IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM

!/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials hard-coded in lcfd.exe 2 Stack-based...

python security, bug fix, and enhancement update

python: 2.6.6-20 Resolves: CVE-2010-3493 2.6.6-19 Resolves: CVE-2011-1015 2.6.6-18 Resolves: CVE-2011-1521 2.6.6-17 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-16 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-15 - fix race condition that sometimes breaks the build wi...

Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows)

The host is running Google Chrome and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultdosvulnmay11win.nasl 7029 2017-08-31 11:51:40Z teissa $ Google Chrome Multiple Denial of Service Vulnerabilities - May11 Windows Authors: Sooraj KS...

CVE-2011-1799

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2011-1441

Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

DEBIAN-CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

Design/Logic Flaw

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

CVE-2011-1095

Summary of CVE-2011-1095 (glibc locale quoting issue) : The vulnerability affects locale/programs/locale.c in the GNU C Library (glibc/libc6) prior to version 2.13. The code does not properly quote its output, which might allow local users to gain privileges via a crafted localization environment...

CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

CVE-2011-1658

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

Solaris 10 Port Stealing Vulnerability

I reported this to Oracle, but I have been told that this is part of the BSD standard and a desire feature !. In a nutshell, as an ordinary user, I can bind to a port using a specific address even if another process is already bound to it with a wildcard address. This makes it very easy for an...

Solaris 10 Port Stealing

I reported this to Oracle, but I have been told that this is part of the BSD standard and a desire feature !. In a nutshell, as an ordinary user, I can bind to a port using a specific address even if another process is already bound to it with a wildcard address. This makes it very easy for an...

Design/Logic Flaw

The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...

POP Peeper 3.7 - Local Overflow (SEH)

POP Peeper 3.7 - Local Overflow SEH !/usr/bin/ruby Title: POP Peeper 3.7 SEH Exploit Tested on: Windows XP SP2 EN Target: POP Peeper 3.7.0.0 Download Link: http://www.poppeeper.com/download.php Author: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom Greetz: offsec team, inj3ct0r team appda...

boblog arbitrary variable overwrite vulnerability(II)-vulnerability warning-the black bar safety net

Previously 80vul. com published on a bo-blog of vulnerabilities1,this vulnerability has already been an official patch,but then the tick. com released a bypass patch Method2,shame is triggered when there is a certain limit,here I come again published a without any limitation bypassing the patch t...

boblog arbitrary variable overwrite vulnerability(a)-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com Vulnerability code is as follows: // go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // from$SERVER"REQUESTURI",can be arbitrarily submitted:...

Directory traversal

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable...