2867 matches found
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
Atlassian Confluence Server 5.8.x < 5.8.17 Multiple Vulnerabilities
Binary data 9647.prm...
Important: Red Hat Security Advisory: mariadb-galera security update
An update for mariadb-galera is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
Important: Red Hat Security Advisory: mariadb-galera security update
An update for mariadb-galera is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
CVE-2016-6325
Removed by vendor...
F5 Vulnerabilities in the BIG-IP LTM System
F5 BIG-IP LTM is a local traffic manager from F5 USA. A security vulnerability exists in the F5 BIG-IP LTM system. A remote attacker could exploit this vulnerability to modify or extract system configuration files...
tomcat: tomcat writable config files allow privilege escalation
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...
Exagate WEBPack Management System - Multiple Vulnerabilities
Exploit for hardware platform in category remote exploits Document Title: ================ Exagate WEBpack Management System Multiple Vulnerabilities Author: ======== Halil Dalabasmaz Release Date: ============== 07 OCT 2016 Product & Service Introduction: ================================ WEBPack...
Exagate WEBPack Management System - Multiple Vulnerabilities
Exagate WEBPack Management System - Multiple Vulnerabilities Document Title: ================ Exagate WEBpack Management System Multiple Vulnerabilities Author: ======== Halil Dalabasmaz Release Date: ============== 07 OCT 2016 Product & Service Introduction: ================================...
Exagate WEBPack Management System - Multiple Vulnerabilities
Document Title: ================ Exagate WEBpack Management System Multiple Vulnerabilities Author: ======== Halil Dalabasmaz Release Date: ============== 07 OCT 2016 Product & Service Introduction: ================================ WEBPack is the individual built-in user-friendly and skilled web...
CVE-2016-5745
F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files vi...
CVE-2016-5745
F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files vi...
CVE-2016-5745
CVE-2016-5745 affects F5 BIG-IP NAT64 functionality. BIG-IP LTM devices using NAT64 are vulnerable to an unauthenticated remote attack that may modify or extract the system configuration. The issue is specific to NAT64-enabled virtual servers; no exploitation details are provided in the basic des...
Trane Tracer SC <= 4.2.1134 Information Exposure Vulnerability - Version Check
Trane Tracer SC is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2016-0870
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request...
Server side request forgery (ssrf)
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request...