326 matches found
CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
NLnet Labs Unbound 注入漏洞
Unbound is a DNS resolver that supports validation, recursion, and caching features. A configuration injection vulnerability exists in createunboundadservers.sh in versions of Unbound prior to 1.9.5. A man-in-the-middle attacker can exploit this vulnerability to inject configuration via a plainte...
PT-2019-6283 · Nlnet +5 · Unbound +5
Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to impact data integrity. This can occur upon a successful...
CVE-2018-20885
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
CVE-2018-20885
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
Command injection
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
CVE-2018-20885
CVE-2018-20885 affects cPanel prior to 74.0.0 and is caused by Apache HTTP Server configuration injection due to DocumentRoot variable interpolation (SEC-416). The available documents identify the affected product version and the vulnerability class but do not provide details on exploitation atte...
CVE-2018-20885
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
CVE-2019-12303
In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...
[ASA-201807-13] networkmanager-vpnc: privilege escalation
Arch Linux Security Advisory ASA-201807-13 ========================================== Severity: High Date : 2018-07-20 CVE-ID : CVE-2018-10900 Package : networkmanager-vpnc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-739 Summary ======= The package...
ALPINE-CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
Kaspersky Secure Mail Gateway Configuration File Injection Vulnerability
Kaspersky Secure Mail Gateway is an email security solution from Russia's Kaspersky Lab. The program is able to automatically filter spam, phishing sites and various malicious attachments. A security vulnerability exists in Kaspersky Secure Mail Gateway version 1.1. An attacker can exploit the...
DEBIAN-CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...
UBUNTU-CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...
CVE-2017-15093
CVE-2017-15093 affects PowerDNS Recursor (4.x up to 4.0.6 and 3.x up to 3.7.4). An authenticated user can modify the Recursor’s ACL by adding/removing netmasks and configure forward zones when api-config-dir is non-empty. The root cause is insufficient validation of the new netmask and IP address...
CVE-2017-5187
A Cross-Site Request Forgery CWE-352 vulnerability in Directory Server aka Enterprise Server Administration web UI in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to...
realmd: untrusted data is used when configuring sssd.conf and/or smb.conf
A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response...
CVE-2015-2704
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...
PHP4DVD 2.0 Code Injection
Exploit Title : PHP4DVD PHP Code Injection Date : 31 May 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://php4dvd.sourceforge.net/ Software Link : http://downloads.sourceforge.net/project/php4dvd/php4dvd-2.0.zip Version : 2.0 Tested on : Window and Linux...