Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL6.x i386/x86_64 (20160621)

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. Security Fixes : - Shell command injection...

setroubleshoot security update

CentOS Errata and Security Advisory CESA-2016:1293 An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base scor...

RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1267-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for setroubleshoot-plugins CESA-2016:1267 centos6

Check the version of setroubleshoot-plugins SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 6 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1267)

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...

Important: Red Hat Security Advisory: setroubleshoot and setroubleshoot-plugins security update

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4445

A shell command injection flaw was found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4444

A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4446

A shell command injection flaw was found in the way the setroubleshoot allowexecstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4989

Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges...

iSQL 1.0 Shell Command Injection

!/bin/ruby Exploit Title: iSQLRL 1.0 - Shell Command Injection Date: 2016-06-13 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/roselone/iSQL Software Link: https://github.com/roselone/iSQL/archive/master.zip Version: 1.0 Tested on: Debian wheezy CVE...

iSQL 1.0 - Shell Command Injection

Exploit for linux platform in category local exploits !/bin/ruby Exploit Title: iSQLRL 1.0 - Shell Command Injection Date: 2016-06-13 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/roselone/iSQL Software Link:...

DLA-488-1 xymon - security update

Bulletin has no description...

Updated xymon packages fix security vulnerabilities

Updated xymon packages fix security vulnerabilities: The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service via application crash or remote code execution CVE-2016-2054. The incorrect handling of user-supplie...

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection

Exploit for linux platform in category local exploits CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...

ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities

Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9 released 2016-04-30...

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9...

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...