RedHat Update for augeas RHSA-2014:0044-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

augeas: incorrect permissions set on newly created files

The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...

Fedora 19 : gitolite3-3.5.3.1-1.fc19 (2013-23953)

Gitolite was found to be vulnerable to local filesystem information leak, where it could create world-writable files in the repositories particularly the gitolite-admin one depending on the user umask running gitolite setup. Note that Tenable Network Security has extracted the preceding descripti...

Fedora 18 : gitolite3-3.5.3.1-1.fc18 (2013-23951)

Gitolite was found to be vulnerable to local filesystem information leak, where it could create world-writable files in the repositories particularly the gitolite-admin one depending on the user umask running gitolite setup. Note that Tenable Network Security has extracted the preceding descripti...

Updated busybox package fixes security vulnerability

It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree CVE-2013-1813...

RedHat Update for busybox RHSA-2013:1732-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

luci: paster hidden untrusted path and "command" (callable association) injection

A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user...

[Mellivora] Basic database driven CTF engine

Mellivora is a basic database driven CTF engine written in PHP. Requirements LAMP: PHP 5.3+, MySQL 5.5+, Apache 2.2+. May work with other configurations but this is untested. Installation Download to any directory, say: "/var/www/mellivora/". Create an Apache VHost and point DocumentRoot to...

CVE-2013-5373

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands...

Command injection

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands...

CVE-2013-5373

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands...

Design/Logic Flaw

Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory...

Shared object library loading from writable location — Mozilla

Mozilla developer Vladimir Vukicevic reported that Firefox for Android will optionally load a shared object .so library in order to enable GL tracing. When this is occurs, it can be from a world writable location, allowing for it to be replaced by malicious third party applications before it is...

CVE-2013-5724

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations...

CVE-2013-5724

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations...

UBUNTU-CVE-2013-5724

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations...

CVE-2013-5724

CVE-2013-5724 affects phpBB3 up to version 3.0.11-4 used in Debian GNU/Linux. The issue arises from world-writable permissions on cache files, enabling local users to modify file contents through standard filesystem writes. The vulnerability is localized to systems running the affected phpBB3 pac...

[LinEnum] Scripted Local Linux Enumeration & Privilege Escalation Checks

High-level summary of the checks/tasks performed by LinEnum: Kernel and distribution release details System Information: Hostname Networking details: Current IP Default route details DNS server information User Information: Current user details Last logged on users List all users including uid/gi...

Fedora 18 : file-roller-3.6.4-1.fc18 (2013-12653)

This update fixes CVE-2013-4668 : The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user...

Oracle Linux 5 : acpid (ELSA-2009-1642)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1642 advisory. 1.0.4-9.el54.1 - Resolves: 515062 CVE-2009-4033 acpid: log file created with random permissions Tenable has extracted the preceding description block directly...