2867 matches found
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
Vulnerability analysis cisco analysis tools-vulnerability warning-the black bar safety net
cisco Auditing: A small security audit tools, scanning Cisco router General vulnerabilities, such as default passwords, SNMP community strings and some of the old IOS bugs. CAT-h xx. xx. xx. xx. cisco-global-exploiter:cisco vulnerability penetration testing, there are 14 different vulnerabilities...
Earcms down.php suffers from arbitrary file download vulnerability
Ear Music Ear Music is an interface using Discuz backend style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. Earcms down.php arbitrary file download vulnerability. Allow...
TP-LINK TDDP Information Disclosure Vulnerability
TP-LINK TDDP is a device commissioning protocol. An information disclosure vulnerability exists in TP-LINK TDDP, which can be exploited to obtain web interface configuration files, including web login credentials...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
Remote Overflow Vulnerability in siemens 840D
siemens 840D is a CNC system under Siemens, with a wide range of application environments, including: packaging and printing industry, e.g. rotary cutting and positioning of food packaging, plastic and rubber industry, e.g. production line of plastic tableware, white goods industry, which can be...
Important: tomcat6, tomcat7, tomcat8
Issue Overview: It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...
Sparkjava Framework arbitrary file read vulnerability
Classpath Vuln Exploit the classpath based vulnerability with something like: curl "http:///....\spark\Spark.class" The number of ..\ you need in the path depends on where in the classpath the static file location is configured to be. If you don't have the right amount then you don't get anything...
Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 Multiple Vulnerabilities
Binary data 9723.pasl...
Oracle MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities
Binary data 9749.prm...
Oracle MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities
Binary data 9747.prm...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
CVE-2016-6794
It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
UNIX Gather AWS Keys
This module will attempt to read AWS configuration files .aws/config, .aws//credentials and .s3cfg for users discovered on the session'd system and extract AWS keys from within. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2016-6794
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for...
UBUNTU-CVE-2016-6794
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for...
Amazon Linux: Security Advisory (ALAS-2016-756)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: mariadb-galera security and bug fix update
An update for mariadb-galera is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...