56 matches found
Microhard Systems IPn4G 安全漏洞
Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0, which stems from multiple authenticated remote code execution vulnerabilities in the management interface that could lead to the creation of...
EUVD-1999-0411
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-1131
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this scrip...
CVE-2025-1131
A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...
CVE-2016-10818
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup SEC-124...
CVE-2024-54676
CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...
CVE-2024-24122
A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...
Exploit for CVE-2023-31497
EPScalate An elevation of privilege vulnerability in QuickHeal...
SUSE CVE-2017-12172
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...
[SECURITY] Fedora 35 Update: vultr-1.15.0-9.fc35
Vultr CLI is a command line tool for using the Vultr API. It allows you to create and manage your virtual machines, SSH public keys, snapshots, and startup scripts on your Vultr account. You can also use it to directly SSH into a Vultr virtual machine through the vultr ssh command...
GHSA-PQ7M-3GW7-GQ5X Execution with Unnecessary Privileges in ipython
We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another. Proof of concept User1: mkdir -m 777 /tmp/profiledefault mkdir -m 777 /tmp/profiledefault/startup echo...
CVE-2021-22651
When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a...
USN-4493-1: cryptsetup vulnerability
It was discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
After upgrading the OS Machine Tools, kmssetup.cmd runs twice at startup
When you create a Gold VM to import as your first OS Layer version, you need to install the OS Machine Tools, to install our startup scripts and get them set to run as startup scripts. Later, you add a version to your OS layer and want to upgrade the scripts to the ones from the latest version. S...
Security Bulletin: WebSphere Application Server shipped with Tivoli Integrated Portal (TIP) may have insecure file permissions (CVE-2017-1382)
Summary WebSphere Application Server may have insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. This may cause some log files to have different permissions then expected. Vulnerability Details CVEID: CVE-2017-138...
Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)
Summary WebSphere Application Server may have insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. This may cause some log files to have different permissions then expected. Vulnerability Details CVEID: CVE-2017-138...
Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy
Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...
postgresql: Start scripts permit database administrator to modify root-owned files
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...
postgresql: Start scripts permit database administrator to modify root-owned files
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...
CVE-2017-1382
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153...