CVE-2013-6876 s3dvt Root shell
About s3dvt:
s3dvt is part of the 3d network display server which can be used as
3d desktop environment.
Vulnerability:
A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain
a root shell.
Details, patches, discussion and strategy to exploit
CVE-2013-6825 DCMTK Root Privilege escalation
About DCMTK:
DCMTK is a collection of libraries and applications implementing large parts
the DICOM standard. It includes software for examining, constructing and
converting DICOM image files, handling offline media, sending and receiving
images
CVE-2014-1226 s3dvt Root shell (still)
About s3dvt:
s3dvt is part of the 3d network display server which can be used as
3d desktop environment.
Vulnerability:
The s3dvt developers forgot to review all the code. There is still a
vulnerable function as in the previous CVE-2013-6825. At the
Hi everyone,
Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.
We think that this is a security issue because in some circumstances
the bash security feature could be bypassed allowing the bash to be a
valid target shell in an
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation
Via Insecure RPATH In IBM DB2
CVE: CVE-2014-0907
Vendor: IBM
Product: DB2
Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5
Fixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a
Reported by: Tim Brown
Details:
It
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:13.pamSecurity Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:11.sendmail Security Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:12.ktrace Security Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2945-1 secur...@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
June 03, 2014
I. VULNERABILITY
-
Reflected XSS Attacks vulnerabilities in Transform Foundation server
4.3.1 and 5.2 from Bottomline Technologies
II. BACKGROUND
-
Bottomline offers powerful, next-generation electronic document
solutions for formatting,
In my opinion the drop of privs in bash was mostly a help measure
for poorly written setuid programs executing system() calls. I don't
think is the role of bash to do this as the problem that could be
exploited by that would really be in the original program that does
not drop privs before
11 matches
Mail list logo