IT-Grundschutz M5.020: Einsatz der Sicherheitsmechanismen von rlogin, rsh und rcp

IT-Grundschutz M5.020: Einsatz der Sicherheitsmechanismen von rlogin, rsh und rcp. Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM5020.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 5.020 Authors: Thomas Rotter Copyright: Copyright c 2015...

IT-Grundschutz M4.014: Obligatorischer Passwortschutz unter Unix

IT-Grundschutz M4.014: Obligatorischer Passwortschutz unter Unix. Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4014.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.014 Authors: Thomas Rotter Copyright: Copyright c 2015 Greenbone Networks...

Stack overflow

Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager TSM 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors...

The Bash Vulnerability: How to Protect your Environment

A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...

Lynis 1.5.9 - Security auditing tool for Unix/Linux systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

Oracle9i Database Default Library Directory Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10829/info Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to...

Apache suEXEC Privilege Elevation / Information Disclosure

No description provided by source. Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI ...

[SECURITY] Fedora 20 Update: lynis-1.5.6-1.fc20

Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...

[Lynis 1.4.0] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...

[Lynis v1.3.8] The Unix/Linux Hardening tool

Lynis is a security tool to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan ...

[SECURITY] Fedora 19 Update: lynis-1.3.6-1.fc19

Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...

StatusNetLaconica 0.7.40.8.20.9.0beta3 - Arbitrary File Reading

StatusNetLaconica 0.7.40.8.20.9.0beta3 - Arbitrary File Reading +-------------------------------------------------------------------------------+ + StatusNet/Laconica title = $this-trimmed'title'; $this-filename = INSTALLDIR.'/doc-src/'.$this-title; //1 if !fileexists$this-filename...

StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading

+-------------------------------------------------------------------------------+ + StatusNet/Laconica title = $this-trimmed'title'; $this-filename = INSTALLDIR.'/doc-src/'.$this-title; //1 if !fileexists$this-filename $this-clientError'No such document.'; return; $this-showPage;...

Apache suEXEC - Information Disclosure Privilege Escalation

Apache suEXEC - Information Disclosure Privilege Escalation Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web...

Apache suEXEC - Information Disclosure / Privilege Escalation

Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as...

Zope框架"cmd"参数远程命令执行漏洞

BUGTRAQ ID: 49857 CVE ID: CVE-2011-3587 Zope是一个开源的web应用服务器，主要用python写成 Zope在实现上存在远程命令执行漏洞，非法攻击者可利用此漏洞部署特制的Web请求并以Zope/Plone服务权限执行任意命令 0 Zope 2.13.9 Zope 2.13.8 Zope 2.13 Zope 2.12.19 Zope 2.12 Plone 4.x 厂商补丁： Zope ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.zope.org/ Exploit Title: Plone -...

Plone zope remote command execution vulnerability(python)-bug warning-the black bar safety net

Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12. x and Zope 2.13. x. Versions Not Affected: Versions of Plone that use Zope other than Zope 2.12. x and Zope 2.13. x. Advisory/Hotfix: http://plone.org/products/plone/security/advisories/20110928...

Plone / Zope Remote Command Execution

Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Versions...

Plone and Zope - Remote Command Execution

Plone and Zope - Remote Command Execution Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zo...

Plone and Zope - Remote Command Execution

Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Versions...