HP Managed Printing Administration jobAcct Remote Command Execution

This module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and prior versions. The vulnerability exists in the UploadFiles function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory travers...

World-writeable files may be created in additional shares on a

Description Administrators of the Samba 4.0 Active Directory Domain Controller might unexpectedly find files created world-writeable if additional CIFS file shares are created on the AD DC. By default the AD DC is not vulnerable to this issue, as a specific inheritable ACL is set on the files in...

Samsung Galaxy S2 World Writeable Directories

Note: I really don't know much about how one writes up vulnerabilities and exploits. I just wanted to root my phone, and found the following apparently previously unknown vulnerabilities. I reported them to Samsung two weeks ago. Affected devices: Vulnerabilities verified on Samsung Galaxy S2 for...

XSS in setup.

PMASA-2011-16 Announcement-ID: PMASA-2011-16 Date: 2011-10-17 Summary XSS in setup. Description Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Severity We consider this...

phpMyAdmin3 (pma3) Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: [email protected] type="text/javascript" / !CDATA / functiontryvar...

Nmap NSE net: ftp-anon

Checks if an FTP server allows anonymous logins. If anonymous is allowed, gets a directory listing of the root directory and highlights writeable files. SYNTAX: ftp-anon.maxlist: The maximum number of files to return in the directory listing. By default it is 20, or unlimited if verbosity is...

CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors...

CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors...

Code injection

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors...

CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors...

CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors...

Linux Kernel 2.6.37-rc2 - ACPI custom_method Local Privilege Escalation

Linux Kernel 2.6.37-rc2 - ACPI custommethod Local Privilege Escalation / american-sign-language.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347 This custommethod file allows to inject custom ACPI methods into the ACPI interpreter...

IBM OmniFind Buffer Overflow Vulnerability

Exploit for multiple platform in category dos / poc ========================================== IBM OmniFind Buffer Overflow Vulnerability ========================================== Remote buffer overflow CVE-2010-3894 The administration interface has a login form with an username- and a...

Microsoft IIS - WebDAV Write Access Code Execution (Metasploit)

$Id: iiswebdavuploadasp.rb 10397 2010-09-20 15:59:46Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

linux/x86 find all writeable folder in filesystem 91 bytes

Exploit for linux/x86 platform in category shellcode ========================================================== linux/x86 find all writeable folder in filesystem 91 bytes ========================================================== /...

Find all writeable folder in filesystem linux polymorphic shellcode 91 bytes

Find all writeable folder in filesystem linux polymorphic shellcode - 91 bytes. Shellcode exploit for linux platform / Title : Find all writeable folder in filesystem linux polymorphic shellcode . Name : 91 bytes Find all writeable folder in filesystem linux polymorphic shellcode . Date : Sat Jun...

GLSA-201006-10 : multipath-tools: World-writeable socket

The remote host is affected by the vulnerability described in GLSA-201006-10 multipath-tools: World-writeable socket multipath-tools uses world-writable permissions for the socket file /var/run/multipathd.sock. Impact : Local users could send arbitrary commands to the multipath daemon, causing...

Mandriva Update for kdebase MDVSA-2010:074 (kdebase)

Check for the Version of kdebase OpenVAS Vulnerability Test Mandriva Update for kdebase MDVSA-2010:074 kdebase Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Samba Remote Directory Traversal

Samba Remote Directory Traversal logic fuckup discovered & exploited by Kingcope in 2010 It seems there was a quite similar bug found back in 2004: http://marc.info/?l=bugtraq&m=109658688505723&w=2 A remote attacker can read, list and retrieve nearly all files on the System remotely. Required is ...

SuSE9 Security Update : permissions (YOU Patch Number 10815)

It is technically impossible to change permissions files in of world writeable directories that don't have the sticky bit set in a secure way. This update therefore removes /var/lib/xmcd/discog from /etc/permissions. Furthermore permissions handling of files below /var/games is removed. To be abl...