7807 matches found
Command injection
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
CVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
CVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
PYSEC-2018-81
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
PYSEC-2018-81
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
DEBIAN-CVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
CVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
CVE-2018-10874
CVE-2018-10874 affects Ansible. The issue arises when inventory variables are loaded from the current working directory during ad-hoc commands, which attackers can control, enabling arbitrary code execution (local attacker could compromise the target via manipulated inventory vars). The NVD entry...
CVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
UBUNTU-CVE-2018-10874
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...
PHPinfo Information Disclosure
Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes, and various PHP applications may also include such a file by default. By accessing it, a remote attacker can discover a large amount of information about the remote...
ansible-tower: Remote code execution by users with access to define variables in job templates
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server...
Mail.ru: Вывод значений переменных Nginx в теле страницы
При обращении к url вида: https://biz.mail.ru/$имяпеременнойnginx Значение этой переменной попадет в страницу ответа 404, во все места вида: e.mail.ru/login?lang=ruRU&Page=https%3A%2F%2Fbiz.mail.ru%2Fзначениепеременнойnginx Примеры запросов: 1 https://biz.mail.ru/test$realpathroot в ответе:...
strongSwan Denial of Service Vulnerability (CNVD-2018-14260)
strongSwan is an open source IPsec-based VPN solution for Linux platforms maintained by Swiss software developer Andreas Steffen. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, and smart cards. A security vulnerability exists...
Security Bulletin: Vulnerabilities in Bash affect IBM Worklight Quality Assurance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities affecting IBM Worklight Quality Assurance WQA. Vulnerability Details | Subscribe to My...
Security Bulletin: TLS padding vulnerability affects IBM Security SiteProtector (CVE-2014-8730)
Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Security SiteProtector System and IBM Security SiteProtector Appliance. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a...
Security Bulletin: Vulnerabilities in Bash affect IBM PureData System for Transactions (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM PureData™ System for Transactions. Vulnerability Details CVE-ID:...
Unspecified vulnerability in ffmepg
ffmepg is a package that steals environment variables. A security vulnerability exists in ffmepg. An attacker can exploit the vulnerability to steal environment variables...
Unspecified vulnerability in nodeffmpeg
nodeffmpeg is a package for connecting FFmpeg. A security vulnerability exists in nodeffmpeg. An attacker can exploit the vulnerability to steal environment variables...
Unspecified vulnerability in crossenv
crossenv is a module for setting and using environment variables that supports several platforms. A security vulnerability exists in crossenv. An attacker can exploit this vulnerability to steal environment variables...