4457 matches found
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
CVE-2011-2729: Commons Daemon fails to drop capabilities Apache Tomcat Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.19 Tomcat 6.0.30 to 6.0.32 Tomcat 5.5.32 to 5.5.33 Description: Due to a bug in the capabilities code, jsvc the service wrapper...
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
Apache Tomcat 7.0.0 < 7.0.20
The version of Tomcat installed on the remote host is prior to 7.0.20. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.20security-7 advisory. - native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used i...
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
DEBIAN-CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
Authentication flaw
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
CVE-2011-2729
CVE-2011-2729 affects the Jakarta Commons Daemon jsvc component in Tomcat runtimes (Tomcat 5.5.32–5.5.33, 6.0.30–6.0.32, and 7.0.x before 7.0.20) where jsvc did not properly drop capabilities. This allows a remote attacker to bypass read permissions for files via an application request. The root ...
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
Fixed in Apache Tomcat 7.0.20
Important: Information disclosure CVE-2011-2729 Due to a bug in the capabilities code, jsvc the service wrapper for Linux that is part of the Commons Daemon project does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occu...
Microsoft Word 2003 - Record Parsing Buffer Overflow (MS09-027) (Metasploit)
$Id: ms09-027 10477 2011-04-13 11:59:02Z mc $ This file is not part of the Metasploit Framework and may not be subject to redistribution and commercial restrictions. TODO some testing to find the real banned characters and maxlen add those parameters to the .rb file drop in appropriate directory...
Chinese hackers targeted House of Commons !
Chinese hackers not only attacked key federal departments: they also cracked into the computer system of the House of Commons, targeting MPs with large ethnic Chinese constituencies, CTV News has learned. Sources say Canada's secret cyber spy agency -- the Communications Security Establishment --...
Fedora 14 : tomcat6-6.0.26-14.fc14 (2010-16528)
Replaces tomcat6-6.0.26-13.fc14 - Resolves rhbz640686 - Upgrade of tomcat6 wipes out directories - WARNING - Back up all files that need to be preserved before package update or uninstall - WARNING CVE-2010-2227 applied Several Bug fixes : - tomcat user shell - Multiple instances of tomcat not...
spring-data-commons
It is...
Fedora 12 : tomcat6-6.0.26-3.fc12 (2010-16248)
Includes security fix for CVE-2010-2227. - Package updated to new upstream version tomcat-6.0.26 - commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of commons-collections, commons-pool, and commons-dbcp - Directory permissions fixed - tomcat...
Best Practices in Passwords Not Encouraged
A pair of academic researchers have analyzed the use of passwords by many prominent online sites, and found that many sites require passwords as a sort of security theater, requiring them in contexts that are superfluous and failing to do their part to secure the information on their end. The end...
Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln
No description provided by source. comidoblog SQL Injection ALL VERSIONS Descubierto por : KKR Somos: knet, kiko, ricota, servl Contacto: elricotaATgmailDOTcom + Ediciones anteriores tenian las mismas fallas pero no fixearon todo... + Esta sql injection afecta todas las versiones. - + exploit: -...
Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln
Exploit for unknown platform in category web applications ================================================================ Joomla Component idoblog 1.1b30 comidoblog SQL Injection Vuln ================================================================ comidoblog SQL Injection ALL VERSIONS Descubier...