449 matches found
GLSA-200902-01 : sudo: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-200902-01 sudo: Privilege escalation Harald Koenig discovered that sudo incorrectly handles group specifications in RunasAlias and related entries when a group is specified in the list using %group syntax, to allow a user to run...
Directory traversal
Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. dot dot in the resource parameter...
FreeWPS 2.11 - upload.php Remote Command Execution
FreeWPS 2.11 - upload.php Remote Command Execution source: https://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. FreeWPS version...
dotProject-2.0.1.txt
dotproject Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProject is a volunteer supported Project Management application. Details: The 'protection.php' script does not properly validate user-supplied input in the 'siteurl' parameter. Some user-supplied input is not checked...
HPRadiaManagement.txt
NGSSoftware Insight Security Research Advisory Name: HP OpenView Radia Management Agent remote command execution via directory traversal Systems Affected: HP OpenView Radia Management Portal versions 2.x and 1.x running Radia Management Agent Severity: High Vendor URL: http://www.hp.com/ Authors:...
UTempter 0.5.x - Multiple Local Vulnerabilities
source: https://www.securityfocus.com/bid/10178/info It has been reported that utempter is affected by multiple local vulnerabilities. The first issue is due to an input validation error that causes the application to exit improperly; facilitating symbolic link attacks. The second issue is due to...
[NT] Nexgen FTP Server Directory Traversal Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Webchat 0.77 - 'Defines.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/7000/info Webchat is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user-supplied data. Under some circumstances...
Symantec Java! JustInTime Compiler 210.65 - Command Execution
Symantec Java! JustInTime Compiler 210.65 - Command Execution source: https://www.securityfocus.com/bid/6222/info A vulnerability has been discovered in the Java! JustInTime compiled used by Netscape Communicator, related to the generation of Intel instructions from specially constructed Java...