2828 matches found
DEBIAN-CVE-2016-2854
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...
CVE-2016-1575
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...
UBUNTU-CVE-2016-2854
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...
OpenSSH < 7.0 Multiple Vulnerabilities
Binary data 9309.prm...
Zendesk: AWS S3 bucket writable for authenticated aws user
The researcher reported an AWS S3 bucket exposed with read and write privledges. The S3 bucket was intentionally readable but the write privledges have since been removed...
Udemy: AWS S3 bucket writable for authenticated aws user
Hey, I found an open S3 Amazon bucket udemy-maven. While I can’t confirm if you own it or not, it appears that it is publicly writable using the aws cli. When I write to udemy-maven, I get: move: ./test.txt to s3://udemy-maven/test.txt And also when I remove file, I get: delete:...
CVE-2016-1575
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...
UBUNTU-CVE-2016-1575
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory...
CVE-2016-1233
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...
DEBIAN-CVE-2016-1233
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...
CVE-2016-1233
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...
Design/Logic Flaw
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...
CVE-2016-1233
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...
CVE-2016-1233
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...
CVE-2016-1233
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an...
Google Android ADB Debug Server - Remote Payload Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/adb' class Metasploit3 'Android ADB Debug Server Remote Payload Execution', 'Description' = %q Writes and spawns a native payload on...
DLA-382-1 sudo - security update
Bulletin has no description...
IBM SPSS Statistics Elevation of Privilege Vulnerability
IBM SPSS Statistics is a suite of statistical analysis software from IBM USA that helps organizations address the entire analytical process from planning and data collection to analysis, reporting and deployment. A security vulnerability exists in IBM SPSS Statistics versions 22.0.0.2 and 23.0.0....
iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions Vulnerability
Exploit for windows platform in category local exploits iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 6.30.04 Build 6300400 Summary: Modular and automated engineering is...
Brocade Fabric OS 6.3.1b Weak System Configuration Vulnerability
Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly. Title: Brocade Fabric OS v6.3.1b - Multiple vulnerabilities Discovered by: Karn Ganeshen...