RHEL 6 : ipmitool (RHSA-2011:1814)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2011:1814 advisory. The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface IPMI...

OpenIPMI: IPMI event daemon creates PID file with world writeable permissions

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

glibc LD_AUDIT Privilege Escalation

!/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file descriptor and using fexecve to easily win a race with...

CentOS 5 : rsync (CESA-2011:0999)

An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

HTTP Writable Path PUT/DELETE File Access

This module can abuse misconfigured web servers to upload and delete web content via PUT and DELETE HTTP requests. Set ACTION to either PUT or DELETE. PUT is the default. If filename isn't specified, the module will generate a random string for you as a .txt file. If DELETE is used, a filename is...

rsync excluded content access restrictions bypass via symlinks

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

Design/Logic Flaw

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

The path separator"\"with"/"in the Web of induced vulnerability-vulnerability warning-the black bar safety net

Whether is under windows the path separator""or linux"/", this is not a serious problem, but in the web of the upper surface of the opening will appear a lot of"bugs", if the web Developer did not consider this issue, then may appear very serious bug. In the VC code\ \ \is an escape character,...

UBUNTU-CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

Ubuntu Update for exim4 vulnerabilities USN-1060-1

Ubuntu Update for Linux kernel vulnerabilities USN-1060-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10601.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for exim4 vulnerabilities USN-1060-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

SuSE 10 Security Update : valgrind (ZYPP Patch Number 5803)

valgrind reads a file .valgrindrc in the current directory. Therefore local users could place such a file a world-writable directory such as /tmp and influence other users' valgrind when it's executed there. CVE-2008-4865 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description o...

Design/Logic Flaw

Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories...

CVE-2010-4512

CVE-2010-4512 affects Cobbler, with the issue present in versions prior to 2.0.4. The root cause is an incorrect umask value that allows local users to create or modify files/directories with world-writable permissions, enabling a local-privilege-equivalent impact. The available descriptions do n...

SuSE 11 Security Update : kdm (SAT Patch Number 2136)

The KDE display manager kdm contains a race condition which allows local attackers to make arbitrary files orld writable. CVE-2010-0436 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

IBM OmniFind - Buffer Overflow

IBM OmniFind - Buffer Overflow Remote buffer overflow CVE-2010-3894 The administration interface has a login form with an username- and a passwordfield. Entering a valid username default value is »esadmin« and a very long string into the password field a buffer overflow is triggered. The function...

Microsoft Windows RIS TFTP Service Writable Path (MS06-077; CVE-2006-5584)

The Remote Installation Service, RIS, is a Microsoft-supplied server that provides tools that facilitates the remote installation of Microsoft Windows. RIS requires that remote clients have a Preboot eXecution Environment PXE BIOS enabled to remotely execute boot environment variables. On Microso...

CVE-2010-3733

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...

Design/Logic Flaw

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...

Ubuntu Update for mountall vulnerability USN-985-1

Ubuntu Update for Linux kernel vulnerabilities USN-985-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9851.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for mountall vulnerability USN-985-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...