91 matches found
Command injection
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
Debian DSA-2456-1 : dropbear - use after free
Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place. %NASLMINLEVEL 70300 C Tenabl...
[SECURITY] [DSA 2456-1] dropbear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2456-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 23, 2012 http://www.debian.org/security/faq -...
DSA-2456-1 dropbear - use after free
Bulletin has no description...
Cisco IOS Command EXEC Unspecified Vulnerability
An unspecified vulnerability in Command EXEC allows local users to bypass command restrictions and obtain sensitive information via an unspecified 'variation of an IOS command'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17775; scriptversion"1.5";...
Command injection
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague...
GLSA-200703-13 : SSH Communications Security's Secure Shell Server: SFTP privilege escalation
The remote host is affected by the vulnerability described in GLSA-200703-13 SSH Communications Security's Secure Shell Server: SFTP privilege escalation The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers scp2 and sftp2. In some...
Mandrake Linux Security Advisory : sendmail (MDKSA-2002:083)
A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the /.forward file and secondly by callin...