545 matches found
Nagios Plugins <= 2.0.1 check_dhcp Arbitrary Option File Read
Exploit for linux platform in category local exploits I. VULNERABILITY ------------------------- checkdhcp - Nagios Plugins = 2.0.1 Arbitrary Option File Read II. BACKGROUND ------------------------- "Nagios is an open source computer system monitoring, network monitoring and infrastructure...
Weathermap 0.97C Local File Inclusion
============================================= WEBERA ALERT ADVISORY 01 - Discovered by: Anthony Dubuissez - Severity: high - CVE Request - 03/06/2013 - CVE Assign - 03/06/2013 - CVE Number - CVE-2013-3739 - Vendor notification - 03/06/2013 - Vendor reply - No reply - Public disclosure - 10/06/201...
D-Link DSL-320B Multiple Security Vulnerabilities (May 2013) - Active Check
D-Link DSL-320B devices are prone multiple security vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: Running against all DS...
[Panoptic] Automates the process of search and retrieval of content for common log and config files through LFI vulnerability
Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability. Official introductionary post can be found here. Also, you can find a sample run here. Help Menu Usage: panoptic.py --url...
TP-LINK TL-WR841N wireless router local file inclusion vulnerability
Overview The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device. Description CWE-829: Inclusion of Functionality from Untrusted Control SphereThe TP-LINK TL-WR841N wireless router...
Fedora 17 : redeclipse-1.2-12.fc17 (2012-11582)
A flaw was found in the way Red Eclipse handled config files. In cube2-engine games, game maps can be transmitted either from the server to a client, or from client to client. These maps include a config file mapname.cfg in 'cubescript' format, which allows for an attacker to send a malicious...
DEBIAN-CVE-2011-2709
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...
Confluence does not respect HTTPS in Server Base URL when 301 redirecting
We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...
Hardcoded credentials
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.actioncontrollersession hash value aka secret key, which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the...
Linux Gather XChat Enumeration
This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply...
exim -- local privilege escalation
David Woodhouse reports: Secondly a privilege escalation where the trusted 'exim' user is able to tell Exim to use arbitrary config files, in which further $run ... commands will be invoked as root...
Month Of Abysssec Undisclosed Bugs - DynPage 1.0
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-7-dynpage-multiple-remote-vulnerabilities/ ''' - Title : DynPage Multiple Remote Vulnerabilities. - Affected Version : = v1.0 - Vendor Site :...
QuickTalk 1.2 - Source Code Disclosure
QuickTalk 1.2 - Source Code Disclosure ======================================================================= QuickTalk v1.2 Source code disclosure Multiple Vulnerabilities =======================================================================...
Anonymise config files in support zip
Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...
Anonymise config files in support zip
Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...
Anonymise config files in support zip
Files included in the generated zip file could contain private information. This issue addresses that by removing all sensitive information before creating the zip. The severity of this issue is HIGH. Please see http://confluence.atlassian.com/x/ZILmD for other security related issues and...
System: insecure config file permissions
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files...
Gentoo Security Advisory GLSA 200310-04 (Apache)
The remote host is missing updates announced in advisory GLSA 200310-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 8 : postgresql-8.2.6-1.fc8 (2008-0478)
Mon Jan 7 2008 Tom Lane 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place Note that...
Fedora Core 6 : xen-3.0.3-12.fc6 (2007-713)
Fixes a security flaw in pygrub handling of config files and a denial-of-service case in ne2k NIC for QEMU. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as mu...