EUVD-2017-9412

Malware in sbrugna...

JetBrains YouTrack 信息泄露漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. An information disclosure vulnerability exists in JetBrains YouTrack for Android versions...

FreePBX Backup Module Command Injection Vulnerability

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. A command injection vulnerability exists in the app/backup/index.php file of the Backup module in FreePBX versi...

Design/Logic Flaw

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change...

CVE-2017-18284

The CVE-2017-18284 entry concerns Gentoo app-backup/burp prior to version 2.1.32, where the PID file directory is owned by the burp user. This may allow a local attacker with access to the burp account to modify the PID file and terminate arbitrary processes before a root script issues a SIGKILL....

CVE-2017-18285

CVE-2017-18285 affects Gentoo app-backup/burp prior to 2.1.32. The vulnerability stems from incorrect group ownership/permissions of the /etc/burp directory, potentially allowing a local attacker to read/write arbitrary files by modifying burp-server.conf. Documented impact is local privilege esc...

Back In Time: Command injection

Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...