DEBIAN-CVE-2007-6199

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...

DEBIAN-CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

CVE-2007-6199

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...

Design/Logic Flaw

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: thi...

CVE-2003-1502

modthrottle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges...

HPSBPI02265 SSRT3515 rev.2 - Re-release of HPSBMI00004 HP Jetdirect Running ftp, Advisory

Potential Security Impact Advisory VULNERABILITY SUMMARY Some security scanners generate warnings that the Jetdirect ftp directory is writable. RESOLUTION To restrict printing or suppress the security scanners warning, the ftp service can be disabled. To disable ftp, telnet to the Jetdirect devic...

CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

DEBIAN-CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

Nortel SSL VPN Linux Client 6.0.3 - Local Privilege Escalation

Nortel SSL VPN Linux Client 6.0.3 - Local Privilege Escalation !/bin/sh Nortel SSL VPN Linux Client race condition Jon Hart The Linux client that is utilized by versions priot to 6.05 of the Nortel SSL VPN appliance suffers from a number of problems that, in combination, allow an unprivileged loc...

clipboard bug.txt

The clipboard in QNX is world readable and writable. Although the folder containing the file is not readable for normal users the filename convention is predictable, see "clipboard bug.jpg" bash-2.05a$ ls -l /var/clipboard/muh/00000000/TTSHEOAA552983 -rw-rw-rw- 1 root root 78 Jan 04 16:27...

Multiple Mac OS X security privilege escalation

Few suid application binaries are user-writable...

CVE-2006-6743

phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to 1 users/include/domakeprofile.inc.php and 2 users/include/copy.inc.php...

CVE-2006-6743

phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to 1 users/include/domakeprofile.inc.php and 2 users/include/copy.inc.php...

ftpd-ldpreload.pl.txt

FTP server GNU inetutils 1.4.2 Remote Root Exploit This program remotely exploits the most recent versions of GNU inetutils ftpd on linux systems. Requirements: 1. There MUST be a chroot'ed environment for the logged in user 2. Directory etc must be writeable by the logged in user duh! The exploi...

Microsoft Security Bulletin MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Microsoft Security Bulletin MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution 926121 Published: December 12, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum...

CVE-2006-6470

The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is...

Infecting Elf Binaries to Gain Local Root Exploit

No description provided by source. gcc infR3.s -o infR3 strip infR3 find a writable binary example: ls ./infR3 /bin/ls when root calls the writable ls, chmod will be setuided Coded by [email protected] == [email protected] .text .global main infeccion de start para conseguir local root use ...

Debian DSA-999-1 : lurker - several vulnerabilities

Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1062 Lurker's mechanism for specifying configuration files was...