CVE-2012-2389

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials...

Fedora 16 : hostapd-0.7.3-9.fc16 (2012-9206)

Remove hostapd-specific runtime state directory Fixup typo in pid file path in hostapd.service Fixup typo in configuration file path in hostapd.service Tighten-up default permissions for hostapd.conf CVE-2012-2389 Add BuildRequires for systemd-units Fixup typo in configuration file path in...

Fedora Update for xinetd FEDORA-2012-8041

Check for the Version of xinetd OpenVAS Vulnerability Test Fedora Update for xinetd FEDORA-2012-8041 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 17 Update: sudo-1.8.3p1-7.fc17

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution

source: https://www.securityfocus.com/bid/53310/info MySQLDumper is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the...

DEBIAN-CVE-2012-1902

showconfigerrors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file...

CVE-2012-1902

CVE-2012-1902 affects phpMyAdmin 3.4.x up to 3.4.10.2. When a configuration file is missing, the application exposes information via an error message that reveals the installation path, enabling potential information disclosure. Public references in the provided documents confirm a local path dis...

CVE-2012-1902

showconfigerrors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file...

CVE-2012-1902

showconfigerrors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file...

phpMyAdmin -- Path disclosure due to missing verification of file presence

The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...

OSClass directory traversal (leads to arbitrary file upload)

Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...

CVE-2012-0646

Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file...

Format string

Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file...

CVE-2012-0646

Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file...

Debian DSA-2426-1 : gimp - several vulnerabilities

Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. - CVE-2010-4540 Stack-based buffer overflow in the loadpresetresponse function in plug-ins/lighting/lighting-ui.c in the 'LIGHTING EFFECTS & LIGHT' plugin allows user-assisted remote attackers to cause a...

DSA-2426-1 gimp - several

Bulletin has no description...

CVE-2012-0364

Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...

Design/Logic Flaw

Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...

CVE-2012-0364

CVE-2012-0364 affects Cisco Small Business SRP 500 Series devices (SRP 520/520W-U/540) with firmware older than 1.1.26 or 1.2.4, where an unauthenticated remote attacker could upload a configuration file via an unspecified URL, potentially replacing device configurations. The Cisco Security Advis...

CVE-2012-0364

Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...