CVE-2013-1060

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the buildd directory and consequently reads the system configuration file from the buildd directory, which allows...

CVE-2010-5290

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different...

Design/Logic Flaw

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different...

CVE-2013-1057

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse importpxefiles configuration file in the current working directory...

Multiple vulnerabilities on D-Link Dir-505 devices

Multiple vulnerabilities on D-Link Dir-505 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link Dir-505 devices Discovery date: 05/04/2013 Release date: 09/09/2013 Credits: Alessandro Di Pinto alessandro.dipinto artificialstudio...

D-Link DIR-505 1.06 - Multiple Vulnerabilities

D-Link DIR-505 1.06 - Multiple Vulnerabilities Multiple vulnerabilities on D-Link Dir-505 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link Dir-505 devices Discovery date: 05/04/2013 Release date: 09/09/2013 Credits: Alessand...

Android FTP Server 1.2 Privilege Escalation

Remote access to Android ftp server 1.2 configuration file allows login as admin Date: 9/7/2013 Author: Larry W. Cashdollar, @larry0 Download: http://www.amazon.com/888bid-com-Android-FTP-Server/dp/B00COVVAZM/ref=sr11?s=mobile-apps Description: "Transfer files between Android devices and computer...

Fedora 19 : ssmtp-2.64-9.fc19 (2013-15049)

Use a corrected patch to validate server certificates Removes world read access from the configuration file thus prohibiting reading of password stored inside it. Removes world read access from the configuration file thus prohibiting reading of password stored inside it. Note that Tenable Network...

Fedora 18 : ssmtp-2.64-9.fc18 (2013-15036)

Use a corrected patch to validate server certificates Removes world read access from the configuration file thus prohibiting reading of password stored inside it. Removes world read access from the configuration file thus prohibiting reading of password stored inside it. Note that Tenable Network...

Multiple NetGear ProSafe Switches Information Disclosure Vulnerability

Multiple NetGear ProSafe switches are prone to an information- disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

CentOS Update for sos CESA-2013:1121 centos5

Check for the Version of sos OpenVAS Vulnerability Test CentOS Update for sos CESA-2013:1121 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)

The sosreport utility collected the Kickstart configuration file '/root /anaconda-ks.cfg', but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain th...

Old ASPCMS version of the Spike to get SHELL vulnerability-vulnerability warning-the black bar safety net

Find a background that... Then /admin/system/AspCmsSiteSetting. asp? action=saves Direct POST runMode=1&siteMode=1&siteHelp=%B1%BE%CD%F8%D5%BE%D2%F2%B3%CC%D0%F2%C9%FD%BC%B6%B9%D8%B1%D5%D6%D0&SwitchComments=1&SwitchCommentsStatus=1&switchFaq=0:Y=requestchr3...

PT-2013-46: Local File Include in Nagios Looking Glass

The specialists of the Positive Research center have detected a Local File Include vulnerability in Nagios Looking Glass. Application don't validates input data. That allows attackers to read config file. To exploit this vulnerability remote attacker shouldn't have privileges in Nagios Looking...

struts2 latest vulnerability S2-0 1 6, S2-0 1 7 patch programme-vulnerability warning-the black bar safety net

Yesterday struts2 blast a good deal of vulnerability, with know Brother words to say is:“this afternoon the whole Chinese hacking ring like mad started to use this exploit black site, everyone can feel it.” See under the clouds the two days of data: ! Related reports: The disaster: the Chinese...

Oracle Linux 4 : mysql (ELSA-2010-0110)

From Red Hat Security Advisory 2010:0110 : Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL...

Cherry enterprise cms V3. 1 SQL injection and arbitrary administrator account password change. Delete-bug warning-the black bar safety net

Cherry enterprise website management system V3. 1 SQL injectionand any administrator account password to modify. Delete vulnerability Program download address: http://down.chinaz.com/soft/31227.htm Vulnerability file: newscategory. asp Set rs = server. CreateObject"adodb. recordset" sql ="select...

Static HTTP Server 1.0 - Local Overflow (SEH)

Static HTTP Server 1.0 - Local Overflow SEH !/usr/bin/env python import os TitleStatic HTTP Server SEH Overflow - HTTP Config - httptiplist Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy, Security Analyst @ Independent Security Evaluators...

Static HTTP Server 1.0 - Local Overflow (SEH)

!/usr/bin/env python import os TitleStatic HTTP Server SEH Overflow - HTTP Config - httptiplist Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy, Security Analyst @ Independent Security Evaluators Exploit/Advisoryhttp://infosec42.blogspot.com/ SoftwareStatic HTTP Serve...

Buffer overflow

Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDSPLUGINNAME string in a plug-in configuration file...