CVE-2014-4701

The checkdhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702...

CVE-2014-4702

The checkicmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701...

CVE-2014-4701

The CVE-2014-4701 entry concerns the Nagios Plugins check_dhcp plugin (pre-2.0.2) exposing sensitive INI-file data via the extra-opts flag. Connected SUSE advisories confirm the module as the affected component and note an associated vulnerability progression (CVE-2014-4703) describing a symlink-...

CVE-2014-4701

The checkdhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702...

ARRIS VAP2500 Management Portal Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of access to the management portal. The issue lies in the failure to restri...

CVE-2014-8425

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files...

Design/Logic Flaw

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files...

CVE-2014-8425

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files...

EUVD-2014-8262

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files...

ARRIS VAP2500 Management Portal Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of access to the management portal. The issue lies in the failure to restri...

Sparty - MS Sharepoint and Frontpage Auditing Tool

Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the...

UNIX Gather Remmina Credentials

Post module to obtain credentials saved for RDP and VNC from Remmina's configuration files. These are encrypted with 3DES using a 256-bit key generated by Remmina which is by design stored in relatively plain text in a file that must be properly protected. This module requires Metasploit:...

Factlink: File name/folder enumeration.

Hello, an attacker may be able to map your server and find configuration file names by the following method: Valid attempt Not found: https://staging.factlink.com/%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd Invalid attempt 404...

CentOS 6 : augeas (CESA-2013:1537)

Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

RHEL 6 : rhevm-reports 3.3.3 (RHSA-2014:0558)

An updated rhevm-reports package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

Ultra Electronics SSL VPN 7.2.0.19 / 7.4.0.7 SQL Injection / Directory Creation

Ultra Electronics SSL VPN versions 7.2.0.19 and 7.4.0.7 suffer from directory creation and remote SQL injection vulnerabilities. Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities...

CVE-2014-5339

CVE-2014-5339 affects Check_MK 1.2.4p4 and 1.2.5i4 and prior, where an authenticated remote attacker could abuse row selections to write Check_MK configuration files (.mk) to arbitrary filesystem locations due to an insecure handling path. Affected products/versions in public advisories align wit...

Linux Gather NetworkManager 802-11-Wireless-Security Credentials

This module collects 802-11-Wireless-Security credentials such as Access-Point name and Pre-Shared-Key from Linux NetworkManager connection configuration files. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Systemback - Simple system backup and restore application with extra features

Systemback makes it easy to create backups of system and users configuration files. In case of problems you can easily restore the previous state of the system. There are extra features like system copying, system installation and Live system creation. Download Systemback...

Taylor UUCP 1.0.6 Argument Handling Privilege Elevation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3312/info Taylor UUCP is an implementation of the UUCP package written originally by Ian Lance Taylor. A problem has been discovered in Taylor UUCP that makes it possible for local users to gain elevated privileges. The...