pam_krb5: Privilege escalation

Background pamkrb5 is a a Kerberos v5 PAM module. Description The following vulnerabilities were discovered: pamkrb5 does not properly initialize the Kerberos libraries for setuid use CVE-2009-0360. Derek Chan reported that calls to pamsetcred are not properly handled when running setuid...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-3 Announcement-ID: PMASA-2009-3 Date: 2009-03-24 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

CVE-2009-0887

Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with ...

CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...

CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...

CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors...

马克斯CMS2.0beta (maxcms)管理员认证绕过漏洞

maxcms后台有自动升级功能，ajax的那个注射被修补了，但是这个漏洞还是没有修补。在上一贴有同学问是否能绕过认证，答案是肯定的，但是前提是要知道后台目录地址 Sub checkPower dim loginValidate,rsObj : loginValidate = "maxcms2.0" err.clear on error resume next set rsObj=conn.db"select mrandom,mlevel from premanager where musername='"&rCookie"musername"&"'","execute"...

ea-gBook 0.1 Remote Command Execution with RFI (c99) Exploit

Exploit for unknown platform in category web applications ============================================================ ea-gBook 0.1 Remote Command Execution with RFI c99 Exploit ============================================================ !/usr/bin/perl ea-gBook 0.1 Remote Command Execution with...

RedHat Security Advisory RHSA-2009:0267

The remote host is missing updates announced in advisory RHSA-2009:0267. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in run as lists in the sudoe...

Fedora Core 10 FEDORA-2009-1074 (sudo)

The remote host is missing an update to sudo announced via advisory FEDORA-2009-1074. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2009-0489

CVE-2009-0489 – Wicd information disclosure . The DBus configuration file for Wicd (Linux network manager) allows arbitrary local users to own the org.wicd.daemon object, enabling them to receive messages intended for the Wicd daemon and potentially access credentials. Affected versions are Wicd ...

Max CMS2. 0beta (maxcms)administrator authentication bypass vulnerability-vulnerability warning-the black bar safety net

by flyh4t http://bbs.wolvez.org/ maxcms background have auto upgrade function, the ajax that the injection is patched, but the vulnerability still not patched. In the previous patch with classmates to see if they can bypass the authentication, the answer is Yes, but the premise is to know the...

Moderate: Red Hat Security Advisory: sudo security update

An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the ability to run...

[SECURITY] Fedora 10 Update: sudo-1.6.9p17-5.fc10

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

RedHat Security Advisory RHSA-2009:0205

The remote host is missing updates to Dovecot announced in advisory RHSA-2009:0205. A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. CVE-2008-4577 A password disclosu...

RHEL 5 : dovecot (RHSA-2009:0205)

An updated dovecot package that corrects two security flaws and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Dovecot is an IMAP server for Linux and UNIX-like systems, primarily writte...

Fhimage 1.2.1 Command Execution

!/usr/bin/perl ----------------------------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------------------------- Fhimage 1.2.1 http://www.flash-here.com/downloads/download.php?id=9 Remote...

Fhimage 1.2.1 - Remote Index Change

Fhimage 1.2.1 - Remote Index Change !/usr/bin/perl ----------------------------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------------------------- Fhimage 1.2.1...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that resolves various security issues is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is an easy-to-configure, standards-based, webmail packa...