2826 matches found
OpenJDK: jar directory traversal issues (Tools, 8064601)
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation Vendor: Ubisoft Entertainment S.A. Product web page: http://www.ubi.com Affected version: 5.0.0.3914 PC Summary: Uplay is a digital distribution, digital rights management, multiplayer and communications service created by...
Design/Logic Flaw
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file...
CVE-2015-0926
LabTech (LabTech Software) on Linux prior to version 100.237 exposes world-writable permissions on root-executed startup scripts. This allows a local authenticated user to gain privileges by modifying the script file. CVE-2015-0926 is supported by multiple sources (NVD entry and CERT/CVE referenc...
CVE-2015-0926
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file...
Security auditing tool for AWS: AWS Scout2
Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...
WM-Downloader-3.1.2.2-2010.04.15-(.m3u)
WM Downloader 3.1.2.2 2010.04.15 .m3u Buffer Overflow + DEP Bypass Author: sickness Download : http://mini-stream.net/wm-downloader/ The payload can be replaced with whatever you want, there is enough space. import sys header='EXTM3U\n' junk ='http://'+'\x90' 17400 junk+='\x41'17 eip...
LinEnum - Local Linux Enumeration & Privilege Escalation Checks
LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...
RHEL 6 : qemu-kvm-rhev (RHSA-2013:0791)
Updated qemu-kvm-rhev packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
CVE-2014-7180
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...
Code injection
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...
Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation
Telefonica O2 Connection Manager 3.4 Local Privilege Escalation Vulnerability Vendor: Telefonica S.A. Product web page: http://www.telefonica.com | http://www.o2.co.uk Affected version: 3.4.R1 108 Summary: O2 Connection Manager will help you to manage your internet connections by getting you...
CentOS Update for automake CESA-2014:1243 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple iTunes Insecure Permissions Privilege Escalation Vulnerability - Mac OS X
Apple iTunes is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes";...
Low: automake19
Issue Overview: It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck"...
RedHat Update for automake RHSA-2014:1243-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Low: Red Hat Security Advisory: automake security update
An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...
automake: locally exploitable "make distcheck" bug
It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck"...
CVE-2014-3020
install.sh in the Embedded WebSphere Application Server eWAS 7.0 before FP33 in IBM Tivoli Integrated Portal TIP 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program...
Directory traversal
install.sh in the Embedded WebSphere Application Server eWAS 7.0 before FP33 in IBM Tivoli Integrated Portal TIP 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program...