SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1450-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1446-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

CVE-2016-6450

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE...

CVE-2014-1875

The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file...

Generic HTTP Directory Traversal Utility

This module allows you to test if a web server or web application is vulnerable to directory traversal with three different actions. The 'CHECK' action default is used to automatically or manually find if directory traversal exists in the web server, and then return the path that triggers the...

FreeBSD : puppet -- Multiple Vulnerabilities (607d2108-a0e4-423a-bf78-846f2a8f01b0)

Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

HP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities

No description provided by source. Advisory: ///////// There is another remotely exploitable flaw within software preinstalled in HP notebook machines. This time, the culprit is automatic software update tool provided by the vendor.The Potential exploitation may lead ...

Fedora Core 1 : rsync-2.5.7-5.fc1 (2004-116)

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's 'path', depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a...

Дырка в cvsweb

Атакующий, имеющий права на запись файлов может выполнить приложения...

rlogin Service Detection

The rlogin service is running on the remote host. This service is vulnerable since data is passed between the rlogin client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If th...

rsh Service Detection

The rsh service is running on the remote host. This service is vulnerable since data is passed between the rsh client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host...