CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

UBUNTU-CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

CVE-2018-16588

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...

Debian: Security Advisory (DLA-1472-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-14787

In Philips' IntelliSpace Cardiovascular ISCV products ISCV Version 2.x or prior and Xcelera Version 4.1 or prior, an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local...

[SECURITY] [DLA 1472-1] libcgroup security update

Package : libcgroup Version : 0.41-6+deb8u1 CVE ID : CVE-2018-14348 Debian Bug : 906308 The cgrulesengd daemon in libcgroup creates log files with world readable and writable permissions due to a reset of the file mode creation mask umask0. For Debian 8 "Jessie", this problem has been fixed in...

DEBIAN-CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

Dell EMC iDRAC Insecure File Permissions Vulnerability

The Dell EMC iDRAC Service Module iSM is a suite of lightweight software from Dell Inc. that runs on servers. The software extends the Integrated Dell EMC Remote Access Controller iDRAC to the host operating system. A security vulnerability exists in the Dell EMC iSM for Linux and XenServer based...

CVE-2018-11053

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system /etc/hosts to world writable. A malicious low privileged operating system user or process...

CVE-2018-11053 iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system /etc/hosts to world writable. A malicious low privileged operating system user or process...

BeRoot For Windows - Privilege Escalation Project

BeRoots is a post exploitation tool to check common Windows misconfigurations to find a way to escalate our privilege. A compiled version is available here. It will be added to the pupy project as a post exploitation module so it will be executed in memory without touching the disk. Except one...

Security Bulletin: Nova live snapshots use an insecure local directory (CVE-2013-7048)

Summary The directories that are used to temporarily store live snapshots on Nova compute nodes are writable to all local users. A local attacker with shell access on the compute nodes might, therefore, read and modify the contents of live snapshots before those files are uploaded to the image...

Security Bulletin: IBM Security Access Manager for Web is affected by a vulnerability in the WebSEAL HTTPTransformation request processing (CVE-2015-4963)

Summary IBM Security Access Manager for Web is affected by a vulnerability in the processing of HTTPTransformation requests in WebSEAL. This vulnerability could allow a remote attacker to gain access to readable/writable files on the system. Vulnerability Details CVEID: CVE-2015-4963 DESCRIPTION:...

Command injection

IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...

CVE-2018-1460

IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...

CVE-2018-1460

CVE-2018-1460 affects IBM Netezza Platform Software (IBM PureData System for Analytics) versions 7.0.4 through 7.2.1.6. A local attacker can modify a world-writable file to execute commands with root privileges, enabling local privilege escalation. IBM’s security bulletin confirms the vulnerabili...

CVE-2018-1460

IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...

How to set the default size of the Elastic Layering writable volume

When Elastic Layering is enabled with or without User Layers, the boot disk is created with an extra 20GB as a second partition where the user writes will be stored. This is necessary to keep writes at a layer above the boot disk and any elastically assigned layers that might show up later. If yo...

CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...