CVE-2017-16810

Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 fixed in 3.13.7 allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter...

Octopus Deploy 'Variable Set Name' Parameter Cross-Site Scripting Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A cross-site scripting vulnerability exists in the All Variables tag in Octopus Deploy versions 3.4.0-3.13.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or...

Debian DSA-4023-1 : slurm-llnl - security update

Ryan Day discovered that the Simple Linux Utility for Resource Management SLURM, a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems...

[SECURITY] [DSA 4023-1] slurm-llnl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4023-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2017 https://www.debian.org/security/faq -...

ASLRay - Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying

Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying. Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - will work on any x86-64 Debian-based OS BASH - the whole script Limitations: Stack needs to be executable -z execstack Binary has...

OSXAuditor - Free Mac OS X Computer Forensics Tool

OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system a...

GLSA-201710-07 : OCaml: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201710-07 OCaml: Privilege escalation A bad sanitization of environment variables: CAMLCPLUGINS, CAMLNATIVECPLUGINS and CAMLBYTECPLUGINS in the OCaml compiler allows the execution of raised privileges via external code. Impact : A...

OCaml: Privilege escalation

Background OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. Description A bad sanitization of environment variables: CAMLCPLUGINS, CAMLNATIVECPLUGINS and CAMLBYTECPLUGINS in the OCaml compiler allows the execution of rais...

CVE-2017-13995

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables...

CVE-2017-13995

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables...

Authentication flaw

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables...

Race condition

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock...

CVE-2017-9676

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock...

CVE-2017-9676

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock...

Integer overflow

In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nrcmds" and "nrbos" number are passed across functions without any check. An integer overflow to buffer overflow with a smaller buffer allocated may occur when they are too large or negative...

CVE-2017-9676

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock...

CVE-2017-8250

In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nrcmds" and "nrbos" number are passed across functions without any check. An integer overflow to buffer overflow with a smaller buffer allocated may occur when they are too large or negative...

CVE-2017-9676

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock...

phpMyAdmin 3.x < 3.3.10.3, 3.4.x < 3.4.3.2 Multiple Vulnerabilities (PMASA-2011-9, PMASA-2011-12) - Linux

phpMyAdmin is prone to multiple vulnerabilities: - a Cross-Site Scripting XSS vulnerability in table Print view - possible superglobal and local variables manipulation in swekey authentication. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced...

HTTPoxy Vulnerability

composer/composer is vulnerable to the HTTPoxy vulnerability. The vulnerability exists because the library trusts the HTTPPROXY environment variable, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in use...