Apple OS X RSH Code Execution Vulnerability

Apple OS X is an operating system developed by Apple Inc. Apple OS X RSH has a security vulnerability in the use of environment variables, which can be exploited by a local attacker to execute arbitrary code with ROOT privileges...

Gentoo Security Advisory GLSA 201402-18

Gentoo Linux Local Security Checks GLSA 201402-18 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration

!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...

The vulnerability of the libvdpau library, which allows a hacker to execute arbitrary files

The vulnerability of the libvdpau library is related to incorrect handling of environmental variables. Exploiting this vulnerability allows a local attacker to execute arbitrary file writing operations...

NTP logconfig configuration command denial of service vulnerability

Network Time Protocol is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. NTP crashes due to uninitialized variables when processing the malformed logconfig configuration command ntpd, allowing remote attackers to exploit the...

openSUSE: Security Advisory for bash (openSUSE-SU-2014:1254-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Qibo Video System SQL Injection Vulnerability

Zibo video system can achieve all static, custom static page URL rules, you can copy the system into multiple subsystems in the background. A SQL injection vulnerability exists in Qibo Video System.' video/member/special.php' where $TBpre is not initialized, due to the existence of pseudo-global...

libvpau multiple security vulnerabilities

Privilege escalation because of incorrect envorionment variables handling...

PCS pcsd competitive conditions loophole

PCS is a set of tools for configuring and managing Pacemaker and Corosync clustering software using the command line and web UI. A competitive condition vulnerability exists in PCS 0.9.139 and prior versions of pcsd that stems from the program's use of global variables to validate usernames. A...

Ubuntu 14.04 LTS : libvdpau vulnerabilities (USN-2729-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2729-1 advisory. Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain...

USN-2729-1: libvdpau vulnerabilities

Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges...

USN-2729-1 libvdpau vulnerabilities

Florian Weimer discovered that libvdpau incorrectly handled certain environment variables. A local attacker could possibly use this issue to gain privileges...

Authentication flaw

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469...

OracleVM 3.3 : net-snmp (OVMSA-2015-0116)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle ACFS to hrStorage John Haxby orabug 18510373 - Fixed parsing of invalid variables in incoming packets 1248410 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this...

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed GET request messages. An attacker could exploit this...

Scientific Linux Security Update : autofs on SL6.x i386/x86_64 (20150722)

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. CVE-2014-8169 Note:...

CentOS 6 : autofs (CESA-2015:1344)

Updated autofs packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

autofs security update

CentOS Errata and Security Advisory CESA-2015:1344 Updated autofs packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS...

IBM Business Process Manager Scheduled Access Restriction Bypass Vulnerability

IBM Business Process Manager is a comprehensive business process management platform. A scheduled access restriction bypass vulnerability exists in IBM Business Process Manager 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0,8.5.6 through 8.5.6.0, which...

RedHat Update for autofs RHSA-2015:1344-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...