CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

SimplyEmail - Email Recon Made Fast And Easy, With A Framework To Build On

What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt wa...

Novell openSUSE dracut Package Symbolic Link Vulnerability

Novell openSUSE is a set of free Linux-based operating systems from the American company Novell. A security vulnerability in the modules.d/90crypt/module-setup.sh file in Novell openSUSE's dracut allows a local attacker to corrupt system files via a symbolic link attack in /tmp/dracutblockuuid.ma...

ResourceSpace Native PHP File Inclusion Vulnerability

ResourceSpace is an open source digital asset management solution. ResourceSpace has a local PHP file inclusion vulnerability. Due to the "defaultlanguage" HTTP GET parameter received from the user to include PHP files using the "include" PHP function before the "/pages/setup.php" script lack of...

kexec-tools: insecure use of /tmp/*$$* filenames

It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files...

Local PHP File Inclusion in ResourceSpace

High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise vulnerable web application and even entire web server on which the application is hosted. The vulnerability exists due to...

PT-2015-4553 · Red Hat +2 · Kexec-Tools +3

Name of the Vulnerable Software and Affected Versions: kexec-tools versions prior to 2.0.7-19 Description: The issue allows local users to write to arbitrary files via a symlink attack on a temporary file. This is related to the Red Hat module-setup.sh script for kexec-tools in Red Hat Enterprise...

Design/Logic Flaw

The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports rhevm-reports package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file...

CVE-2011-3196

The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...

Design/Logic Flaw

The setup script in Domain Technologie Control DTC before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file...

CVE-2011-3196

The CVE-2011-3196 issue affects Domain Technologie Control (DTC) prior to version 0.34.1. The root cause is world-readable permissions on /etc/apache2/apache2.conf, which allowed local users to read a configuration file and obtain the dtcdaemons MySQL password. Impact was local, with confidential...

CVE-2012-4086

CVE-2012-4086 affects Cisco Unified Computing System (UCS) fabric interconnect devices. The issue resides in the initial setup script, where unfiltered input during configuration can be exploited by an unauthenticated, remote attacker to execute arbitrary commands on the underlying OS with the da...

VulnCheck KEV: CVE-2009-1151

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Security Onion LiveDVD - Intrusion Detection for your Network !

Security Onion LiveDVD - Intrusion Detection for your Network ! The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. Changelog: All Xubuntu 10.04 updates as of release date. Snort updated to 2.9.0.3. Suricat...

CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

DEBIAN-CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

Cross site scripting

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...