UBUNTU-CVE-2016-10156

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229...

DEBIAN-CVE-2016-10156

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229...

CVE-2016-10156

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229...

MacOS Kernel 10.12.1 - Writable Privileged IOKit Registry Properties Code Execution Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the correct type themselves or they can set the...

Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the correct type themselves or they can set the IOUserClientClass key in their registry entry. Th...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

Ubuntu 14.0415.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation

Ubuntu 14.0415.10 - User Namespace Overlayfs Xattr SetGID Privilege Escalation Source: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ Introduction Problem description: Linux user namespace allows to mount file systems as normal user, including the...

Distinct TFTP Writable Directory Traversal Execution (CVE-2012-6664)

A vulnerability exists in Distinct TFTP servers. The software contains a directory traversal vulnerability that allows authorized users to upload malicious files to the server. A remote attacker can exploit this vulnerability by uploading an arbitrary, executable file and executing it under the...

FreeBSD : lives -- insecure files permissions (a8e9d834-a916-11e6-b9b4-bcaec524bf84)

Debian reports : smogrify script creates insecure temporary files. lives creates and uses world-writable directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018...

util-linux security, bug fix, and enhancement update

2.23.2-33.0.1 - fix Oracle bug 23001516 - backport lscpu: correct the Virtualization type on Xen DomU PV guest - Reviewed-by: Joe Jin 2.23.2-33 - improve patch for 1007734 libblkid realpaths 2.23.2-32 - improve patch for chrt1 deadline support 1298384 - fix 1007734 - blkid shows devices as...

Foxit Reader Arbitrary Code Execution Vulnerability - Linux

Foxit Reader is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

kernel: race condition in the TLB flush logic

A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user coul...

Foxit Reader Arbitrary Code Execution Vulnerability (CNVD-2016-10596)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An arbitrary code execution vulnerability exists in Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier, which stems from the program's use of default global writable...

CVE-2016-8856

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default,...

CVE-2016-8856

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default,...

OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OpenNMS Java Object Unserialization Remote Code Execution', 'Description' = %q This module exploits a vulnerability in the...

OpenNMS Java Object Unserialization Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OpenNMS Java Object Unserialization Remote Code Execution', 'Description' = %q This module exploits a vulnerability in the...

Magento Community Edition 2.x < 2.0.6 Multiple Vulnerabilities

Binary data 9694.prm...

Security update for systemd (important)

This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...