Ubuntu 14.10 : autofs vulnerability (USN-2579-1)

It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behaviour by adding a prefix to environment variables. Sites using program...

Ubuntu: Security Advisory (USN-2579-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2579-1: autofs vulnerability

It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behaviour by adding a prefix to environment variables. Sites using program...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...

CVE-2015-3356

Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...

PHP Web Shells Malicious Known Variables

There are known Variables of an attempt to upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

chrony: denial of service

CVE-2015-1853 denial of service: This issue is similiar to the "ntp CVE-2015-1799"-issue. An attacker knowing that NTP hosts A and B are peering with each other symmetric association can send a packet to host A with source address of B which will set the NTP state variables on A to the values sen...

Enhanced Protection of UEFI Variables

Summary: New BIOS updates are available for Intel products, enhancing the hardening of certain UEFI variables against potential modification. Intel highly recommends that users install the updates to mitigate this exposure. Description: Intel has become aware that certain firmware implementations...

Mandriva Linux Security Advisory : bash (MDVSA-2015:164)

Updated bash packages fix security vulnerability : A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

Qi Bo CMS variable coverage leads to sql injection vulnerability analysis report-vulnerability warning-the black bar safety net

Blog post author: Alibaba security research lab—supporting su Release date: 2015-3-10 Blog post content: The recent Alibaba security research laboratory vulnerability monitoring system to monitor attendance Bo cms exist high-risk vulnerabilities that can lead to SQL vulnerability and thus affect...

Directory traversal

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

DEBIAN-CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

CVE-2014-8169

CVE-2014-8169 affects the autofs (automounter) component: when a program map uses interpreted languages, it can cause the interpreter to inherit the calling user’s USER and HOME environment variables, enabling local privilege escalation. The issue has been addressed across multiple distributions:...

UBUNTU-CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

DLA-160-1 sudo - security update

Bulletin has no description...

openSUSE Security Update : dbus-1 (openSUSE-SU-2015:0111-1)

This update fixes the following security issues : - CVE-2014-8148 : - Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls such as CVE-2014-8148 then this...

Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)

The remote Solaris system is missing necessary patches to address security updates : - libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS...

Ntpdc 4.2.6p3 Buffer Overflow

from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000 LDINITIALOFFSET = 8900 LDTAILOFFSET = 1400 sploit = "\x41" 485 junk sploit += pack"&1" % sploit...