(0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One ...

(0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One ...

Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to...

USN-1543-1: Config-IniFiles vulnerability

It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files...

Microsoft Windows Print Spooler CVE-2012-1851 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler service. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complete compromise of affected computers. Technologies Affected...

Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64

An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. CVE-2008-4690 Note: In these updated lynx...

Moderate: Red Hat Security Advisory: mod_cluster security update

Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CV...

DEBIAN-CVE-2012-2451

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...

Western Digital ShareSpace information leakage

It's possible to access configuration files via Web interface...

Code injection

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

CVE-2011-2709

CVE-2011-2709 affects libgssapi and libgssglue prior to 0.4, enabling a local user to load untrusted configuration files via the GSSAPI_MECH_CONF environment variable (demonstrated with mount.nfs). Connected advisories confirm vendor-provided patches exist (Ubuntu USN-1612-1; Mandriva MDVSA-2013:...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

CVE-2011-2709

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...

[SECURITY] Fedora 15 Update: perl-Config-IniFiles-2.72-1.fc15

Config::IniFiles provides a way to have readable configuration files outside your Perl script. Configurations can be imported inherited, stacked,..., sections can be grouped, and settings can be accessed from a tied hash...

Fedora Update for perl-Config-IniFiles FEDORA-2012-7777

Check for the Version of perl-Config-IniFiles OpenVAS Vulnerability Test Fedora Update for perl-Config-IniFiles FEDORA-2012-7777 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Moderate: Red Hat Security Advisory: ImageMagick security update

Updated ImageMagick packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

Specially crafted webdav request allows reading of local files on liferay 6.0.x

Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these ba...

Liferay 6.0.x - WebDAV File Reading

Liferay 6.0.x - WebDAV File Reading Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from...

Liferay 6.0.x - WebDAV File Reading

Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these ba...