Lucene search
K

4774 matches found

Veracode
Veracode
added 2017/04/04 4:22 a.m.38 views

Httpoxy Vulnerability Through CGI Servlet

web-core is vulnerable to a remotely exploitable vulnerability aka "httpoxy". The vulnerability exists when CGI Servlet is activated in the configuration by modifying the web.xml. It then allows the execution of a CGI script which may assign client request Proxy header values to internal HTTPPROX...

8.1CVSS6.8AI score0.50896EPSS
Exploits0References6Affected Software1
exploitpack
exploitpack
added 2017/04/02 12:0 a.m.15 views

Linux Kernel (PonyOS 4.0) - fluttershy LD_LIBRARY_PATH Local Privilege Escalation

Linux Kernel PonyOS 4.0 - fluttershy LDLIBRARYPATH Local Privilege Escalation !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/02 12:0 a.m.27 views

Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation

!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...

7.4AI score
Exploits0
NVD
NVD
added 2017/03/01 8:59 p.m.12 views

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

7CVSS8.1AI score0.00391EPSS
Exploits0References5
Prion
Prion
added 2017/03/01 8:59 p.m.11 views

Design/Logic Flaw

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

6.9CVSS6.9AI score0.00391EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2017/03/01 8:59 p.m.5 views

UBUNTU-CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

7CVSS7.1AI score0.00391EPSS
Exploits0References2
OSV
OSV
added 2017/03/01 8:59 p.m.17 views

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

7CVSS6.7AI score
Exploits0References5
OSV
OSV
added 2017/03/01 8:59 p.m.1 views

DEBIAN-CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

7CVSS7.1AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/03/01 8:0 p.m.16 views

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

8AI score0.00391EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2017/03/01 8:0 p.m.25 views

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

7CVSS8.2AI score0.00391EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/02/21 12:0 a.m.43 views

GLSA-201702-10 : NTFS-3G: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201702-10 NTFS-3G: Privilege escalation The NTFS-3G driver does not properly clear environment variables before invoking mount or umount. This flaw is similar to the vulnerability described in GLSA-201701-19 and GLSA-201603-04...

7.8CVSS7.5AI score0.02277EPSS
Exploits9References4
Gentoo Linux
Gentoo Linux
added 2017/02/19 12:0 a.m.50 views

NTFS-3G: Privilege escalation

Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description The NTFS-3G driver does not properly clear environment variables before invoking mount or umount. This flaw is similar to the vulnerability described in “GLSA-201701-19” and...

7.8CVSS7.8AI score0.02277EPSS
Exploits9
seebug.org
seebug.org
added 2017/02/16 12:0 a.m.22 views

RVM automatically loads environment variables from files in $PWD

RVM, by default, hooks cd and automatically detects the presence of certain files in the directory being changed to. These files and their mechanics are detailed at . The code that parses these files is available at look for the rvmloadprojectconfig function. The code, as of a vulnerable commit, ...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2017/02/16 12:0 a.m.30 views

RVM command injection when automatically loading environment variables from files in $PWD

RVM, by default, hooks cd and automatically detects the presence of certain files in the directory being changed to. These files and their mechanics are detailed at . The code that parses these files is available at look for the rvmloadprojectconfig function. The code, as of a vulnerable commit, ...

8.1AI score
Exploits0
OSV
OSV
added 2017/02/01 4:7 p.m.3 views

USN-3182-1 ntfs-3g vulnerability

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules...

7.8CVSS7.2AI score0.02277EPSS
Exploits9References2
Ubuntu
Ubuntu
added 2017/02/01 4:7 p.m.62 views

USN-3182-1: NTFS-3G vulnerability

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules...

7.8CVSS7.5AI score0.02277EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2017/01/23 1:17 a.m.22 views

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

6.9CVSS5.5AI score0.00391EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2017/01/23 12:0 a.m.17 views

CVE-2016-6660: Cloud Controller logs application environment variables | Cloud Foundry

CVE-2016-6660: Cloud Controller logs application environment variables Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry Release versions prior to 250 CAPI versions prior to 1.12.0 Description The Cloud Foundry Cloud Controller /v2/apps endpoint logs environment variables in...

6AI score
Exploits0
NVD
NVD
added 2017/01/19 8:59 p.m.25 views

CVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

8.4CVSS6.4AI score0.00576EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2017/01/19 8:59 p.m.0 views

CVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

8.4CVSS5.9AI score0.00576EPSS
Exploits0References15
Rows per page
Query Builder