4773 matches found
USN-2916-1: Perl vulnerabilities
It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-7422 Markus Vervier discovered that Perl incorrectly...
CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
UBUNTU-CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
htop 2.0 - An Interactive Process Viewer for Unix
htop is an interactive system-monitor process-viewer. It is designed as an alternative to the Unix program top. It shows a frequently updated list of the processes running on a computer, normally ordered by the amount of CPU usage. Unlike top, htop provides a full list of processes running, inste...
[SECURITY] [DLA 399-1] foomatic-filters security update
Package : foomatic-filters Version : 4.0.5-6+squeeze2+deb6u13 CVE ID : not yet assigned cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers strcpy as well on string concatenation operations strcat...
DLA-399-1 foomatic-filters - security update
Bulletin has no description...
Phpsploit - Stealth Post-Exploitation Framework
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...
CVE-2014-4876
Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138...
CVE-2014-4876
CVE-2014-4876 affects Toshiba 4690 OS (version 6 Release 3) where the ADXSITCF logical name is not properly restricted. A remote, unauthenticated client can read system environment variables by sending a crafted request to TCP port 54138, enabling information disclosure. The vulnerability is desc...
Scientific Linux Security Update : autofs on SL7.x x86_64 (20151119)
It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note: This...
Medium: autofs
Issue Overview: It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system...
Cisco Cloud Services Router 1000V Command Injection Vulnerability
Cisco IOS on Cloud Services Router CSR 1000V is a Cisco operating system that runs on the Cisco 1000V family of cloud services routers. A security vulnerability exists in the publish-event event-manager feature of Cisco IOS Release 15.52S and Release 15.53S on Cisco CSR 1000V devices. A local...
CentOS 7 : autofs (CESA-2015:2417)
Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
autofs security update
CentOS Errata and Security Advisory CESA-2015:2417 Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...
Imgur: Imgur dev environments facing the Internet
A security group configuration error allowed Imgur development environments to face the public internet. Typically these environments were protected behind a special endpoint which would open access to authenticated Imgur employees for a short time window. Since the development environments were...
autofs: priv escalation via interpreter load path for program based automount maps
It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system...
DSA-3355-2 libvdpau - regression update
Bulletin has no description...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
SUSE: Security Advisory for bash (SUSE-SU-2014:1212-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mac OS X rsh Environment Variables Privilege Elevation
Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...