CVE-2018-9022

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file...

Security Bulletin: Vulnerability in SSLv3 affects Warehouse Administration Console and Cubing Services components of IBM InfoSphere Warehouse and IBM DB2 for Linux, Unix and Windows (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. IBM InfoSphere Warehouse and IBM DB2 for Linux, Unix and Windows do not directly enable SSLv3. However, WAS WebSphere Application Server is bundled with IBM...

PE client tools for Windows code execution vulnerability

Puppet is a set of configuration management tools based on the client/server C/S architecture of Puppet Labs, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version.PE client tools for Windows is one of the...

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

CVE-2018-6516

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools aka pe-client-tools 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation...

CVE-2018-6516

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools aka pe-client-tools 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation...

CVE-2017-17443

OPC Foundation Local Discovery Server LDS 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the...

CVE-2017-17443

The CVE-2017-17443 entry concerns OPC Foundation Local Discovery Server (LDS) 1.03.370. A security update is required to address vulnerabilities that allow an attacker with local file-system access to place invalid data in the configuration file, causing the LDS to crash or become unavailable unt...

CVE-2017-17443

OPC Foundation Local Discovery Server LDS 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the...

Puppet Agent Arbitrary Code Execution Vulnerability

Puppet is the United States Puppet Labs a set of client / server C / S architecture based on the configuration management tools . Puppet Agent for Windows is one of the Windows platform based on the agent program . A security vulnerability exists in Puppet Agent for Windows versions 1.10.x prior ...

Privilege escalation

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation...

[SECURITY] Fedora 27 Update: remctl-3.14-1.fc27

remctl the client and remctld the server implement a client/server protocol for running single commands on a remote host using Kerberos v5 authentication and returning the output. They use a very simple GSS-API-authenticated network protocol, combined with server-side ACL support and a server...

CVE-2018-6515

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation...

OCaml Batteries Included Parameter Injection Vulnerability

OCaml Batteries Included a.k.a. ocaml-batteries is a set of development platforms based on the OCaml language maintained by the OCaml community. A security vulnerability exists in the batteriesConfig.mlp file in OCaml Batteries Included version 2.6, which stems from the program failing to validat...

cgminer and bfgminer absolute directory traversal vulnerability

Both cgminer and bfgminer are bitcoin mining software. A path traversal vulnerability exists in the remote management interface in cgminer version 4.10.0 and bfgminer version 5.5.0. A remote attacker could exploit this vulnerability to write a mining machine configuration file to an arbitrary...

Sint Wind PI 01.26.19 Authentication Bypass Vulnerability

Exploit for linux platform in category web applications Sint Wind PI v01.26.19 Authentication Bypass Vendor: Tonino Tarsi Product web page: https://github.com/ToninoTarsi/swpi Affected version: 01.26.19 Summary: A Meteo Station software for Raspberry PI. Capability include telephone answering,...

CVE-2018-10057

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...

Directory traversal

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...

CVE-2018-10057

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions absolute directory traversal...

Sint Wind PI 01.26.19 Authentication Bypass

Sint Wind PI v01.26.19 Authentication Bypass Vendor: Tonino Tarsi Product web page: https://github.com/ToninoTarsi/swpi Affected version: 01.26.19 Summary: A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind...