CVE-2018-18942

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/themeconfigs/form dataThemeConfiglogo parameter...

PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability

Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...

Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

SearchBlox File Exfiltration Denial of Service Vulnerability

SearchBlox is a set of open source and free based on Lucene full-text search engine toolkit to build enterprise search and analytics solutions. A security vulnerability exists in SearchBlox that allows remote attackers to exploit the vulnerability to overwrite configuration files, add or remove...

IBM InfoSphere BigInsights Uses Apache Ambari Information Disclosure Vulnerability

IBM InfoSphere BigInsights is a suite of software platforms for storing and analyzing "Big Data" from IBM, USA. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data.Apache Ambari is a set of tools for configuring, managing, and monitoring...

CVE-2015-4928

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields...

CVE-2015-4928

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields...

kernel security, bug fix, and enhancement update

2.6.32-504.23.4 - crypto drbg: fix maximum value checks on 32 bit systems Herbert Xu 1225950 1219907 - crypto drbg: remove configuration of fixed values Herbert Xu 1225950 1219907 2.6.32-504.23.3 - netdrv bonding: fix locking in enslave failure path Nikolay Aleksandrov 1222483 1221856 - netdrv...

ClipSharePro <= 4.1 - Local File Inclusion

No description provided by source. Exploit Title : ClipSharePro = 4.1 Local File Inclusion Date : 2013/3/9 Exploit Author : Saadat Ullah ? saadilinuxatrocketmaildotcom Software Link : http://www.clip-share.com Author HomePage: http://security-geeks.blogspot.com Tested on: Server : Apache/2.2.15...

ClipSharePro 4.1 Local File Inclusion

Exploit Title : ClipSharePro 0 $configfile = $GET'configfile'; else showAlertMessage"ERROR: Failed to find configfile parameter", 1; else $configfile = $DEFAULTCONFIG; // Load config file require $configfile; //including arbitrary file $GET'configfile' echo $configfile; The vulnerability can be...

ClipSharePro 4.1 - Local File Inclusion

Exploit Title : ClipSharePro 0 $configfile = $GET'configfile'; else showAlertMessage"ERROR: Failed to find configfile parameter", 1; else $configfile = $DEFAULTCONFIG; // Load config file require $configfile; //including arbitrary file $GET'configfile' echo $configfile; The vulnerability can be...

Windows Gather Steam Client Session Collector.

This module will collect Steam session information from an account set to autologin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Steam Client Session Collector.', 'Descriptio...

Scientific Linux Security Update : exim on SL4.x, SL5.x i386/x86_64

A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the 'exim' user, they could cause Exim to execute arbitrary commands as the root user. CVE-2010-4345 This update adds a new configuration file, '/etc/exim/trusted-configs'. To prevent Exim from running...

CentOS Update for exim CESA-2011:0153 centos4 x86_64

Check for the Version of exim OpenVAS Vulnerability Test CentOS Update for exim CESA-2011:0153 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for exim CESA-2011:0153 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

exim security update

CentOS Errata and Security Advisory CESA-2011:0153 Updated exim packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

RedHat Update for exim RHSA-2011:0153-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Oracle Linux 5.6 kernel security and bug fix update

2.6.18-238.el5 - net bnx2: remove extra call to pcimappage John Feeney 663509 - fs nfs: set lockcontext field in nfsreadpagesync Jeff Layton 663853 2.6.18-237.el5 - block fully zeroize request struct in rqinit Rob Evers 662154 - scsi qla4xxx: update to 5.02.04.02.05.06-d0 Chad Dupuis 656999 - scs...

Moderate: Red Hat Security Advisory: exim security update

Updated exim packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Read configs to prevent root login

This plugin uses ssh to Read configs to prevent root login: Check for /etc/securettys show all non console, check if root login is not possible via SSH, check for SYSLOGSUENAB in /etc/login.defs, check for perm 0644 on /etc/securettys /etc/login.defs /etc/sshd/sshdconfig, check if rootsquash is...