DEBIAN-CVE-2013-1817

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information...

Path traversal

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...

CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...

CVE-2016-10730

CVE-2016-10730 affects Amanda 3.3.1. The Amstar component can be invoked in a way that leads to privilege escalation via the --star-path handling, with runtar and other components running setuid/root—allowing a backup-privileged user to compromise a client installation (local, root-level impact)....

Amanda 3.3.1 - 'amstar' Command Injection Privilege Escalation

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda uses native utilities and formats e.g. dump...

IceWarp /rpc/gw.html XML External Entity Arbitrary File Disclosure

The version of IceWarp installed on the remote host is affected by an XML external entity injection XXE vulnerability that can lead to the disclosure of arbitrary data. A remote, unauthenticated attacker may be able to view arbitrary files on the remote host by sending a specially crafted POST...