Moderate: Red Hat Security Advisory: sudo security update

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

sudo security update

1.7.2p1-29 - added patch for CVE-2014-0106: certain environment variables not sanitized when envreset is disabled Resolves: rhbz1072210...

GLSA-201402-18 : GNU Midnight Commander: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201402-18 GNU Midnight Commander: User-assisted execution of arbitrary code GNU Midnight Commander does not properly sanitize environment variables. Impact : A remote attacker could entice a user to open a specially crafted archiv...

GNU Midnight Commander: User-assisted execution of arbitrary code

Background GNU Midnight Commander is a text based file manager. Description GNU Midnight Commander does not properly sanitize environment variables. Impact A remote attacker could entice a user to open a specially crafted archive file using GNU Midnight Commander, possibly resulting in execution ...

Printer Environment Variables Scanner

This module scans for printer environment variables using the Printer Job Language PJL protocol. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule "Printer Environment...

CVE-2013-4400

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments...

CVE-2013-4400

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments...

CVE-2013-4400

CVE-2013-4400 affects libvirt up to 1.1.3 (1.1.2–1.1.3). Local users can overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments in virt-login-shell. Public references in multiple advisories confirm affected versions and a need to upg...

CVE-2013-4400

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments...

Android su applications privilege escalation

Unsafe environment variables and file descriptors usage...

Superuser unsanitized environment vulnerability on Android <= 4.2.x

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner: - ChainsDD Superuser current releases, including v3.1.3 - CyanogenMod/ClockWorkMod/Koush Superuser current releases,...

php: PG(magic_quote_gpc) was not restored on shutdown

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

PHP < 5.3.11 Multiple Vulnerabilities

Binary data 6995.prm...

Scanner Env. Variables Setup

Binary data setup.nbin...

[Process PEB Finder] Tool to find and display PEB Address of running Processes

Process PEB Finder is the console based tool to find and display PEB Address of running Processes on your system. PEB Process Environment Block is the part of Process memory where is stores important information including loaded modules, startup paramenters, environment variables, debug informati...

[MSF-Installer] Script to Automate Metasploit Framework Installation

Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of...

CVE-2013-0132

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...

CentOS Update for openssl CESA-2013:0587 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20130304)

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a paddi...

RedHat Update for openssl RHSA-2013:0587-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...