Design/Logic Flaw

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event...

CVE-2012-3486

Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event...

CVE-2012-3486

CVE-2012-3486 affects Tunnelblick (3.3beta20 and earlier). Local users can gain privileges through an OpenVPN config that triggers execution of a script on an OpenVPN event. Root cause is the configuration allowing script execution by event, enabling local privilege escalation. The provided docum...

Zend Framework Information Disclosure

Vulnerability: Zend Framework SQL Configuration-File disclosure - + Author: W4n73d openforceatlivedotcom - - + Vendor: framework.zend.com + Version: 1.x.x - - + PoC: www.whatever.br/application/configs/application.ini - + EX: // params.username = "root" params.password = "myleetpass" // - + Date:...

CVE-2011-5108

Cross-site scripting XSS vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

FreeBSD : rssh -- configuration restrictions bypass (a4598875-ec91-11e1-8bd8-0022156e8794)

Derek Martin rssh maintainer reports : John Barber reported a problem where, if the system administrator misconfigures rssh by providing too few access bits in the configuration file, the user will be given default permissions scp to the entire system, potentially circumventing any configured...

Ubuntu Update for libconfig-inifiles-perl USN-1543-1

Ubuntu Update for Linux kernel vulnerabilities USN-1543-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for libconfig-inifiles-perl USN-1543-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

Atmail Email Server WebAdmin Control Panel dbconfig.ini Information Disclosure

The remote web server hosts a version of Atmail Webmail that fails to properly restrict access to its database configuration file. A remote, unauthenticated attacker could obtain database connection information and then leverage this data to assist in further attacks. %NASLMINLEVEL 70300 C Tenabl...

Scientific Linux Security Update : mysql on SL4.x i386/x86_64

CVE-2008-4098 mysql: incomplete upstream fix for CVE-2008-2079 CVE-2008-4456 mysql: mysql command line client XSS flaw CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances crash CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098 Multiple flaw...

Scientific Linux Security Update : exim on SL4.x, SL5.x i386/x86_64

A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the 'exim' user, they could cause Exim to execute arbitrary commands as the root user. CVE-2010-4345 This update adds a new configuration file, '/etc/exim/trusted-configs'. To prevent Exim from running...

Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64

Ivan Markovic discovered a cross-site scripting XSS flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially crafted HTML mail or attachment that could cause a user's Web browser to execute a malicious script in the context of the SquirrelMail...

Scientific Linux Security Update : brltty on SL5.x i386/x86_64

It was discovered that a brltty library had an insecure relative RPATH runtime library search path set in the ELF Executable and Linking Format header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with...

Scientific Linux Security Update : mysql on SL5.x i386/x86_64

CVE-2009-4019 mysql: DoS crash when comparing GIS items from subquery and when handling subqueires in WHERE and assigning a SELECT result to a @variable CVE-2009-4028 mysql: client SSL certificate verification flaw CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098 It was...

CentOS Update for exim CESA-2011:0153 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for exim CESA-2011:0153 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure

Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail : [email protected] Website : http://0c0c0c0c.com Vendor : http://atmail.com...

vivi thief program the backstage management system background to take the shell with the breakthrough in License verification-vulnerability and early warning-the black bar safety net

A brief introduction about this program this program is a thief program, that is no database there is no so-calledsql injection. Then the administrator account password of all plaintext storage in /admin/data.php inside. The default background path:/admin/index.php Default account password: admin...

Anhui business network built Station system arbitrary file read vulnerability-vulnerability warning-the black bar safety net

Vulnerability file in the background file management: other/files.php Read the configuration file http://www.xxx.com/admin/other/files.php?edit=../../config.inc.php&copt=2 Read the linux system's account information http://www.xxx.com/admin/other/files.php?edit=../../../../../etc/passwd&copt=2...

CVE-2012-2664

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

Default credentials

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...