Lucene search
K

4775 matches found

Debian
Debian
added 2017/11/07 10:22 p.m.28 views

[SECURITY] [DSA 4023-1] slurm-llnl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...

7.2CVSS1.5AI score0.00578EPSS
Exploits0
Kitploit
Kitploit
added 2017/10/10 2:13 p.m.79 views

OSXAuditor - Free Mac OS X Computer Forensics Tool

OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system a...

6.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/10/09 12:0 a.m.21 views

GLSA-201710-07 : OCaml: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201710-07 OCaml: Privilege escalation A bad sanitization of environment variables: CAMLCPLUGINS, CAMLNATIVECPLUGINS and CAMLBYTECPLUGINS in the OCaml compiler allows the execution of raised privileges via external code. Impact : A...

10CVSS8.3AI score0.03496EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2017/10/08 12:0 a.m.68 views

OCaml: Privilege escalation

Background OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. Description A bad sanitization of environment variables: CAMLCPLUGINS, CAMLNATIVECPLUGINS and CAMLBYTECPLUGINS in the OCaml compiler allows the execution of rais...

10CVSS6.7AI score0.03496EPSS
Exploits0
Veracode
Veracode
added 2017/09/07 10:24 a.m.13 views

HTTPoxy Vulnerability

composer/composer is vulnerable to the HTTPoxy vulnerability. The vulnerability exists because the library trusts the HTTPPROXY environment variable, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in use...

6.6AI score
Exploits0
Veracode
Veracode
added 2017/08/22 7:38 a.m.8 views

Leakage Of Environment Variables

gitPython is vulnerable to the leakage of environment variables. The leakage happens through error messages because it does not use the unsafe variable in the expandpath method. The unsafe variable should be set to False to prevent this. However, the variable is set to True by default...

6.6AI score
Exploits0
Prion
Prion
added 2017/08/17 8:29 p.m.14 views

Code injection

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

4.6CVSS5.8AI score0.00345EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/08/17 8:29 p.m.3 views

CVE-2017-6775

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

5.7CVSS5.8AI score
Exploits0References3
Cisco
Cisco
added 2017/08/16 4:0 p.m.36 views

Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

5.7CVSS5.8AI score0.00345EPSS
Exploits0References1
Node.js
Node.js
added 2017/08/09 12:0 a.m.40 views

Hijacked Environment Variables

Overview The cross-env.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

5CVSS4.7AI score0.01286EPSS
Exploits0Affected Software1
myhack58
myhack58
added 2017/08/09 12:0 a.m.51 views

See my how-to the Apache fuzzing and dig to a value of 1500 knife of vulnerability-vulnerability warning-the black bar safety net

Target In the AFL in the view of the Apache httpd server's crash logs, I found a lot of problems. For example, some crash testing with example in fuzz testing tools internal collapse, but also affect the test program stability. In this article, I will talk to you to explain the test case to crash...

7.8AI score
Exploits0
Node.js
Node.js
added 2017/08/08 11:59 p.m.30 views

Hijacked Environment Variables

Overview The nodesass package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securi...

5CVSS4.4AI score0.01123EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/08/08 11:59 p.m.32 views

Hijacked Environment Variables

Overview The smb package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

5CVSS4.5AI score0.01123EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/08/08 11:58 p.m.38 views

Hijacked Environment Variables

Overview The mongose package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securit...

5CVSS4.6AI score0.01239EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2017/08/08 11:57 p.m.48 views

Hijacked Environment Variables

Overview The proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securi...

5CVSS4.7AI score0.01123EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/08/08 11:56 p.m.37 views

Hijacked Environment Variables

Overview The http-proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

5CVSS4.7AI score0.01177EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/08/08 11:46 p.m.34 views

Hijacked Environment Variables

Overview The crossenv package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securi...

5CVSS4.5AI score0.01177EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/08/08 11:41 p.m.40 views

Hijacked Environment Variables

Overview The noderequest package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

5CVSS4.4AI score0.01123EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/08/08 11:40 p.m.47 views

Hijacked Environment Variables

Overview The nodemailer.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

5CVSS4.7AI score0.01177EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2017/08/08 11:35 p.m.45 views

Hijacked Environment Variables

Overview The nodemailer-js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...

5CVSS4.7AI score0.01123EPSS
Exploits0Affected Software1
Rows per page
Query Builder