Lucene search
K

4457 matches found

securityvulns
securityvulns
added 2011/08/17 12:0 a.m.103 views

[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)

CVE-2011-2729: Commons Daemon fails to drop capabilities Apache Tomcat Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.19 Tomcat 6.0.30 to 6.0.32 Tomcat 5.5.32 to 5.5.33 Description: Due to a bug in the capabilities code, jsvc the service wrapper...

5CVSS1.8AI score0.07243EPSS
Exploits0
OpenVAS
OpenVAS
added 2011/08/17 12:0 a.m.63 views

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

Apache Commons Daemon is prone to a remote information-disclosure vulnerability that affects the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

5CVSS4.2AI score0.07243EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2011/08/16 12:0 a.m.46 views

Apache Tomcat 7.0.0 < 7.0.20

The version of Tomcat installed on the remote host is prior to 7.0.20. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.20security-7 advisory. - native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used i...

5CVSS5.1AI score0.07243EPSS
Exploits0References3
NVD
NVD
added 2011/08/15 9:55 p.m.18 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

5CVSS4.3AI score0.07243EPSS
Exploits0References30
OSV
OSV
added 2011/08/15 9:55 p.m.1 views

DEBIAN-CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

5CVSS6.9AI score0.07243EPSS
Exploits0References1
OSV
OSV
added 2011/08/15 9:55 p.m.10 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

6.3AI score
Exploits0References30
Prion
Prion
added 2011/08/15 9:55 p.m.20 views

Authentication flaw

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

5CVSS6.9AI score0.07243EPSS
Exploits0References30Affected Software2
CVE
CVE
added 2011/08/15 9:0 p.m.96 views

CVE-2011-2729

CVE-2011-2729 affects the Jakarta Commons Daemon jsvc component in Tomcat runtimes (Tomcat 5.5.32–5.5.33, 6.0.30–6.0.32, and 7.0.x before 7.0.20) where jsvc did not properly drop capabilities. This allows a remote attacker to bypass read permissions for files via an application request. The root ...

5CVSS4.1AI score0.07243EPSS
Exploits0References30Affected Software1
Cvelist
Cvelist
added 2011/08/15 9:0 p.m.24 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

4.1AI score0.07243EPSS
Exploits0References30
Debian CVE
Debian CVE
added 2011/08/15 9:0 p.m.23 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

5CVSS4.3AI score0.07243EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2011/08/15 12:0 a.m.22 views

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

5CVSS5.9AI score0.07243EPSS
Exploits0References5
Apache Tomcat
Apache Tomcat
added 2011/08/11 12:0 a.m.51 views

Fixed in Apache Tomcat 7.0.20

Important: Information disclosure CVE-2011-2729 Due to a bug in the capabilities code, jsvc the service wrapper for Linux that is part of the Commons Daemon project does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occu...

5CVSS4AI score0.07243EPSS
Exploits0Affected Software1
Exploit DB
Exploit DB
added 2011/04/16 12:0 a.m.31 views

Microsoft Word 2003 - Record Parsing Buffer Overflow (MS09-027) (Metasploit)

$Id: ms09-027 10477 2011-04-13 11:59:02Z mc $ This file is not part of the Metasploit Framework and may not be subject to redistribution and commercial restrictions. TODO some testing to find the real banned characters and maxlen add those parameters to the .rb file drop in appropriate directory...

9.3CVSS7AI score0.40503EPSS
Exploits8
The Hacker News
The Hacker News
added 2011/02/18 6:6 a.m.7 views

Chinese hackers targeted House of Commons !

Chinese hackers not only attacked key federal departments: they also cracked into the computer system of the House of Commons, targeting MPs with large ethnic Chinese constituencies, CTV News has learned. Sources say Canada's secret cyber spy agency -- the Communications Security Establishment --...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/11/15 12:0 a.m.35 views

Fedora 14 : tomcat6-6.0.26-14.fc14 (2010-16528)

Replaces tomcat6-6.0.26-13.fc14 - Resolves rhbz640686 - Upgrade of tomcat6 wipes out directories - WARNING - Back up all files that need to be preserved before package update or uninstall - WARNING CVE-2010-2227 applied Several Bug fixes : - tomcat user shell - Multiple instances of tomcat not...

6.4CVSS5.5AI score0.54779EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2010/11/11 8:19 p.m.5 views

spring-data-commons

It is...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/11/02 12:0 a.m.46 views

Fedora 12 : tomcat6-6.0.26-3.fc12 (2010-16248)

Includes security fix for CVE-2010-2227. - Package updated to new upstream version tomcat-6.0.26 - commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of commons-collections, commons-pool, and commons-dbcp - Directory permissions fixed - tomcat...

6.4CVSS5.6AI score0.54779EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2010/06/09 3:5 p.m.11 views

Best Practices in Passwords Not Encouraged

A pair of academic researchers have analyzed the use of passwords by many prominent online sites, and found that many sites require passwords as a sort of security theater, requiring them in contexts that are superfluous and failing to do their part to secure the information on their end. The end...

2.2AI score
Exploits0References3
seebug.org
seebug.org
added 2009/08/12 12:0 a.m.22 views

Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln

No description provided by source. comidoblog SQL Injection ALL VERSIONS Descubierto por : KKR Somos: knet, kiko, ricota, servl Contacto: elricotaATgmailDOTcom + Ediciones anteriores tenian las mismas fallas pero no fixearon todo... + Esta sql injection afecta todas las versiones. - + exploit: -...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/08/11 12:0 a.m.31 views

Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln

Exploit for unknown platform in category web applications ================================================================ Joomla Component idoblog 1.1b30 comidoblog SQL Injection Vuln ================================================================ comidoblog SQL Injection ALL VERSIONS Descubier...

7.1AI score
Exploits0
Rows per page
Query Builder