2826 matches found
CVE-2014-3020
CVE-2014-3020 affects IBM embedded WebSphere Application Server (eWAS) 7.0 bundled with IBM Tivoli/Directory Server. An optional install script (install.sh) may grant write access to the installRoot directory, enabling local privilege escalation via a Trojan horse. IBM security bulletins describe...
Code injection
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
CVE-2014-3499
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
docker: systemd socket activation results in privilege escalation
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
BMC Software Patrol <= 3.2.5 Patrol SNMP Agent File Creation/Permission Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/525/info Patrol 3.2, installed out of the box, allows for a local root compromise or denial of service. The vulnerability lies in the creation of a file by snmpagnt that is owned by the owner of the parent directory of th...
Oracle <= 8 8.1.5 Intelligent Agent Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in...
Rocks Clusters <= 4.1 (umount-loop) Local Root Exploit
No description provided by source. !/usr/bin/env python rocksumountdirty.py: Rocks release =4.1 local root exploit quick and nasty version of the exploit. make sure the . is writable and you clean up afterwards. ; coded by: [email protected] http://xavsec.blogspot.com x=import'os';c=x.getcwd...
Solaris <= 7.0 Coredump Vulnerbility
No description provided by source. source: http://www.securityfocus.com/bid/296/info There is a vulnerability in the way Solaris 2.4 pre Jumbo Kernel Patch -35 for SPARC dumps core files. Under normal operation the operating system writes out a core image of a process when it is terminated due to...
Easy CD-DA Recorder - (PLS File) Buffer Overflow
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT def initializeinfo =...
Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation Vulnerability
No description provided by source. ? Asseco SEE iBank FX Client = 2.0.9.3 Local Privilege Escalation Vulnerability Vendor: Asseco SEE Product web page: http://www.asseco.com Affected version: 2.0.9.3 Build 22.06.2011 - Desktop/Enterprise Edition 1.2 1.1.5.1270 Service Pack 5 - Desktop Edition...
HP Managed Printing Administration jobAcct Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Common Desktop Environment <= 2.1 20,Solaris <= 7.0 dtspcd Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/636/info This explanation is quoted from the initial post on this problem by Job De Hass. This message is available in its entirety in the 'Credit' section of this vulnerability entry. The CDE subprocess daemon...
Oracle <= 8 8.1.5 Intelligent Agent Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in...
Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10213/info Microsoft Windows operating systems have been reported to be prone to a remotely exploitable buffer overrun condition. This issue is exposed when a client attempts to connect to an SMB share with an overly long...
VideoCharge Studio 2.12.3.685 - GetHttpResponse() MITM Remote Code Execution Exploit
No description provided by source. !/usr/bin/python Exploit Title: VideoCharge Studio v2.12.3.685 GetHttpResponse MITM Remote Code Execution Exploit SafeSEH/ASLR/DEP Bypass Version: v2.12.3.685 Date: 2014-02-19 Author: Julien Ahrens @MrTuxracer Homepage: http://www.rcesecurity.com Software Link:...
NetDecision 4.2 TFTP Writable Directory Traversal Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Multisoft FlagShip 4.4 Installation Permission Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1586/info A vulnerability exists in the installation of Multisoft's FlagShip 4.4 product. Some binaries are installed with world writable permissions. This may allow an attacker to alter a binary and cause other users to...
Symantec Web Gateway 5.0.2 - Remote LFI Root Exploit
No description provided by source. !/usr/bin/python Symantec Web Gateway 5.0.2 Remote LFI root Exploit Proof of Concept Exploit requires no authentication, /tmp/networkScript is sudoable and apache writable. muts at offensive-security dot com import socket import base64 payload= '''echo...
GNOME esound 0.2.19 Unix Domain Socket Race Condition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1659/info EsounD, part of the GNOME desktop environment, is a server process allowing several applications to share the same sound hardware. Versions of esound up to and including 0.2.19 create a world-writable directory...
Joe Text Editor 2.8 .joerc Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools. A problem in the...