Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)

Thu Nov 4 2010 Jiri Popelka - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 649880 - Wed Oct 13 2010 Jiri Popelka - 12:4.1.1-26.P1 - Server was ignoring client's Solicit where client included address/prefix as a preference 634842 - Tue Sep 7 2010 Jiri Popelka - 12:4.1.1-25.P1 - Hardening...

ImageShack Toolbar 4.8.3.75 - Remote Code Execution

// calc.exe var shellcode = unescape '%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+ '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+ '%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+ '%u873a%u9894%u843c%u61b5%u1206%u917a%ua3...

Systemtap: Insecure loading of modules

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

Debian Security Advisory DSA 2122-1 (glibc)

The remote host is missing an update to glibc announced via advisory DSA 2122-1. OpenVAS Vulnerability Test $Id: deb21221.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2122-1 glibc Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

CVE-2010-4236

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ESLIBRARYPATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different...

glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

IBM OmniFind Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits =============================================== IBM OmniFind Privilege Escalation Vulnerability =============================================== Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the application...

Mandriva Linux Security Advisory : mysql (MDVSA-2010:222)

Multiple vulnerabilities were discovered and corrected in mysql : - Joins involving a table with with a unique SET column could cause a server crash CVE-2010-3677. - Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash CVE-2010-3680. - The server could crash if there we...

Google Chrome multiple vulnerabilities - October 10(Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnoct10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - October 10Linux Authors: Madhuri D Copyright: Copyright c 2010 Greenbone...

BloofoxCMS 0.3.5 SQL Injection

Vulnerability ID: HTB22658 Reference: http://www.htbridge.ch/advisory/sqlinjectioninbloofoxcmsregistrationplugin.html Product: BloofoxCMS Vendor: bloofox.com http://bloofox.com/ Vulnerable Version: 0.3.5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: SQL...

BloofoxCMS Registration Plugin SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================================== BloofoxCMS Registration Plugin SQL Injection Vulnerability ========================================================== Reference:...

BloofoxCMS Registration Plugin - SQL Injection

Vulnerability ID: HTB22658 Reference: http://www.htbridge.ch/advisory/sqlinjectioninbloofoxcmsregistrationplugin.html Product: BloofoxCMS Vendor: bloofox.com http://bloofox.com/ Vulnerable Version: 0.3.5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: SQL...

Ubuntu: Security Advisory (USN-1009-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1

Ubuntu Update for Linux kernel vulnerabilities USN-1009-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10091.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Debian DSA-2122-1 : glibc - missing input sanitization

Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...

[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...

CVE-2010-4039

Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors...

Path traversal

Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors...

CVE-2010-4039

CVE-2010-4039 affects Google Chrome on Linux prior to 7.0.517.41 where the process fails to properly set the PATH environment variable. The description does not specify the exact impact or attack vectors; vulnerability details are limited to this PATH handling issue. Open-source/ANSI references i...