2865 matches found
Digital Unix 4.0 MSGCHK MH_PROFILE Symbolic Link Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3320/info The msgchk utility under certain versions of Digital Unix contains an information disclosure vulnerability which could yield root privilege. Because msgchk fails to check file permissions before opening user...
BSD lpr 0.54 -4 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitrary commands...
The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 Arbitrary File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a...
Mike Bobbitt Album.PL 0.61 Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7444/info A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. The precise technical details of this vulnerability are...
News Evolution 1.0/2.0 Include Undefined Variable Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6260/info News Evolution is a freely available, open source news software package. It is written in PHP, and designed for use on Unix and Linux operating systems. The problem occurs in the affnews.php file. By loading thi...
Fusebox 4.1 Index.CFM Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14460/info Fusebox is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
Liferay 6.0.x Webdav File Reading Vulnerability
No description provided by source. Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from ...
Netscape Enterprise Server 3.51/3.6 JHTML View Source Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/559/info Netscape Enterprise Server 3.51 and above includes a search engine by default. The results it generates can be tailored using various configuration files, and one of the options is whether or not the full text of...
Nuked-Klan 1.x Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/10104/info Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an SQL...
openSUSE Security Update : icinga nagios-rpm-macros (openSUSE-SU-2012:1123-1)
This update fixes the following issues for icinga and nagios-rpm-macros: icinga : - reverted icinga home directory change - added missing dependency to the new recurring downtimes plugin - added a new package which provides the recurring downtimes scripts from contrib...
CVE-2009-5023
The 1 dshield.conf, 2 mail-buffered.conf, 3 mynetwatchman.conf, and 4 mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt...
CVE-2009-5023
The 1 dshield.conf, 2 mail-buffered.conf, 3 mynetwatchman.conf, and 4 mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt...
OWASP OWTF – Offensive (Web) Testing Framework
The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call "tool X", parsing results of "tool X" manually to feed "tool Y", etc. By reducing this burden I hope pen testers will have more time to: See the big pictur...
CVE-2014-0201
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package rhevm-reports before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files...
Design/Logic Flaw
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package rhevm-reports before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files...
PT-2014-3531 · Ovirt · Ovirt Engine Reports
Name of the Vulnerable Software and Affected Versions: ovirt-engine-reports versions prior to 3.3.3 Description: The issue allows local users to obtain sensitive information by reading configuration files due to world-readable permissions. Recommendations: For versions prior to 3.3.3, update to...
ovirt-engine-reports: various configuration files are world-readable
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package rhevm-reports before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files...
Low: Red Hat Security Advisory: rhevm-reports 3.3.3 security and bug fix update
An updated rhevm-reports package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...
CVE-2014-2349
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program...
Design/Logic Flaw
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges...