[USN-1576-1] DBus vulnerability

========================================================================== Ubuntu Security Notice USN-1576-1 September 20, 2012 dbus vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

Ubuntu Update for isc-dhcp USN-1571-1

Ubuntu Update for Linux kernel vulnerabilities USN-1571-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15711.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for isc-dhcp USN-1571-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Thi...

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : dbus vulnerability (USN-1576-1)

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges. Note that Tenable Network Security has extracted the preceding description block...

USN-1576-1: DBus vulnerability

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges...

Code injection

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

USN-1571-1: DHCP vulnerability

Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. CVE-2012-3955 Dan Rosenberg discovered...

Moderate: Red Hat Security Advisory: spice-gtk security update

Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Netsweeper WebAdmin Portal CSRF / XSS / SQL Injection

Exploit Title: Netsweeper WebAdmin Portal CSRF, Reflective XSS, and SQL Injection "The later"\ Date: Discovered and reported CSRF and XSS 4/2012 and "The later" 7/2012\ Author: Jacob Holcomb/Gimppy042\ Software Link: Netsweeper Inc. - Netsweeper Internet Filter www.netsweeper.com\ CVE :...

CentOS Update for dbus CESA-2012:1261 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

dbus security update

CentOS Errata and Security Advisory CESA-2012:1261 Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score...

FreeBSD : emacs -- remote code execution vulnerability (c1e5f35e-f93d-11e1-b07f-00235a5f2c9a)

Chong Yidong reports : Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to t...

CVE-2012-3478

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...

CVE-2012-3478

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...

CVE-2012-3478

CVE-2012-3478 affects the restricted shell implementation rssh (versions 2.3.3 and earlier). The root cause is that crafted environment variables in the command line allow local users to bypass intended restricted-shell access, enabling privilege escalation to some degree and bypass of restrictio...

CVE-2012-3478

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...

CVE-2012-3478

Removed by vendor...

CVE-2012-3479

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file...

emacs protection bypass

"enable-local-variables" doesn't work...