CloudBees Jenkins Config File Provider Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Config File Provider i...

Openstack DBaaS Configuration File Write Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the U.S. Openstack DBaaS is one of the database service tools. A security vulnerability exists in Openstack DBaaS aka Trove in versions prior to Openstack...

UBUNTU-CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

gdm and gnome-session security, bug fix, and enhancement update

gdm 3.22.3-11 - Add japanese translation Resolves: 1449632 3.22.3-10 - Add patches to try to maintain some semblance of compatibility when live upgrading between 7.3 and 7.4 Related: 1448786 3.22.3-9 - Make sure reauthentication is run within the user session. Resolves:1448209 3.22.3-8 - Reap...

Samplicator - Send copies of (UDP) datagrams to multiple receivers, with optional sampling and spoofing

This small program receives UDP datagrams on a given port, and resends those datagrams to a specified set of receivers. In addition, a sampling divisor N may be specified individually for each receiver, which will then only receive one in N of the received packets. INSTALLATION This distribution...

Niushop open source mall system Config.php SQL injection vulnerabilities exist

NiuShop open source mall system , is by the Shanxi Niu Cool Information Technology Co., Ltd. completely independent design , research and development of a PHP open source e-commerce system . Niushop open source mall system Config.php SQL injection vulnerability exists . Attackers can use this...

PDNS Manager Remote Command Execution Vulnerability

Exploit for php platform in category web applications Details ======= Product: PDNS Manager Affected Versions: Git master 3bf4e28 2016-12-12 - 2bb00ea 2017-05-22 Fixed Versions: = Git Commit ccc4232 Vulnerability Type: Remote Command Execution Vendor URL: https://pdnsmanager.lmitsystems.de/ Vendo...

Stellar.org: heap-buffer-overflow (READ of size 1) in cpptoml::parser::consume_whitespace()

@geeknik found a heap buffer overflow in stellar-core's toml parser. This is low severity because toml parser is only used to parse config file of stellar-core...

CVE-2016-5411

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...

finecms 5.0.6 backend has arbitrary file read and CSRF vulnerabilities

FineCMS is a content management system based on PHP+MySql. FineCMS 5.x version of the foreground exists arbitrary file reading and CSRF vulnerability, an attacker can exploit the vulnerability by replacing... /The vulnerability can be exploited to read arbitrary configuration table files, execute...

CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

CVE-2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

Trend Micro Threat Discovery Appliance <= 2.6.1062r1 logoff.cgi Directory Traversal Authentication Bypass Vulnerability（CVE-2016-7552）

Summary: There exists a pre-authenticated directory traversal vulnerability that allows an attacker to delete any folder or file as root. This can result in an attacker causing a DoS or bypassing authentication. Exploitation: An attacker can use this vulnerability to bypass the authentication by...

UBUNTU-CVE-2016-10152

The readconfigfile function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache...

jboss: jbossas writable config files allow privilege escalation

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

ownCloud: bug reporting template encourages users to paste config file with passwords

The dangerous bug reporting template ============================= The github bug reporting template for owncloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...

Nextcloud: bug reporting template encourages users to paste config file with passwords

The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...