DP300,RP200,RSE6500,TE30,TE40,TE50,TE60,TX50,VP9660,ViewPoint 8660,ViewPoint 9030,Viewpoint 8660, Security Vulnerabilities

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerability (USN-2858-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2858-2 advisory. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to...

Ubuntu 15.10 : linux-raspi2 vulnerability (USN-2858-3)

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...

Ubuntu 14.04 LTS / 15.10 overlayfs Local Root

...

Ubuntu 15.10 : linux vulnerability (USN-2858-1)

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...

Ubuntu 15.04 : linux vulnerability (USN-2857-1)

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerability (USN-2857-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2857-2 advisory. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to...

Linux kernel (Vivid HWE) vulnerability

Releases Ubuntu 14.04 ESM Packages linux-lts-vivid - Linux hardware enablement kernel from Vivid Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative...

Linux kernel (Wily HWE) vulnerability

Releases Ubuntu 14.04 ESM Packages linux-lts-wily - Linux hardware enablement kernel from Wily Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative...

Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation (1)

Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation...

Linux kernel (Raspberry Pi 2) vulnerability

Releases Ubuntu 15.10 Packages linux-raspi2 - Linux kernel for Raspberry Pi 2 Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes...

Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Privilege Escalation (1)

Exploit for linux platform in category local...

Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Local Privilege Escalation (1)

...

Linux kernel vulnerability

Releases Ubuntu 15.04 Packages linux - Linux kernel Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code...

Linux kernel vulnerability

Releases Ubuntu 15.10 Packages linux - Linux kernel Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code...

CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...

CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...

CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...

Immunity Canvas: OVERLAYFS_SETATTR

Name| overlayfs_setattr ---|--- CVE| CVE-2015-8660 Exploit Pack| CANVAS Description| Ubuntu Overlayfs setattr local privilege escalation Notes| Repeatability: Multiple Times Notes: This is a local privilege escalation affecting kernels lower than 4.3.3. Tested on: - Ubuntu 15.10 VENDOR:...

Design/Logic Flaw

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...

CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted...

CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. Bugs ...

WordPress < 3.7.9 / 3.8.x < 3.8.9 / 3.9.x < 3.9.7 / 4.1.x < 4.1.6 / 4.2.x < 4.2.3 Multiple Vulnerabilities

Versions of WordPress 3.7.x prior to 3.7.9 , 3.8.x prior to 3.8.9 , 3.9.x prior to 3.9.7 , 4.1.x prior to 4.1.6 , and 4.2.x prior to 4.2.3 are susceptible to the following vulnerabilities : A cross-site scripting (XSS) vulnerability exists due to a flaw in the Shortcode API in which shortcodes...

Huawei VP9660 Multi-Point Control Unit Detection (SNMP)

SNMP based detection of Huawei VP9660 Multi-Point Control Unit...

Huawei VP9660 Multi-Point Control Unit Multiple Vulnerabilities (huawei-sa-20151111-01-vp9660)

Huawei VP9660 Multi-Point Control Unit is prone to multiple...

Huawei VP9660信息泄露漏洞

VP9660是华为视频会议系统的多媒体控制单元。 华为VP9660产品存在服务端未对输入完全做校验的安全漏洞。在使用内置WebServer场景下, 攻击者以业务管理员身份登录到设备后，通过构造修改特定报文信息发送到服务端，可以注入恶意命令，从而导致信息泄露，设备不可用。 前提条件： 攻击者能够以业务管理员身份登录VP9660成功； VP9660在使用内置WebServer场景下存在该漏洞; 攻击步骤：...

Huawei VP9660远程安全绕过漏洞

No description provided by...

Security Advisory - Two Vulnerabilities in Huawei TE Series Product

Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience. A security...

CVE-2015-8227

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...

CVE-2015-8227

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...

Design/Logic Flaw

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...

CVE-2015-8227

The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted...

Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products

VP9660 is the multi-point control unit of Huawei Video Conference system. The server of the Huawei VP9660 does not validate the input when using build-in WebServer. In such case, an attacker could log in to the device as an business administrator, graft a message to change the specific...

elnuevoherald.com XSS vulnerability

Vulnerable URL: http://www.elnuevoherald.com/search/?q=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 12.11.2015 Latest check for patch:| 12.11.2015 11:05 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|.....

SUSE: Security Advisory for xen (SUSE-SU-2015:0022-1)

The remote host is missing an update for...

Gentoo Security Advisory GLSA 201504-04

Gentoo Linux Local Security Checks GLSA...

Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products

A security vulnerability exists in Rivest Cipher 4 (RC4) used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah....

openSUSE: Security Advisory for xen (openSUSE-SU-2015:0256-1)

The remote host is missing an update for...

Fedora Update for xen FEDORA-2015-12714

The remote host is missing an update for...

[SECURITY] Fedora 21 Update: xen-4.4.2-9.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

[SECURITY] Fedora 21 Update: xen-4.4.2-7.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

Fedora Update for xen FEDORA-2015-11247

The remote host is missing an update for...

Fedora Update for xen FEDORA-2015-9965

The remote host is missing an update for...

Fedora Update for xen FEDORA-2015-9978

The remote host is missing an update for...

[SECURITY] Fedora 20 Update: xen-4.3.4-6.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

[SECURITY] Fedora 21 Update: xen-4.4.2-6.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

Fedora Update for xen FEDORA-2015-9466

The remote host is missing an update for...

[SECURITY] Fedora 21 Update: xen-4.4.2-5.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

Fedora Update for xen FEDORA-2015-8252

The remote host is missing an update for...

Fedora Update for xen FEDORA-2015-8270

The remote host is missing an update for...

tor-consensus-checker NSE Script

Checks if a target is a known Tor node. The script works by querying the Tor directory authorities. Initially, the script stores all IPs of Tor nodes in a lookup table to reduce the number of requests and make lookups quicker. Script Arguments slaxml.debug See the documentation for the slaxml...