. getshell exp To change the password wh...

Latest Internet Explorer zero-day linked to Elderwood Project

Last week we have seen ongoing attacks was exploiting a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 that came to light after the Council on Foreign Relations website was hacked and was hosting the code. Symantec has linked exploits to the group responsible f...

Vulnerability: be wary of“help and Support Center”uninvited-vulnerability warning-the black bar safety net

Microsoft has just released 6 months patch, Windows XP it also exposed a new HCP Protocol vulnerabilities. After 3 6 0 Security Center to verify, when the Windows XP users use IE series browsers open hung it to the web, or playing“the infected”of the music file, the PC will automatically...

beaXSS.txt

I. DESCRIPTION A cross-site scripting issue affects the display of error events in the 'View Error Log' feature of BEA WebLogic Administration console. II. AFFECTED PRODUCTS BEA WebLogic 8.1 SP4 and previous. III. HOW TO VERIFY 1. Make a HTTP request containing XSS code to a target Web server $...

cons.saver.txt

Subject: Problems with cons.saver Author: Maurycy Prodeus Hi, Many systems have a suid on cons.saver which is part of midnight commander package. Standard location of this binary is /usr/lib/mc/bin/cons.saver. There is a bug, which allows luser to write '\0' char to any symlinkable file in system...

rxvt.sh

There is a major security hole in rxvt, a terminal emulator for X, when it is run on systems suid root, as is required on many configurations in order to write to the utmp file. It is obvious from the code that this program was not written to be run suid root, its a pity that sysadmins that insta...

resizecons.sh

There is a security hole in RedHat 2.1, which installs the program /usr/bin/resizecons suid root. The resizecons program allows a user to change the videmode of the console. During this process, it runs the program restoretextmode without an absolute pathname, assuming the correct version will be...