17 matches found
GHSA-W8M4-4V35-V6X3 uutils coreutils allows unauthorized modification of permissions on existing files
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...
Apache Hive 安全漏洞
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-644)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-644 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each...
Improper Access Control
Overview kaminari is a Scope & Engine based, clean, powerful, agnostic, customizable and sophisticated paginator for Rails 4+. Affected versions of this package are vulnerable to Improper Access Control due to improper handling of file permissions. An attacker can modify application behavior or...
PT-2024-25025 · Kaminari · Kaminari
Name of the Vulnerable Software and Affected Versions: Kaminari versions prior to 0.16.2 Description: A security issue involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails. This issue is of moderate severity due to the potential for...
PT-2025-2399 · Hive · Hive
Name of the Vulnerable Software and Affected Versions: Hive versions prior to 4.0.1 Description: The issue arises when Hive creates a credentials file in a temporary directory with default permissions of 644, allowing any unauthorized user with access to the directory to read sensitive informatio...
CVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
CVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
Windows/x86 - MSVCRT System + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
644 bytes small Microsoft Windows x86 shellcode that disables the Windows firewall, adds the user MajinBuu with password TurnU2C@ndy!! to the system, adds the user MajinBuu to the local groups Administrators and Remote Desktop Users, and then enables the RDP Service. Exploit Title: Windows/x86 -...
Debian DLA-644-1 : libav security update
Multiple vulnerabilities have been found in libav : CVE-2015-1872 The ffmjpegdecodesof function in libavcodec/mjpegdec.c in Libav before 0.8.18 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service out-of-bounds...
Paypal Bug Bounty #8 - CSRF DEV Web Vulnerability
Document Title: =============== Paypal Bug Bounty 8 - CSRF DEV Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=644 Paypal UID: ydw159yyb Release Date: ============= 2013-01-23 Vulnerability Laboratory ID VL-ID:...
Paypal Bug Bounty #8 - CSRF DEV Web Vulnerability
Document Title: =============== Paypal Bug Bounty 8 - CSRF DEV Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=644 Paypal UID: ydw159yyb Release Date: ============= 2013-01-23 Vulnerability Laboratory ID VL-ID:...
java-1.6.0-openjdk security update
1:1.6.0.0-1.48.1.11.3 - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz828751 1:1.6.0.0-1.47.1.11.3 - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libxml2 vulnerabilities (USN-815-1)
It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. CVE-2009-2414 ...
Ubuntu: Security Advisory (USN-644-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for cups FEDORA-2007-644
Check for the Version of cups OpenVAS Vulnerability Test Fedora Update for cups FEDORA-2007-644 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Debian Security Advisory DSA 644-1 (chbg)
The remote host is missing an update to chbg announced via advisory DSA 644-1. OpenVAS Vulnerability Test $Id: deb6441.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 644-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...