88 matches found
Debian DSA-1755-1 : systemtap - race condition
Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
AWStats migrate Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWStats configuration fil...
CVE-2008-1755
The CVE-2008-1755 entry concerns a Directory traversal vulnerability in World of Phaos 4.0.1, specifically in the showSource.php showSource function. An attacker can read arbitrary files by supplying directory traversal sequences in the file parameter. No explicit remediation is provided in the c...
CVE-2005-1755
The CVE-2005-1755 entry concerns PHP Poll Creator (version 1.01) where PHP remote file inclusion is possible through the relativer_pfad parameter in poll_vote.php. The underlying issue is arbitrary PHP code execution via a manipulated relative path, as described in the NVD entry for poll_vote.php...
CVE-2006-1755
MD News 1 admin.php is affected by an SQL injection in the id parameter that allows remote attackers to run arbitrary SQL. Root cause: improper handling of input leading to SQL injection. Impact: potential unauthorized data exposure or modification; exploitation is remote over the network with lo...
CVE-2004-1755
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges...
CVE-2004-1755
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges...
DEBIAN-CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...