Real Name | Larry W. Cashdollar |
---|---|
Email address | private |
Website | vapid.dhs.org |
First Active | 1999-11-14 |
Last Active | 2020-07-15 |
Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability.
dd1b24534bc513df316ed360fb139f228b8988566fe55fe24f004ec934cc9308
Ruby Gem Karteek Docsplit version 0.5.4 fails to sanitize user-supplied input. If a user is tricked into extracting a file with shell characters in the name, code can be executed remotely.
b21afb51938c4e491625c88dec36626c10a2f58c611fc3dcdcfd45693ccba644
Ruby Gem ldoce version 0.0.2 suffers from a command execution vulnerability.
e0a0c481b47cda56119e30048f9a0ff4309520aaeab8de2c5a98a5ae1b099cd8
Ruby Thumbshooter Gem version 0.1.5 suffers from a remote command execution vulnerability due to passing unsanitized user-supplied data to the shell.
0652702d6e2f7b3bc1f88941a17af3a1b29f12b8f34ed087c62a57ec0db99e81
Ruby Gem Fastreader version 1.0.8 suffers from a remote code execution vulnerability.
89b87fccb71d43cbfd06695564eb38fc2b65d8c3efba57236545d8452c11b607
Ruby Gem Command Wrap suffers from a remote code execution vulnerability.
28a0b4a6c633d5625d572416f7ec1b3eca1a2045358cc07c0078fd6cd2d57065
Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.
c96fc864359b4f3b2f30998551d780075c8307fbf1c24791422f696b650146ef
Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.
f3b4827a94b047303ccc02b88c3f74c2860bb4df87e899281dfb759760495123
Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.
1fab775f0aafbbbde6c3e31e5072977d382d54542fa209d3fc109a74349d293a
The infiniband diagnostic utility handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. penFabrics ibutils version 1.5.7 is affected.
addeecc6e8b571ebf6c2a2c55fcbfb3fc70a6a2ae9876a01939f8d30d7439c9e
Raspberry Pi rpi-update local root exploit.
eb425fb5dff9ccde638741a61ae7293c083ce15b1bae70498443b5f2d1266c53
Ruby Gem Flash Tool version 0.6.0 suffers from a remote code execution vulnerability.
eabb60c3855ec8b85847261cb4d2c326b3edd6845b673b873d28fd6cd3d5fc58
Ruby Gem ftpd-0.2.1 suffers from a remote command execution.
969e78acf08090cf414fa12176d6525e5d7810d5d1274f1ffbdbae4ced15669d
Oracle Auto Service Request insecure creates files in /tmp using time stamps allow for root-owned files to be clobbered.
62958024223f7ff7956367f2a7735ad90e0b9970a5455344602162eceb1fc1e4
The Fileutils Ruby gem suffers from possible remote command execution due to a lack of passing unsanitized user input to CutyCapt for execution. It also suffers from insecure file handling in /tmp.
9effb3c69c98b3176ca1adde2524ed4a2a4b6bee7a62e010054f819e6d60b521
Gambas creates a directory in /tmp called gambas.UID where UID is the user id of the person running the software. Gambas does not check to see if a malicious user has already created that directory.
265512fa79bfac648de386e18f99ee937d26851f9df7995309f00539ecbf6106
Oracle Auto Service Request creates files insecurely in /tmp using time stamps instead of mkstemp(). Due to this, it is possible to clobber root owned files and possibly cause a denial of service condition or worse.
3201569e185a30abb901fe01ff0684a58d22ab75b3d2eb41883373ead659d4e8
Oracle Automated Service Manager version 1.3 suffers from a local root privilege escalation vulnerability during install.
541a2508bc332207de3f68c469abd43870d40347d9628cf361e59c570beb5ac0
Centrify Deployment Manager version 2.1.0.283 local root exploit that leverages a race condition in /tmp.
38f44fe5235206c1815107ebecea1649a3da90ccbf7baa70c756abbb16cd7901
Centrify Deployment Manager version 2.1.0.283 suffers from a race condition in /tmp that allows for local root privilege escalation.
7571d7bb4780c1d99a2465c7ff79b8660346fa719c99eca6d189b83896c08490
Oracle Exadata leaf switches come configured with easily guessable passwords and a shadow file that is world-readable.
4656654c3f194537f44fd57130e17703524ad55c4635083060dae1b01824ac10
YingZhi Python version 1.9 application for iOS allows for arbitrary file uploads to the root WWW directory and also has a ftp server directory traversal vulnerability that forces no authentication.
dd481a7d02e448e69e88b80af5a9bce38fe30a0e912040a9b5f2d81914099c34
The Solaris 10 137097-01 patch suffers from a symlink attack that will let a user clobber a root owned file.
13b5efe587e83e9d28fceb6ebe9f80bdd07ca9622ef7767e9ebb53b9c4b62f13
The RaspberryPi Occidentalis version 0.1 image spawns sshd by default without prompting users to change their credentials, leaving their systems accessible via root/root default credentials.
656c7ec055e2f82105589240af2b020366360c6deae390094ae0d32f88f6c389
There is a race condition with the postinstall script for SUNWbindr that if update manager is being used or smpatch while the system is in multi user mode could lead to arbitrary code execution as root.
55f4f7844ec8ab139f894424203bf63b094b9b91024568ca0627ba66f4950a41