| Real Name | Larry W. Cashdollar |
|---|---|
| Email address | private |
| Website | vapid.dhs.org |
| First Active | 1999-11-14 |
| Last Active | 2020-07-15 |
Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability.
dd1b24534bc513df316ed360fb139f228b8988566fe55fe24f004ec934cc9308Ruby Gem Karteek Docsplit version 0.5.4 fails to sanitize user-supplied input. If a user is tricked into extracting a file with shell characters in the name, code can be executed remotely.
b21afb51938c4e491625c88dec36626c10a2f58c611fc3dcdcfd45693ccba644Ruby Gem ldoce version 0.0.2 suffers from a command execution vulnerability.
e0a0c481b47cda56119e30048f9a0ff4309520aaeab8de2c5a98a5ae1b099cd8Ruby Thumbshooter Gem version 0.1.5 suffers from a remote command execution vulnerability due to passing unsanitized user-supplied data to the shell.
0652702d6e2f7b3bc1f88941a17af3a1b29f12b8f34ed087c62a57ec0db99e81Ruby Gem Fastreader version 1.0.8 suffers from a remote code execution vulnerability.
89b87fccb71d43cbfd06695564eb38fc2b65d8c3efba57236545d8452c11b607Ruby Gem Command Wrap suffers from a remote code execution vulnerability.
28a0b4a6c633d5625d572416f7ec1b3eca1a2045358cc07c0078fd6cd2d57065Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.
c96fc864359b4f3b2f30998551d780075c8307fbf1c24791422f696b650146efRuby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.
f3b4827a94b047303ccc02b88c3f74c2860bb4df87e899281dfb759760495123Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.
1fab775f0aafbbbde6c3e31e5072977d382d54542fa209d3fc109a74349d293aThe infiniband diagnostic utility handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. penFabrics ibutils version 1.5.7 is affected.
addeecc6e8b571ebf6c2a2c55fcbfb3fc70a6a2ae9876a01939f8d30d7439c9eRaspberry Pi rpi-update local root exploit.
eb425fb5dff9ccde638741a61ae7293c083ce15b1bae70498443b5f2d1266c53Ruby Gem Flash Tool version 0.6.0 suffers from a remote code execution vulnerability.
eabb60c3855ec8b85847261cb4d2c326b3edd6845b673b873d28fd6cd3d5fc58Ruby Gem ftpd-0.2.1 suffers from a remote command execution.
969e78acf08090cf414fa12176d6525e5d7810d5d1274f1ffbdbae4ced15669dOracle Auto Service Request insecure creates files in /tmp using time stamps allow for root-owned files to be clobbered.
62958024223f7ff7956367f2a7735ad90e0b9970a5455344602162eceb1fc1e4The Fileutils Ruby gem suffers from possible remote command execution due to a lack of passing unsanitized user input to CutyCapt for execution. It also suffers from insecure file handling in /tmp.
9effb3c69c98b3176ca1adde2524ed4a2a4b6bee7a62e010054f819e6d60b521Gambas creates a directory in /tmp called gambas.UID where UID is the user id of the person running the software. Gambas does not check to see if a malicious user has already created that directory.
265512fa79bfac648de386e18f99ee937d26851f9df7995309f00539ecbf6106Oracle Auto Service Request creates files insecurely in /tmp using time stamps instead of mkstemp(). Due to this, it is possible to clobber root owned files and possibly cause a denial of service condition or worse.
3201569e185a30abb901fe01ff0684a58d22ab75b3d2eb41883373ead659d4e8Oracle Automated Service Manager version 1.3 suffers from a local root privilege escalation vulnerability during install.
541a2508bc332207de3f68c469abd43870d40347d9628cf361e59c570beb5ac0Centrify Deployment Manager version 2.1.0.283 local root exploit that leverages a race condition in /tmp.
38f44fe5235206c1815107ebecea1649a3da90ccbf7baa70c756abbb16cd7901Centrify Deployment Manager version 2.1.0.283 suffers from a race condition in /tmp that allows for local root privilege escalation.
7571d7bb4780c1d99a2465c7ff79b8660346fa719c99eca6d189b83896c08490Oracle Exadata leaf switches come configured with easily guessable passwords and a shadow file that is world-readable.
4656654c3f194537f44fd57130e17703524ad55c4635083060dae1b01824ac10YingZhi Python version 1.9 application for iOS allows for arbitrary file uploads to the root WWW directory and also has a ftp server directory traversal vulnerability that forces no authentication.
dd481a7d02e448e69e88b80af5a9bce38fe30a0e912040a9b5f2d81914099c34The Solaris 10 137097-01 patch suffers from a symlink attack that will let a user clobber a root owned file.
13b5efe587e83e9d28fceb6ebe9f80bdd07ca9622ef7767e9ebb53b9c4b62f13The RaspberryPi Occidentalis version 0.1 image spawns sshd by default without prompting users to change their credentials, leaving their systems accessible via root/root default credentials.
656c7ec055e2f82105589240af2b020366360c6deae390094ae0d32f88f6c389There is a race condition with the postinstall script for SUNWbindr that if update manager is being used or smpatch while the system is in multi user mode could lead to arbitrary code execution as root.
55f4f7844ec8ab139f894424203bf63b094b9b91024568ca0627ba66f4950a41
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed