353 matches found
CVE-2014-0023
CVE-2014-0023 affects Red Hat OpenShift. The OpenShift installation script contains a temporary file creation vulnerability that can lead to arbitrary code execution. The issue is documented across multiple sources (e.g., NVD, CNVD) as a temporary-file-related weakness enabling code execution, wi...
CVE-2014-0023
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution...
Libosinfo: osinfo-install-script option leaks password via command line argument
A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Indexhibit Reinstallation Vulnerability
Indexhibit is a content management system CMS. A security vulnerability exists in Indexhibit version 2.1.5. The vulnerability can be exploited by an attacker to execute code via /ndxzstudio/install.php?p=2...
EulerOS 2.0 SP5 : libosinfo (EulerOS-SA-2019-1888)
According to the version of the libosinfo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin...
WAES - Auto Enums Websites And Dumps Files As Result
Doing HTB or other CTFs enumeration against targets with HTTPS can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum proces...
Malicious Package
Overview All versions of anarchy contain malicious code. The package ran rm - rf / as an install script. Recommendation Remove the package from your environment. References GitHub Advisory...
Malicious Package
ali-contributor is a malicious package. The malicious package runs a pre-install script, load.js, that would upload system information to a remote server, and subsequently downloads and executes a file...
DEBIAN-CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line...
UBUNTU-CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line...
CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line...
CVE-2019-13313
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line...
PT-2019-13249 · Open Source +4 · Libosinfo +4
Name of the Vulnerable Software and Affected Versions: libosinfo version 1.5.0 Description: The issue allows local users to discover credentials by listing a process. This occurs because credentials are passed to osinfo-install-script via the command line. There is no information available about...
Malicious Package
froever is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...
Malicious Package
jqeury is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...
Malicious Package
logsymbles is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...
Malicious Package
require-ports is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...
Malicious Package
yeoman-genrator is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...