7790 matches found
Customized variables whose values are hidden passwords are unmasked revealing the password in the build summary
Step to replicate Create two variables passworder and Passworder notice p with caps Run a customize build overridden the contents of the field While the fields remains hidden in the metadata as expected, the variable with capital P has it values revealed in the build summary see screenshot...
Customized variables whose values are hidden passwords are unmasked revealing the password in the build summary
Step to replicate Create two variables passworder and Passworder notice p with caps Run a customize build overridden the contents of the field While the fields remains hidden in the metadata as expected, the variable with capital P has it values revealed in the build summary see screenshot...
Debian DSA-2603-1 : emacs23 - programming error
Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to 'safe'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2603. The...
Debian Security Advisory DSA 2603-1 (emacs23 - programming error)
Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to safe . OpenVAS Vulnerability Test $Id: deb2603.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2603-1 using nvtgen 1.0 Script version: 1.0 Author:...
Unsafe i18n calls
The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties. Additionally, seemingly safe changes to these i18n keys...
Unsafe i18n calls
The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties. Additionally, seemingly safe changes to these i18n keys...
Ubuntu Update for apport USN-1668-1
Ubuntu Update for Linux kernel vulnerabilities USN-1668-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16681.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for apport USN-1668-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
MyBB KingChat Plugin - SQL Injection
MyBB KingChat Plugin - SQL Injection Exploit Title: KingChat MyBB plugin SQL Injection 0day Google Dork: inurl:"kingchat.php" Date: 13.10.2012 Exploit Author: RedHat NullSec Software Link: http://mods.mybb.com/view/kingchat Tested on: Windows & Linux. Vulnerable code : query"SELECT FROM...
Re: rssh security announcement
All, Today I released rssh-2.3.4, which fixes an old issue, and a new issue: On Tue, May 08, 2012 at 01:14:26PM -0500, Derek Martin wrote: rssh is a shell for restricting SSH access to a machine to only scp, sftp, or a small set of similar applications. http://www.pizzashack.org/rssh/ Henrik...
Traidnt up 2.0 (report.php trtext) Blind SQL Injection Vulnerability
Traidnt up is a php online upload script assignmessage,charset$errors."انتظر سوف يتم تحويلك للملف مرة أخري".""; $traidnt-display"message.tpl"; else $ip = getenv'REMOTEADDR'; $reportquery = $db-query" INSERT INTO report reportkey ,reportwhy ,reportip VALUES '$fileid', '$trtext', '$ip';";...
CVE-2012-5384
Multiple cross-site scripting XSS vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the 1 $name or 2 $description variables in editentryhandler.php, or 3 $url, 4 $tempfullname, or 5 $extusers variables in viewentry.php, different vector...
DEBIAN-CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
Design/Logic Flaw
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
UBUNTU-CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
Ubuntu Update for dbus USN-1576-2
Ubuntu Update for Linux kernel vulnerabilities USN-1576-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN15762.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for dbus USN-1576-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
dbus privilege escalation
Privilege escalation via environment variables...