97 matches found
Code injection
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors...
CVE-2016-2787
CVE-2016-2787 affects Puppet Enterprise 2015.x (specifically 2015.3.x before 2015.3.3). The vulnerability arises from improper validation of broker node certificates in the Puppet Communications Protocol, enabling remote non-whitelisted hosts to prevent Puppet runs via unspecified vectors. The li...
[SECURITY] Fedora 21 Update: mailx-12.5-14.fc21
Mailx is an enhanced mail command, which provides the functionality of the POSIX mailx command, as well as SysV mail and Berkeley Mail from which it is derived. Additionally to the POSIX features, mailx can work with Maildir/ e-mail storage format as well as mailboxes, supports IMAP, POP3 and SMT...
DLA-108-1 nfs-utils - security update
Bulletin has no description...
ansible -- multiple vulnerabilities
Ansible, Inc. reports: Arbitrary execution from data from compromised remote hosts or local data when using a legacy Ansible syntax - resolved in Ansible 1.7 ansible-galaxy command when used on local tarballs and not galaxy.ansible.com can install a malformed tarball if so provided - resolved in...
Acme.Serve 1.7 - Arbitrary File Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2809/info Acme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer. Acme.Serve 1.7 comes with a webserver...
Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
No description provided by source. / m00-apache-w00t.c Apache 1.3.-2.0.48 remote users disclosure exploit by m00 Security. Proof-of-Concept edition This tool scans remote hosts with httpd apache and disclosure information about existens users accounts via wrong default configuration of moduserdir...
[Cisco Torch] Mass Scanning, Fingerprinting, and Exploitation Tool
Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the tools availalbe on the market could not meet our needs. The main feature that makes Cisco-torch different from similar tools is the...
Foxit Reader Plugin URL Processing Buffer Overflow
This module exploits a vulnerability in the Foxit Reader Plugin, it exists in the npFoxitReaderPlugin.dll module. When loading PDF files from remote hosts, overly long query strings within URLs can cause a stack-based buffer overflow, which can be exploited to execute arbitrary code. This exploit...
[SECURITY] Fedora 18 Update: usbredir-0.5-1.fc18
The usbredir libraries allow USB devices to be used on remote and/or virtual hosts over TCP. The following libraries are provided: usbredirparser: A library containing the parser for the usbredir protocol usbredirhost: A library implementing the USB host side of a usbredir connection. All that an...
DEBIAN-CVE-2010-1224
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow...
GLSA-200702-09 : Nexuiz: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200702-09 Nexuiz: Multiple vulnerabilities Nexuiz fails to correctly validate input within 'clientcommands'. There is also a failure to correctly handle connection attempts from remote hosts. Impact : Using a specially crafted...
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
Binary data 3234.prm...
Kerberos configuration
This plugin lets a user enter information about the Kerberos server that will be queried by some scripts SMB and SSH to log into the remote hosts. TRUSTED...
mDNS Detection (Remote Network)
The remote service understands the Bonjour also known as ZeroConf or mDNS protocol, which allows anyone to uncover information from the remote host such as its operating system type and exact version, its hostname, and the list of services it is running. This plugin attempts to discover mDNS used...
Solaris 2.x /usr/sbin/wall Advisory
Affected Operating Systems: Solaris 2.x-9 Possibly others derived from AT&T source code. Affected Program: /usr/sbin/wall Synopsis: Wall is a setgid tty program that broadcasts a message to every user currently logged into the system. It can also receive messages from remote hosts, via RPC...
CVE-2002-0378
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts...