1764 matches found
CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
CVE-2015-3408
CVE-2015-3408 affects Module::Signature (Perl). The vulnerability arises from how a crafted SIGNATURE file is handled when generating checksums from the signed manifest, allowing remote code execution. Affected: Module::Signature prior to 0.74. Consequences: arbitrary shell commands executed duri...
[SECURITY] [DSA 3261-1] libmodule-signature-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3261-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 15, 2015 http://www.debian.org/security/faq -...
Ubuntu 14.04 LTS : Module::Signature vulnerabilities (USN-2607-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2607-1 advisory. John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick...
USN-2607-1: Module::Signature vulnerabilities
John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. CVE-2015-3406 John Lightsey discovered that...
Mandriva Linux Security Advisory : perl-Module-Signature (MDVSA-2015:207)
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey : Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying...
CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
Fedora 20 : perl-Module-Signature-0.78-1.fc20 / perl-Test-Signature-1.11-1.fc20 (2015-5840)
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...
Updated perl-Module-Signature packages fix security vulnerabilities
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...
CVE-2015-1842
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...
Default credentials
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...
CVE-2015-1842
CVE-2015-1842 relates to Red Hat OpenStack modules where the puppet manifests in the openstack-puppet-modules package were configured with a known default password for the pcsd daemon (CHANGEME). If this password is not changed and an attacker can access pcsd remotely, they could execute arbitrar...
Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation
Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation setroubleshoot tries to find out which rpm a particular file belongs to when it finds SELinux access violation reports. The idea is probably to have convenient reports for the admin which type enforcement rules have to be relaxed...
Debian DLA-113-1 : bsd-mailx security update
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...
Cisco Collaboration Desk Experience Endpoints Command Injection Vulnerability
A vulnerability in the image upgrade facility of Cisco Collaboration Desk Experience DX Series endpoints could allow an authenticated, local attacker to execute commands in the context of the underlying operating system. The vulnerability is due to insufficient sanitization of input during the...
CVE-2015-1427
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...
Design/Logic Flaw
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...
CVE-2015-1427
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...
CVE-2015-1427
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...