Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image.

...

Quest Policy Authority For Unified Communications Cross-Site Scripting Vulnerability

Quest Policy Authority For Unified Communications is a software from Quest, Inc. that is used in corporate environments to consolidate communication data between various media text and instant messaging, video conferencing, email and voicemail. A cross-site scripting vulnerability exists in Quest...

Quest Software Policy Authority For Unified Communications 跨站脚本漏洞

Quest Policy Authority For Unified Communications is a software from Quest, Inc. that is used in corporate environments to consolidate communication data between various media text and instant messaging, video conferencing, email and voicemail. A cross-site scripting vulnerability exists in Quest...

PT-2020-20264

Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin versions prior to 1.9.4.5 Description: The InfiniteWP Client plugin for WordPress has a missing authorization check in the iwp mmb set request function within the init.php file. An attacker who knows an administrator'...

Bitmessage PyBitmessage Code Execution Vulnerability

Bitmessage PyBitmessage is a cryptographic decentralized communication protocol. Bitmessage PyBitmessage version 0.6.2 and commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 and later have a vulnerability in the src/messagetypes/init.py file's ' constructObject' function has a security vulnerability...

WordPress Loginizer Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability in the Blacklist and Whitelist IP Wizard in the WordPress Loginizer init.php file...

DEBIAN-CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...

GNU Emacs 22.1 Local Variable Handling Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26327/info Emacs is prone to a vulnerability that lets attackers execute arbitrary code. Due to a design error, the application ignores certain security settings and modifies local variables. By supplying a malicious file...

DEBIAN-CVE-2013-6441

The lxc-sshd template templates/lxc-sshd.in in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file...

CVE-2013-6441

The lxc-sshd template templates/lxc-sshd.in in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file...

Выполнение подзапросов и команд ОС в инъекциях SELECT под MySQL

We would like to open our blog notes on the practical implementation of the SQL-injections. And also we try to focus more attention on the practical aspects of web application security in the future. SQL injections are the most common server-side Web application vulnerabilities and meet almost...

QuickTalk 1.2 - Source Code Disclosure

QuickTalk 1.2 - Source Code Disclosure ======================================================================= QuickTalk v1.2 Source code disclosure Multiple Vulnerabilities =======================================================================...

PT-2007-6258 · Unknown · Myipacng-Stats

Name of the Vulnerable Software and Affected Versions: myIpacNG-stats MINGS version 0.05 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the MINGS BASE parameter. This is a remote file inclusion vulnerability in the init.php file. Note that this issue is...