Report VT debug logs

The script reports possible issues within VTs. For best results set SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Fedora 22 : perl-5.20.3-329.fc22 (2016-1fb63e3bf3)

Fix manipulating environment variables to align with how glibc handles duplicated environment variables. Perl now uses the first variable listed in the environment array and it removes any subsequent entries of the same-named variable from the array, so that child processes have only one variable...

Exim Configuration File Path Elevation of Privilege Vulnerability

Exim is an open source messaging agent MTA developed by the University of Cambridge in the UK that runs on Unix systems and is responsible for routing, forwarding and delivering mail. A security vulnerability exists in Exim that stems from an error in the program's handling of environment variabl...

Fedora 23 : perl-5.22.1-351.fc23 (2016-5d4fc5ecc9)

Fix manipulating environment variables to align with how glibc handles duplicated environment variables. Perl now uses the first variable listed in the environment array and it removes any subsequent entries of the same-named variable from the array, so that child processes have only one variable...

DropBearSSHD 2015.71 - Command Injection

DropBearSSHD 2015.71 - Command Injection VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt...

Perl Security Bypass Vulnerability

Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. A security vulnerability exists in Perl due to the program's failure to properly handle environment variables. An attacker can exploit this vulnerability to bypass security mechanisms...

USN-2916-1: Perl vulnerabilities

It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-7422 Markus Vervier discovered that Perl incorrectly...

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

UBUNTU-CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

Control CSS loading with custom properties

Last week I wrote about a simple method to load CSS progressively, and on the very same day some scientists taught gravity how to wave. Coincidence? Yes. The pattern in the previous post covers the 90% case of multi-stage CSS loading, and it's really simple to understand. But would you like to he...

htop 2.0 - An Interactive Process Viewer for Unix

htop is an interactive system-monitor process-viewer. It is designed as an alternative to the Unix program top. It shows a frequently updated list of the processes running on a computer, normally ordered by the amount of CPU usage. Unlike top, htop provides a full list of processes running, inste...

[SECURITY] [DLA 399-1] foomatic-filters security update

Package : foomatic-filters Version : 4.0.5-6+squeeze2+deb6u13 CVE ID : not yet assigned cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers strcpy as well on string concatenation operations strcat...

DLA-399-1 foomatic-filters - security update

Bulletin has no description...

Phpsploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

CVE-2014-4876

Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138...

CVE-2014-4876

CVE-2014-4876 affects Toshiba 4690 OS (version 6 Release 3) where the ADXSITCF logical name is not properly restricted. A remote, unauthenticated client can read system environment variables by sending a crafted request to TCP port 54138, enabling information disclosure. The vulnerability is desc...

RW::Download 4.0.8 File Inclusion / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : http://0day.today 0 1 + Support e-mail :...

Scientific Linux Security Update : autofs on SL7.x x86_64 (20151119)

It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note: This...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via 1 global parameters, 2 smart class parameters, or 3 smart variables in the a host or b hostgroup edit forms...

PT-2015-7560 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via global parameters, smart class parameters, or smart variables in the host or hostgroup edit forms, potentially leading ...