CVE-2013-4367

ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod works when passed a mode of '-1'...

CVE-2013-4367

CVE-2013-4367 affects ovirt-engine 3.2 running on Linux kernel 3.1 and newer, where upstream kernel behavior change with os.chmod(-1) causes certain files to become world-writable. This is a local attacker issue with potential exposure of sensitive data, as reflected by CVSS metrics (NVD CVSSv3.1...

0xsp Mongoose v1.7 - Linux/Windows Privilege Escalation intelligent Enumeration Toolkit

Using 0xsp mongoose you will be able to scan targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux / windows Operation...

kubernetes security update

1.9.11-2.7.1 - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache= ' - creates world-writeable cached schema files 1.9.11-2.6.1 - OLCNE-382 CVE-2019-11243 rest.AnonymousClientConfig does not remove the sa credentials...

kubernetes security update

1.11.3-2.7.2 - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache= ' - creates world-writeable cached schema files 1.11.3.2.6.2 - OLCNE-384 CVE-2019-11243 rest.AnonymousClientConfig does not remove the serviceaccount credentials from config created by rest.InClusterConfig...

kubernetes security update

1.12.7-1.2.3 - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache= ' - creates world-writeable cached schema files 1.12.7-1.1.3 - OCNE-372 kubeadm: properly umount dirs in /var/lib/kubelet...

0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration

Using 0xsp mongoose you will be able to scan a targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux os system at the same...

Insecure Cache Configurations

github.com/kubernetes/kubernetes uses insecure cache configurations. Using the flag --cache-dir causes the http-cache files under .kube/http-cache to be world-writeable, allowing any users or groups or process to write those files and cause kubectl invocation disruption...

CVE-2019-11244

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the...

Design/Logic Flaw

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the...

CVE-2019-11244 kubectl creates world-writeable cached schema files

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the...

Linux: Local world-writeable files

Anyone is allowed to modify world-writeable files. This makes these files to a security risk. This script checks if any world-writeable files exist locally on the host. Note: This script dramatically increases the scan duration. Copyright C 2019 Greenbone Networks GmbH Some text descriptions migh...

xdebug Unauthenticated OS Command Execution Exploit

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user. This module requires Metasploit: https://metasploit.com/download Current source:...

mysql: pid file can be created in a world-writeable directory (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...

New Relic: Newrelic s3 bucket is writeable and deleteable by authorized AWS users

@kunalbahl discovered an open S3 bucket that appeared to belong to us. It was determined that this belonged to another company and this information was forwarded to Amazon for remediation...

x86: Incorrect handling of self-linear shadow mappings with translated guests

ISSUE DESCRIPTION The shadow pagetable code uses linear mappings to inspect and modify the shadow pagetables. A linear mapping which points back to itself is known as self-linear. For translated guests, the shadow linear mappings being in a separate address space are not intended to be self-linea...

LNK Code Execution Vulnerability

This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is included. The...

Samba is_known_pipename() Arbitrary Module Load Exploit

This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some...

BeRoot - Windows Privilege Escalation Tool

BeRoots is a post exploitation tool to check commun Windows misconfigurations to find a way to escalate our privilege. A compiled version is available here. It will be added to the pupy project as a post exploitation module so it will be executed all in memory without touching the disk. Except on...

MYSQL Directory Write Test

Enumerate writeable directories using the MySQL SELECT INTO DUMPFILE feature, for more information see the URL in the references. Note: For every writable directory found, a file with the specified FILENAME containing the text test will be written to the directory. This module requires Metasploit...